Completely Automated Public Physical test to tell Computers and Humans Apart: A usability study on mobile devices

A very common approach adopted to fight the increasing sophistication and dangerousness of malware and hacking is to introduce more complex authentication mechanisms. This approach, however, introduces additional cognitive burdens for users and lowers the whole authentication mechanism acceptability to the point of making it unusable. On the contrary, what is really needed to fight the onslaught of automated attacks to users data and privacy is to first tell human and computers apart and then distinguish among humans to guarantee correct authentication. Such an approach is capable of completely thwarting any automated attempt to achieve unwarranted access while it allows keeping simple the mechanism dedicated to recognizing the legitimate user. This kind of approach is behind the concept of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), yet CAPTCHA leverages cognitive capabilities, thus the increasing sophistication of computers calls for more and more difficult cognitive tasks that make them either very long to solve or very prone to false negatives. We argue that this problem can be overcome by substituting the cognitive component of CAPTCHA with a different property that programs cannot mimic: the physical nature. In past work we have introduced the Completely Automated Public Physical test to tell Computer and Humans Apart (CAPPCHA) as a way to enhance the PIN authentication method for mobile devices and we have provided a proof of concept implementation. Similarly to CAPTCHA, this mechanism can also be used to prevent automated programs from abusing online services. However, to evaluate the real efficacy of the proposed scheme, an extended empirical assessment of CAPPCHA is required as well as a comparison of CAPPCHA performance with the existing state of the art. To this aim, in this paper we carry out an extensive experimental study on both the performance and the usability of CAPPCHA involving a high number of physical users, and we provide comparisons of CAPPCHA with existing flavors of CAPTCHA

ClickPattern: A Pattern Lock System Resilient to Smudge and Side-channel Attacks

Pattern lock is a very popular mechanism to secure authenticated access to mobile terminals; this is mainly due to its ease of use and the fact that muscle memory endows it with an extreme memorability. Nonetheless, pattern lock is also very vulnerable to smudge and side channels attacks, thus its actual level of security has been often considered insufficient. In this paper we describe a mechanism that enhances pattern lock security with resilience to smudge and side channel attacks, maintains a comparable level of memorability and provides ease of use that is still comparable with Pattern Lock while outperforming other schemes proposed in the literature. To prove our claim, we have performed a usability test with 51 volunteers and we have compared our results with the other schemes

Securing PIN-based Authentication in Smartwatches With just Two Gestures

Smartwatches are becoming increasingly ubiquitous as they offer new capabilities to develop sophisticated applications that make daily life easier and more convenient for consumers. The services provided include applications for mobile payment, ticketing, identification, access control, etc. While this makes modern smartwatches very powerful devices, it also makes them very attractive targets for attackers. Indeed, PINs and Pattern Lock have been widely used in smartwatches for user authentication. However, such authentication methods are not robust against various forms of cybersecurity attacks, such as side channel, phishing, smudge, shoulder surfing, and video recording attacks. Moreover, the recent adoption of hardware-based solutions, like the Trusted Execution Environment (TEE), can mitigate only partially such problems. Thus, the user’s security and privacy are at risk without a strong authentication scheme in place. In this work, we propose 2GesturePIN, a new authentication framework that allows users to authenticate securely to their smartwatches and related sensitive services through solely two gestures. 2GesturePIN leverages the rotating bezel or crown, which are the most intuitive ways to interact with a smartwatch, as a dedicated hardware. 2GesturePIN improves the resilience of the regular PIN authentication method against state-of-the-art cybersecurity attacks while maintaining a high level of usability

ANMCO/ELAS/SIBioC Consensus Document: Biomarkers in heart failure

Biomarkers have dramatically impacted the way heart failure (HF) patients are evaluated and managed. A biomarker is a characteristic that is objectively measured and evaluated as an indicator of normal biological or pathogenic processes, or pharmacological responses to a therapeutic intervention. Natriuretic peptides [B-type natriuretic peptide (BNP) and N-terminal proBNP] are the gold standard biomarkers in determining the diagnosis and prognosis of HF, and a natriuretic peptide-guided HF management looks promising. In the last few years, an array of additional biomarkers has emerged, each reflecting different pathophysiological processes in the development and progression of HF: myocardial insult, inflammation, fibrosis, and remodelling, but their role in the clinical care of the patient is still partially defined and more studies are needed before to be well validated. Moreover, several new biomarkers have the potential to identify patients with early renal dysfunction and appear to have promise to help the management cardio-renal syndrome. With different biomarkers reflecting HF presence, the various pathways involved in its progression, as well as identifying unique treatment options for HF management, a closer cardiologist-laboratory link, with a multi-biomarker approach to the HF patient, is not far ahead, allowing the unique opportunity for specifically tailoring care to the individual pathological phenotype

Targeting EGFR/HER2 pathways enhances the antiproliferative effect of gemcitabine in biliary tract and gallbladder carcinomas

<p>Abstract</p> <p>Background</p> <p>Advanced biliary tract carcinomas (BTCs) have poor prognosis and limited therapeutic options. Therefore, it is crucial to combine standard therapies with molecular targeting. In this study EGFR, HER2, and their molecular transducers were analysed in terms of mutations, amplifications and over-expression in a BTC case series. Furthermore, we tested the efficacy of drugs targeting these molecules, as single agents or in combination with gemcitabine, the standard therapeutic agent against BTC.</p> <p>Methods</p> <p>Immunohistochemistry, FISH and mutational analysis were performed on 49 BTC samples of intrahepatic (ICCs), extrahepatic (ECCs), and gallbladder (GBCs) origin. The effect on cell proliferation of different EGFR/HER2 pathway inhibitors as single agents or in combination with gemcitabine was investigated on BTC cell lines. Western blot analyses were performed to investigate molecular mechanisms of targeted drugs.</p> <p>Results</p> <p>EGFR is expressed in 100% of ICCs, 52.6% of ECCs, and in 38.5% of GBCs. P-MAPK and p-Akt are highly expressed in ICCs (>58% of samples), and to a lower extent in ECCs and GBCs (<46%), indicating EGFR pathway activation. HER2 is overexpressed in 10% of GBCs (with genomic amplification), and 26.3% of ECCs (half of which has genomic amplification). EGFR or its signal transducers are mutated in 26.5% of cases: 4 samples bear mutations of PI3K (8.2%), 3 cases (6.1%) in K-RAS, 4 (8.2%) in B-RAF, and 2 cases (4.1%) in PTEN, but no loss of PTEN expression is detected. EGI-1 cell line is highly sensitive to gemcitabine, TFK1 and TGBC1-TKB cell lines are responsive and HuH28 cell line is resistant. In EGI-1 cells, combination with gefitinib further increases the antiproliferative effect of gemcitabine. In TFK1 and TGBC1-TKB cells, the efficacy of gemcitabine is increased with addiction of sorafenib and everolimus. In TGBC1-TKB cells, lapatinib also has a synergic effect with gemcitabine. HuH28 becomes responsive if treated in combination with erlotinib. Moreover, HuH28 cells are sensitive to lapatinib as a single agent. Molecular mechanisms were confirmed by western blot analysis.</p> <p>Conclusion</p> <p>These data demonstrate that EGFR and HER2 pathways are suitable therapeutic targets for BTCs. The combination of gemcitabine with drugs targeting these pathways gives encouraging results and further clinical studies could be warranted.</p

Web Access to HARNESS: a Virtual Simulation Laboratory

In the recent years metacomputing systems have proved to be capable of coalescing computational power in the order of magnitude of supercomputers without requiring to acquire costly specialized hardware. In fact, they showed their capability to conglomerate heterogeneous computational nodes over a geographically distributed area and to allow creating high performance workbenches for computationally challenging applications. Among these systems, HARNESS presents the unique feature of being based on the principles of dynamic reconfigurability and extensible distributed virtual machines. Unfortunately, the original HARNESS system requires that all the nodes accessing the services are part of the virtual machine thus preventing thin-client access to virtual machine provided services. In this paper we describe how we developed an extension to the HARNESS system capable of allowing web-based access to virtual machines and how we used our system to create a virtual simulation laboratory

A Web Services Gateway for the H2O Lightweight Grid Computing Framework

H2O is a lightweight distributed component framework for the dynamic aggregation of software components, services and computational resources into Grid Computing Systems. H2O provides a powerful separation of roles clearly distinguishing providers of software components from provides of computational services, this model allows developers to easily design layered applications and to deploy them on top of dynamically aggregated computational nodes. The ease of use does not exact a weak security system, in fact, by combining the native Java sandbox model and the use of JAAS, H2O provides a robust security layer. Although H2O supports an extended version of Java RMI (RMIX) as its native inter-component communication language, the software components deployed inside an H2O virtual machine are exposed only as Java Objects. In this paper we present the H2O Web Services Gateway, a set of H2O software component capable of dynamically capturing the deployment of new software components into an H2O virtual machine and automatically generating and publishing the WSDL description of these components. This feature, combined with the use of the Web Services Invocation Framework, enables the automated export of software components deployed into an H2O virtual machine as Web Services and facilitates the integration of lightweight Grid application into Service Oriented Architectures

Grid Computing: da dove viene e che cosa manca perche' diventi una realta'?

Il Grid Computing rappresenta la frontiera della ricerca nel campo delle architetture di calcolo parallelo. Questo termine rappresenta la formulazione di un’idea, quella della condivisione delle risorse di calcolo, sviluppatasi negli ultimi tre decenni a seguito della rapida evoluzione delle tecnologie informatiche. Verrà descritta l’evoluzione di questo modello di calcolatore “non convenzionale” nelle soluzioni presenti e passate identificando quali sono i problemi ancora irrisolti

An Efficiency Model for General Purpose Instruction Level Parallel Architectures in Image Processing

RISC instruction level parallel systems are today the most commonly used high performance computing platform. On such systems, Image Processing and Pattern Recognition (IPPR) tasks, if not thoroughly optimized to fit each architecture, exhibit a performance level up to one order of magnitude lower than expected. In this paper we identify the sources of such behavior and we model them defining a set of indices to measure their influence. Our model allows planning program optimizations, assessing the results of such optimizations as well as evaluating the efficiency of the CPUs architectural solutions in IPPR tasks. Besides it lends itself to automatic evaluation and visualization. A case study using a combination of a specific computing intensive IPPR task and a RISC workstation is used to demonstrate these capabilities. We analyze the sources of inefficiency of the task, we plan some source level program optimizations, namely data type optimization and loop unrolling, and we assess the impact of these transformations on the task performance. We observe an eight times performance improvement and we analyze the sources of such speedup. Finally our study allows us to conclude that, in low-intermediate level IPPR tasks, it is more difficult to efficiently exploit superscalarity than pipelining