Meta-KANSEI modeling with Valence-Arousal fMRI dataset of brain

Background: Traditional KANSEI methodology is an important tool in the field of psychology to comprehend the concepts and meanings; it mainly focusses on semantic differential methods. Valence-Arousal is regarded as a reflection of the KANSEI adjectives, which is the core concept in the theory of effective dimensions for brain recognition. From previous studies, it has been found that brain fMRI datasets can contain significant information related to Valence and Arousal. Methods: In this current work, a Valence-Arousal based meta-KANSEI modeling method is proposed to improve the traditional KANSEI presentation. Functional Magnetic Resonance Imaging (fMRI) was used to acquire the response dataset of Valence-Arousal of the brain in the amygdala and orbital frontal cortex respectively. In order to validate the feasibility of the proposed modeling method, the dataset was processed under dimension reduction by using Kernel Density Estimation (KDE) based segmentation and Mean Shift (MS) clustering. Furthermore, Affective Norm English Words (ANEW) by IAPS (International Affective Picture System) were used for comparison and analysis. The data sets from fMRI and ANEW under four KANSEI adjectives of angry, happy, sad and pleasant were processed by the Fuzzy C-Means (FCM) algorithm. Finally, a defined distance based on similarity computing was adopted for these two data sets. Results: The results illustrate that the proposed model is feasible and has better stability per the normal distribution plotting of the distance. The effectiveness of the experimental methods proposed in the current work was higher than in the literature. Conclusions: mean shift can be used to cluster and central points based meta-KANSEI model combining with the advantages of a variety of existing intelligent processing methods are expected to shift the KANSEI Engineering (KE) research into the medical imaging field

Securing PIN‐based authentication in smartwatches with just two gestures

Smartwatches are becoming increasingly ubiquitous as they offer new capabilities to develop sophisticated applications that make daily life easier and more convenient for consumers. The services provided include applications for mobile payment, ticketing, identification, access control, etc. While this makes modern smartwatches very powerful devices, it also makes them very attractive targets for attackers. Indeed, PINs and Pattern Lock have been widely used in smartwatches for user authentication. However, such authentication methods are not robust against various forms of cybersecurity attacks, such as side channel, phishing, smudge, shoulder surfing, and video recording attacks. Moreover, the recent adoption of hardware-based solutions, like the Trusted Execution Environment (TEE), can mitigate only partially such problems. Thus, the user’s security and privacy are at risk without a strong authentication scheme in place. In this work, we propose 2GesturePIN, a new authentication framework that allows users to authenticate securely to their smartwatches and related sensitive services through solely two gestures. 2GesturePIN leverages the rotating bezel or crown, which are the most intuitive ways to interact with a smartwatch, as a dedicated hardware. 2GesturePIN improves the resilience of the regular PIN authentication method against state-of-the-art cybersecurity attacks while maintaining a high level of usability

Color wheel pin: Usable and resilient ATM authentication

We are witnessing a growing demand for ATM authentication solutions that overcome the limitations of the de facto standard mechanism based on magnetic card and numeric PIN, that has revealed to be weak against ATM-specific attacks (e.g., skimming and recording attacks). An emerging trend is relying on smartphones as a carrier for authentication. However, authentication mechanisms based on the use of a smartphone requires the same mechanisms to be resilient to new, smartphone-specific threats like device theft and common attacks like shoulder-surfing attacks and spyware. In this paper, we propose a new ATM authentication mechanism called Color Wheel Pin which combines a usable ATM authentication mechanism with robustness against both generic and smartphone and ATM specific security threats

ascCAPTCHA: an Invisible Sensor CAPTCHA for PCs Based on Acoustic Side Channel

Our growing reliance on the digital world has caused a similar growth in the sophistication of bots trying to impersonate humans. The most classic tool to tell human and computers apart is the CAPTCHA, however CAPTCHAs based on cognitive challenges are becoming either insecure or very difficult to be solved by humans too. A possible solution is leveraging the rich sensor set of modern mobile devices to capture the physical nature of humans while they are interacting with the system, however, traditional PCs do not have the same opportunity. In this paper we describe ascCAPTCHA, a CAPTCHA based on an acoustic side-channel that leveraging a simple microphone is compatible with PCs lacking the rich sensor set of smart devices

Continuous Authentication on a Smartwatch

The purpose of this work is to leverage two types of sensors, motion and optical, to create a continuous authentication system for smart devices such as smartwatches. The proposed solution is based on an Android application that uses the accelerometer and gyroscope to measure movements and to classify them in normal and session-endangering classes. If suspicious movements are identified, then the app enacts a second decision level and activates the heart or body detection sensor to check if the watch is actually still on the user’s wrist. The two-level architecture tries to optimize energy consumption. To validate our system, various measurements were carried out with the aim of mapping the typical gestures of users who wear a smartwatch. The goal is therefore to be able to recognize certain movements, limit checks involving the optical sensors that are extremely energy hungry, and, thus, achieve a better battery recharge cycle

Gotta CAPTCHA 'Em All: A Survey of 20 Years of the Human-or-computer Dilemma

A recent study has found that malicious bots generated nearly a quarter of overall website traffic in 2019 [102]. These malicious bots perform activities such as price and content scraping, account creation and takeover, credit card fraud, denial of service, and so on. Thus, they represent a serious threat to all businesses in general, but are especially troublesome for e-commerce, travel, and financial services. One of the most common defense mechanisms against bots abusing online services is the introduction of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), so it is extremely important to understand which CAPTCHA schemes have been designed and their actual effectiveness against the ever-evolving bots. To this end, this work provides an overview of the current state-of-the-art in the field of CAPTCHA schemes and defines a new classification that includes all the emerging schemes. In addition, for each identified CAPTCHA category, the most successful attack methods are summarized by also describing how CAPTCHA schemes evolved to resist bot attacks, and discussing the limitations of different CAPTCHA schemes from the security, usability, and compatibility point of view. Finally, an assessment of the open issues, challenges, and opportunities for further study is provided, paving the road toward the design of the next-generation secure and user-friendly CAPTCHA schemes

Securing PIN-based authentication in smartwatches with just two gestures

Smartwatches are becoming increasingly ubiquitous as they offer new capabilities to develop sophisticated applications that make daily life easier and more convenient for consumers. The services provided include applications for mobile payment, ticketing, identification, access control, etc. While this makes modern smartwatches very powerful devices, it also makes them very attractive targets for attackers. Indeed, PINs and Pattern Lock have been widely used in smartwatches for user authentication. However, such authentication methods are not robust against various forms of cybersecurity attacks, such as side channel, phishing, smudge, shoulder surfing, and video-recording attacks. Moreover, the recent adoption of hardware-based solutions, like the Trusted Execution Environment (TEE), can mitigate only partially such problems. Thus, the user's security and privacy are at risk without a strong authentication scheme in place. In this work, we propose 2GesturePIN, a new authentication framework that allows users to authenticate securely to their smartwatches and related sensitive services through solely two gestures. 2GesturePIN leverages the rotating bezel or crown, which are the most intuitive ways to interact with a smartwatch, as a dedicated hardware. 2GesturePIN improves the resilience of the regular PIN authentication method against state-of-the-art cybersecurity attacks while maintaining a high level of usability

CirclePIN: A Novel Authentication Mechanism for Smartwatches to Prevent Unauthorized Access to IoT Devices

In the last months, the market for personal wearable devices has been booming significantly, and, in particular, smartwatches are starting to assume a fundamental role in the Bring Your Own Device (BYOD) arena as well as in the more general Internet of Things (IoT) ecosystem, by acting both as sensitive data sources and as user identity proxies. These new roles, complementing the more traditional personal assistance and telemetry/tracking ones, open new perspectives in their integration in complex IoT-based critical infrastructures such as e-payment, health care monitoring, and emergency systems, as well as in their usage as remote control facilities in smart services. Users can access their IoT devices at any time from any place through smartwatches. We argue that this new scenario calls for a strengthened and more resilient authentication of users on these devices, despite their limitations in terms of dimensions and hardware constraints that may considerably affect the usability of security mechanisms. In this article, we present an innovative authentication scheme targeted at smartwatches, namely CirclePIN, that provides both resilience to most common attacks and a high level of usability in tests with real users

Securing PIN-based authentication in smartwatches with just two gestures

Smartwatches are becoming increasingly ubiquitous as they offer new capabilities to develop sophisticated applications that make daily life easier and more convenient for consumers. The services provided include applications for mobile payment, ticketing, identification, access control, etc. While this makes modern smartwatches very powerful devices, it also makes them very attractive targets for attackers. Indeed, PINs and Pattern Lock have been widely used in smartwatches for user authentication. However, such authentication methods are not robust against various forms of cybersecurity attacks, such as side channel, phishing, smudge, shoulder surfing, and video-recording attacks. Moreover, the recent adoption of hardware-based solutions, like the Trusted Execution Environment (TEE), can mitigate only partially such problems. Thus, the user's security and privacy are at risk without a strong authentication scheme in place. In this work, we propose 2GesturePIN, a new authentication framework that allows users to authenticate securely to their smartwatches and related sensitive services through solely two gestures. 2GesturePIN leverages the rotating bezel or crown, which are the most intuitive ways to interact with a smartwatch, as a dedicated hardware. 2GesturePIN improves the resilience of the regular PIN authentication method against state-of-the-art cybersecurity attacks while maintaining a high level of usability

Towards a SIP-based DDoS Attack to the 4G Network

Cellular networks are fundamental infrastructures nowadays, so that any communication problem could affect the user in different ways, from accessing social networks up to personal safety issues. In this work, we explore the feasibility of carrying out a DDoS attack to the Home Subscriber Server of the 4G network through non-3GPP access, i.e. access points that are not specified by the Third Generation Partnership Project, in particular using the SIP register procedure. A previous study on a DDoS attack to UMTS Network showed that injecting 2500 requests in every 4.7s time window is possible to reduce the HLR capability to serve legitimate requests by 93%, and that such an attack can be mounted with a few hundred devices. A limit to that attacking approach is that we would require mobile devices that need to connect to an eNodeB (cellular base station). Instead, in the approach proposed in this paper we carry out a preliminary study to explore the possibility of using devices that are generically connected to the Internet: this means that the population of devices that can be leveraged to mount the attack is wider than in the first case; furthermore, the constraint of having legitimate SIM modules is removed