Towards Baselines for Shoulder Surfing on Mobile Authentication

Given the nature of mobile devices and unlock procedures, unlock authentication is a prime target for credential leaking via shoulder surfing, a form of an observation attack. While the research community has investigated solutions to minimize or prevent the threat of shoulder surfing, our understanding of how the attack performs on current systems is less well studied. In this paper, we describe a large online experiment (n=1173) that works towards establishing a baseline of shoulder surfing vulnerability for current unlock authentication systems. Using controlled video recordings of a victim entering in a set of 4- and 6-length PINs and Android unlock patterns on different phones from different angles, we asked participants to act as attackers, trying to determine the authentication input based on the observation. We find that 6-digit PINs are the most elusive attacking surface where a single observation leads to just 10.8% successful attacks, improving to 26.5\% with multiple observations. As a comparison, 6-length Android patterns, with one observation, suffered 64.2% attack rate and 79.9% with multiple observations. Removing feedback lines for patterns improves security from 35.3\% and 52.1\% for single and multiple observations, respectively. This evidence, as well as other results related to hand position, phone size, and observation angle, suggests the best and worst case scenarios related to shoulder surfing vulnerability which can both help inform users to improve their security choices, as well as establish baselines for researchers.Comment: Will appear in Annual Computer Security Applications Conference (ACSAC

Gráfok és algoritmusok = Graphs and algorithms

A kutatás az elvárt eredménnyel zárult: tekintélyes nemzetközi konferenciákon és pubikációkban hoztuk nyilvánosságra az eredményéket, ideértve a STOC, SIAM és IEEE kiadványokat is, valamint egy könyvet is. A publikációk száma a matematikában elég magas (74). Ez nemzetközi összehasonlításban is kiemelkedő mutató a támogatás összegére vetítve. A projektben megmutattuk, hogy a gráfelmelet és a diszkrét matematika eszköztára számos helyen jól alkalmazható, ilyen terület a nagysebességű kommunikációs hálózatok tervezése, ezekben igen gyors routerek létrehozása. Egy másik terület a biológiai nagymolekulákon definiált gráfok és geometriai struktúrák. | The research concluded with the awaited results: in good international conferences and journals we published 74 works, including STOC conference, SIAM conferences and journals and one of the best IEEE journal. This number is high above average in mathematics research. We showed in the project that the tools of graph theory and discrete mathematics can be well applied in the high-speed communication network design, where we proposed fast and secure routing solutions. Additionally we also found applications in biological macromolecules

Formalism, Realism, and the War on Drugs

One of the ways our legal system has avoided confronting this ugly reality is through a commitment to legal formalism. Legal formalism allows us to ignore the social determinants that my AUSA friend saw every day as he prosecuted federal drug cases. As my colleague Professor Michael Seidman has suggested, legal formalism, which has been effectively critiqued and displaced by legal realism in many other areas of law, continues to exercise considerable influence over the way we think about criminal law. This formalist approach, in my view, has strongly affected the way we approach the drug problem. One consequence is that we continue to pursue an increasingly futile war on drugs and refuse to see the issue in its broader, realist dimension. A little realism on the subject of drugs, I suggest, would go a long way. There is much to be said for formalism in the criminal law. Formalism, with its commitment to fair procedures, clear rules, and restricted discretion, is a necessary part of any fair system of criminal law. The sanctions involved in the criminal system are too severe to permit them to be allocated in an open ended discretionary or regulatory manner. The criminal law\u27s commitment to formalism is thus not a fault, but a strength. Discretionary regulatory schemes too often invite subjective judgments susceptible to abuse, prejudice, and favoritism. Formalist rules, by contrast, are built on the promise of treating likes alike. Precisely for this reason, however, we ought to reconsider whether the criminal approach makes sense when there is substantial evidence that the commitment to equality has been seriously compromised. Our dual commitments to equality and to the reduction of the human damage that drug abuse inflicts suggest that we should reduce our reliance on the criminal justice system. Alternative approaches, such as treatment and rehabilitation, promise to be both more effective and more fair

Engineering visualization utilizing advanced animation

Engineering visualization is the use of computer graphics to depict engineering analysis and simulation in visual form from project planning through documentation. Graphics displays let engineers see data represented dynamically which permits the quick evaluation of results. The current state of graphics hardware and software generally allows the creation of two types of 3D graphics. The use of animated video as an engineering visualization tool is presented. The engineering, animation, and videography aspects of animated video production are each discussed. Specific issues include the integration of staffing expertise, hardware, software, and the various production processes. A detailed explanation of the animation process reveals the capabilities of this unique engineering visualization method. Automation of animation and video production processes are covered and future directions are proposed

Multiresolution vector quantization

Multiresolution source codes are data compression algorithms yielding embedded source descriptions. The decoder of a multiresolution code can build a source reproduction by decoding the embedded bit stream in part or in whole. All decoding procedures start at the beginning of the binary source description and decode some fraction of that string. Decoding a small portion of the binary string gives a low-resolution reproduction; decoding more yields a higher resolution reproduction; and so on. Multiresolution vector quantizers are block multiresolution source codes. This paper introduces algorithms for designing fixed- and variable-rate multiresolution vector quantizers. Experiments on synthetic data demonstrate performance close to the theoretical performance limit. Experiments on natural images demonstrate performance improvements of up to 8 dB over tree-structured vector quantizers. Some of the lessons learned through multiresolution vector quantizer design lend insight into the design of more sophisticated multiresolution codes