The fusion of law and information technology

In information society, legal norm communications have been never established in certain fields for a long time. That is, a few legal norms have never obeyed in the fields. Above all, legal norms which relate to data protection, information contents and information security, would often infringed. Most violation would be conducted by using information technologies. Information technologies would often be used in these infringing incidents. It can be said that these infringing incidents would have never been conducted without information technology. These infringing incidents include hacking actions, personal data abuse, personal information disclosure, unauthorized access, infringing copyrights, infringing privacy rights, and so on. A way of preventing those infringements is to raise the level of punishment against the violators. But, it will prove to be disappointing. Furthermore, it would be an ex post facto measure to the last. It would be needed to invent an ex ante measure, if it is possible. As the ex ante measure, the author proposes a fusion of law and information technology. An information technology will lead people to a lawful deed when they conduct actions in using computers and networks. They say that information technology cures information technology. After all, the fusion will aim at realizing laws, and it will contribute to recover a social justice

The Horcrux Protocol: A Method for Decentralized Biometric-based Self-sovereign Identity

Most user authentication methods and identity proving systems rely on a centralized database. Such information storage presents a single point of compromise from a security perspective. If this system is compromised it poses a direct threat to users' digital identities. This paper proposes a decentralized authentication method, called the Horcrux protocol, in which there is no such single point of compromise. The protocol relies on decentralized identifiers (DIDs) under development by the W3C Verifiable Claims Community Group and the concept of self-sovereign identity. To accomplish this, we propose specification and implementation of a decentralized biometric credential storage option via blockchains using DIDs and DID documents within the IEEE 2410-2017 Biometric Open Protocol Standard (BOPS)

Username and password verification through keystroke dynamics

Most computer systems rely on usernames and passwords as a mechanism for access control and authentication of authorized users. These credential sets offer marginal protection to a broad scope of applications with differing levels of sensitivity. Traditional physiological biometric systems such as fingerprint, face, and iris recognition are not readily deployable in remote authentication schemes. Keystroke dynamics provide the ability to combine the ease of use of username/password schemes with the increased trustworthiness associated with biometrics. Our research extends previous work on keystroke dynamics by incorporating shift-key patterns. The system is capable of operating at various points on a traditional ROC curve depending on application specific security needs. A 1% False Accept Rate is attainable at a 14% False Reject Rate for high security systems. An Equal Error Rate of 5% can be obtained in lower security systems. As a username password authentication scheme, our approach decreases the penetration rate associated with compromised passwords by 95--99%

Graphical Password-Based User Authentication with Free-Form Doodles

Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. M. Martinez-Diaz, J. Fierrez and J. Galbally, "Graphical Password-Based User Authentication With Free-Form Doodles," in IEEE Transactions on Human-Machine Systems, vol. 46, no. 4, pp. 607-614, Aug. 2016. doi: 10.1109/THMS.2015.2504101User authentication using simple gestures is now common in portable devices. In this work, authentication with free-form sketches is studied. Verification systems using dynamic time warping and Gaussian mixture models are proposed, based on dynamic signature verification approaches. The most discriminant features are studied using the sequential forward floating selection algorithm. The effects of the time lapse between capture sessions and the impact of the training set size are also studied. Development and validation experiments are performed using the DooDB database, which contains passwords from 100 users captured on a smartphone touchscreen. Equal error rates between 3% and 8% are obtained against random forgeries and between 21% and 22% against skilled forgeries. High variability between capture sessions increases the error rates.This work was supported by projects Contexts (S2009/TIC-1485) from CAM, Bio-Shield (TEC2012-34881) from Spanish MINECO, and BEAT (FP7-SEC-284989) from EU

Towards Baselines for Shoulder Surfing on Mobile Authentication

Given the nature of mobile devices and unlock procedures, unlock authentication is a prime target for credential leaking via shoulder surfing, a form of an observation attack. While the research community has investigated solutions to minimize or prevent the threat of shoulder surfing, our understanding of how the attack performs on current systems is less well studied. In this paper, we describe a large online experiment (n=1173) that works towards establishing a baseline of shoulder surfing vulnerability for current unlock authentication systems. Using controlled video recordings of a victim entering in a set of 4- and 6-length PINs and Android unlock patterns on different phones from different angles, we asked participants to act as attackers, trying to determine the authentication input based on the observation. We find that 6-digit PINs are the most elusive attacking surface where a single observation leads to just 10.8% successful attacks, improving to 26.5\% with multiple observations. As a comparison, 6-length Android patterns, with one observation, suffered 64.2% attack rate and 79.9% with multiple observations. Removing feedback lines for patterns improves security from 35.3\% and 52.1\% for single and multiple observations, respectively. This evidence, as well as other results related to hand position, phone size, and observation angle, suggests the best and worst case scenarios related to shoulder surfing vulnerability which can both help inform users to improve their security choices, as well as establish baselines for researchers.Comment: Will appear in Annual Computer Security Applications Conference (ACSAC

Image-based Authentication

Mobile and wearable devices are popular platforms for accessing online services. However, the small form factor of such devices, makes a secure and practical experience for user authentication, challenging. Further, online fraud that includes phishing attacks, has revealed the importance of conversely providing solutions for usable authentication of remote services to online users. In this thesis, we introduce image-based solutions for mutual authentication between a user and a remote service provider. First, we propose and develop Pixie, a two-factor, object-based authentication solution for camera-equipped mobile and wearable devices. We further design ai.lock, a system that reliably extracts from images, authentication credentials similar to biometrics. Second, we introduce CEAL, a system to generate visual key fingerprint representations of arbitrary binary strings, to be used to visually authenticate online entities and their cryptographic keys. CEAL leverages deep learning to capture the target style and domain of training images, into a generator model from a large collection of sample images rather than hand curated as a collection of rules, hence provides a unique capacity for easy customizability. CEAL integrates a model of the visual discriminative ability of human perception, hence the resulting fingerprint image generator avoids mapping distinct keys to images which are not distinguishable by humans. Further, CEAL deterministically generates visually pleasing fingerprint images from an input vector where the vector components are designated to represent visual properties which are either readily perceptible to human eye, or imperceptible yet are necessary for accurately modeling the target image domain. We show that image-based authentication using Pixie is usable and fast, while ai.lock extracts authentication credentials that exceed the entropy of biometrics. Further, we show that CEAL outperforms state-of-the-art solution in terms of efficiency, usability, and resilience to powerful adversarial attacks

Bio : A Mulrimodal biometric authentication system for person identification and verification

Not availabl

The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions

For the past 20 years, researchers have investigated the use of eye tracking in security applications. We present a holistic view on gaze-based security applications. In particular, we canvassed the literature and classify the utility of gaze in security applications into a) authentication, b) privacy protection, and c) gaze monitoring during security critical tasks. This allows us to chart several research directions, most importantly 1) conducting field studies of implicit and explicit gaze-based authentication due to recent advances in eye tracking, 2) research on gaze-based privacy protection and gaze monitoring in security critical tasks which are under-investigated yet very promising areas, and 3) understanding the privacy implications of pervasive eye tracking. We discuss the most promising opportunities and most pressing challenges of eye tracking for security that will shape research in gaze-based security applications for the next decade

Comprehensive Survey: Biometric User Authentication Application, Evaluation, and Discussion

This paper conducts an extensive review of biometric user authentication literature, addressing three primary research questions: (1) commonly used biometric traits and their suitability for specific applications, (2) performance factors such as security, convenience, and robustness, and potential countermeasures against cyberattacks, and (3) factors affecting biometric system accuracy and po-tential improvements. Our analysis delves into physiological and behavioral traits, exploring their pros and cons. We discuss factors influencing biometric system effectiveness and highlight areas for enhancement. Our study differs from previous surveys by extensively examining biometric traits, exploring various application domains, and analyzing measures to mitigate cyberattacks. This paper aims to inform researchers and practitioners about the biometric authentication landscape and guide future advancements