Reconstructing what you said: Text Inference using Smartphone Motion

Smartphones and tablets are becoming ubiquitous within our connected lives and as a result these devices are increasingly being used for more and more sensitive applications, such as banking. The security of the information within these sensitive applications is managed through a variety of different processes, all of which minimise the exposure of this sensitive information to other potentially malicious applications. This paper documents experiments with the 'zero-permission' motion sensors on the device as a side-channel for inferring the text typed into a sensitive application. These sensors are freely accessible without the phone user having to give permission. The research was able to, on average, identify nearly 30 percent of typed bigrams from unseen words, using a very small volume of training data, which was less than the size of a tweet. Given the natural redundancy in language this performance is often enough to understand the phrase being typed. We found that large devices were typically more vulnerable, as were users who held the device in one hand whilst typing with fingers. Of those bigrams which were not correctly identified over 60 percent of the errors involved the space bar and nearly half of the errors are within two keys on the keyboard

Its Not All About the Money: Self-efficacy and Motivation in Defensive and Offensive Cyber Security Professionals

Two important factors that define how humans go about performing tasks are self-efficacy and motivation. Through a better understanding of these factors, and how they are displayed by professionals in different roles within the cyber security discipline we can start to explore better ways to exploit the human capability within our cyber security. From our study of 137 cyber security professionals we found that those in attack-focussed roles displayed significantly higher-levels of self-efficacy than those in defensive-focussed roles. We also found those in attack-focussed roles demonstrated significantly higher levels of intrinsic motivation and significantly lower levels of externally regulated motivation. It should be noted we found no correlation with age or experience with either the focus of the practitioners task (whether offensive or defensive focussed) or their levels of motivation or self-efficacy. These striking findings further highlight the differences between those performing tasks that are self-described as offensive and those that are self-described as defensive. This also demonstrates the asymmetry that has long existed in cyber security from both a technical and opportunity viewpoint also exists in the human dimension

Deconstructing who you play: character choice in online gaming

The major growth in gaming over the last five to ten years has been through the expansion in online gaming, with the most frequent gamers now playing more games online than with others in person. The increase in cooperative multiplayer online gaming, where players who do not know each other come together in teams to achieve a common goal, leads to interesting social situations. The research in this paper is focussed on the online multiplayer game Overwatch, in this game playable characters are grouped into a number of classes and characters within these classes. A player chooses the character at the start of a given round, and whilst they can change the character during the game round this is generally undesirable. In this research we were interested in how players go about selecting a character for a given round of the game, this is a complex interaction where a player has to balance between personal character preference (either a character they enjoy playing or is well-mapped to their playstyle and skill) and ensuring a team has a balance of player classes. The interaction is complicated by the online nature meaning it is difficult to reward a team-mate for selecting a character they may not wish to play or playing a character which may mean they will perform poorly but the team will win. We recruited over 1000 Overwatch players and surveyed them on how they make their character choices within the game, they were also asked to complete various psychometric tests. We found that a gamers player ‘type’ (i.e. Killer, Achiever, Explorer or Socialiser) was defined by their agreeableness and their gender. We also found that player’s choice of character class was related to their level of agreeableness and extroversion modulated by the player’s gender. We also found that those who rate highly in conscientiousness and agreeableness and are socialisers or achievers were more likely to choose a character in order to achieve a balanced team rather than personal preference. The research is unique in the scale and number of respondents, it also addresses a problem in co-operative gaming where players must negotiate the composition of a team. This negotiation is often performed without any background knowledge of other player’s skill levels, this is the first study at this scale considering this within the context of co-operative online gaming

Propagation forecasting for EHF and SHF systems

EThOS - Electronic Theses Online ServiceGBUnited Kingdo

A picture tells a thousand words: what Facebook and Twitter images convey about our personality

Engineering and Physical Sciences Research Council (EPSRC), EP/J004995/1: An Exploration of Superidentit

Increasing the accessibility of NLP techniques for Defence and Security using a web-based tool

As machine learning becomes more common in defence and security, there is a real risk that the low accessibility of techniques to non-specialists will hinder the process of operationalising the technologies. This poster will present a tool to support a variety of Natural Language Processing (NLP) techniques including the management of corpora – data sets of documents used for NLP tasks, creating and training models, in addition to visualising the output of the models. The aim of this tool is to allow non-specialists to exploit complex NLP techniques to understand the content of large volumes of reports. NLP techniques are the mechanisms by which a machine can process and analyse text written by humans. These methods can used for a range of tasks including categorising documents, translation and summarising text. For many of these tasks the ability to process and analyse large corpora of text is key. With current methods, the ability to manage corpora is rarely considered, instead relying on researchers and practitioners to do this manually in their file system. To train models, researchers use ad-hoc code directly, writing scripts or code and compiling or running them through an interpreter. These approaches can be a challenge when working in multidisciplinary fields, such as defence and security and cyber security. This is even more salient when delivering research where outputs may be operationalised and the accessibility can be a limiting factor in their deployment and use. We present a web interface that uses an asynchronous service-based architecture to enable non-specialists to easily manage multiple large corpora and create and operationalise a variety of different models – at this early stage we have focussed on one NLP technique, that of topic models. This tool-support has been created as part of a project considering the use of NLP to better understand reports of insider threat attacks. These are security incidents where the attacker is a member of staff or another trusted individual. Insider threat attacks are particularly difficult to defend against due to the level of access these individuals gain during the regular course of their employment. The wider use of these techniques would generate greater impact both tactically in defending against these attacks and strategically in developing policy and procedures. There are tools available, however they are often complex and perform a single-task, limiting their use. To generate maximum impact from our research we have developed this web-based software to make the tools more accessible, especially to non-specialist researchers, customers and potential users

Individual differences in the adoption and secure use of smart home technology

This developmental paper focuses on work that is currently being conducted to investigate individual differences in the adoption and secure use of smart home-based technologies by consumers. Specifically, the research focuses on individual differences in two primary psychological characteristics (risk taking propensity and impulsivity), technology adoption propensity, and a range of socio-demographic factors (including age, gender, and education level), to explore their potential influence on the adoption and secure use of smart home technologies at the consumer level. Through an online survey in December 2019-January 2020, 633 responses were collected from UK-based participants. These data will be discussed at the conference in order to understand the potential for further development and analysis of the data collected in relation to various theoretical perspectives, thus maximizing the potential theoretical contribution of the research across the management discipline

Pathways to identity: using visualization to aid law enforcement in identification tasks

The nature of identity has changed dramatically in recent years and has grown in complexity. Identities are defined in multiple domains: biological and psychological elements strongly contribute, but biographical and cyber elements also are necessary to complete the picture. Law enforcement is beginning to adjust to these changes, recognizing identity’s importance in criminal justice. The SuperIdentity project seeks to aid law enforcement officials in their identification tasks through research of techniques for discovering identity traits, generation of statistical models of identity and analysis of identity traits through visualization. We present use cases compiled through user interviews in multiple fields, including law enforcement, and describe the modeling and visualization tools design to aid in those use cases

An Investigation into the Sensitivity of Personal Information and Implications for Disclosure: A UK Perspective

The perceived sensitivity of information is a crucial factor in both security and privacy concerns and the behaviours of individuals. Furthermore, such perceptions motivate how people disclose and share information with others. We study this topic by using an online questionnaire where a representative sample of 491 British citizens rated the sensitivity of different data items in a variety of scenarios. The sensitivity evaluations revealed in this study are compared to prior results from the US, Brazil and Germany, allowing us to examine the impact of culture. In addition to discovering similarities across cultures, we also identify new factors overlooked in the current research, including concerns about reactions from others, personal safety or mental health and finally, consequences of disclosure on others. We also highlight a difference between the regulatory perspective and the citizen perspective on information sensitivity. We then operationalised this understanding within several example use-cases exploring disclosures in the healthcare and finance industry, two areas where security is paramount. We explored the disclosures being made through two different interaction means: directly to a human or chatbot mediated (given that an increasing amount of personal data is shared with these agents in industry). We also explored the effect of anonymity in these contexts. Participants showed a significant reluctance to disclose information they considered `irrelevant' or `out of context' information disregarding other factors such as interaction means or anonymity. We also observed that chatbots proved detrimental to eliciting sensitive disclosures in the healthcare domain; however, within the finance domain, there was less effect. This article's findings provide new insights for those developing online systems intended to elicit sensitive personal information from users