Authentication in systems with limited input capabilities

The popularity of smart devices—whether hand-held, wearable, or deployed in an environment—has risen sharply in recent years. Users want convenient, remote access on multiple devices to a multitude of services, from sending emails, to administering their smart home, to making mobile payments. These devices typically lack traditional input capabilities, such as a mouse and a keyboard, and their small form factor limits the ways in which users can interact with them. This presents new challenges for user authentication. Smart devices do, however, offer other sensors that can be leveraged to authenticate the user in non-standard ways. In particular, behavioural biometrics, such as gait and keystroke dynamics, which had once been rendered impractical before ubiquitous sensors became readily available, now present promising opportunities to authenticate users continuously without requiring any effort from the user. Smart devices also facilitate new forms of automatic de-authentication and mutual authentication in scenarios that were previously implausible. In this thesis, we focus primarily on the use of inertial sensors and the context of mobile payments. First, as mobile payment applications have become available on smartwatches, we show that inertial sensors on a smartwatch can be used to authenticate the user as he makes a payment. Furthermore, we perform gesture recognition on wrist motion data to infer whether such a payment was intentional (as opposed to accidental or as part of a relay attack). Second, motivated by a device with even fewer input capabilities, we explore the use of inertial sensors on a smart ring for authentication purposes. We demonstrate that finger (or wrist) motion data can be used to authenticate payments made with either a smartwatch or a smart ring and we show that the data can also be used to authenticate the user when knocking on a door for access control purposes. Third, we show that inertial sensors embedded in the handle of an electric vehicle charger can be used to authenticate the wielder and reduce the number of times that he is required to authorise a charging session manually on his smartphone. Last, motivated by the threats posed by malicious payment terminals and the growing need for specialised hardware, we design and evaluate a novel mobile payment system that uses a visual channel to achieve mutual authentication between a user and a generic terminal, where the terminal authenticates itself to the user before the user is asked to reveal any secret information

A capability-oriented approach to assessing privacy risk in smart home ecosystems

Smart devices are increasingly ubiquitous; the multitude of risks they pose to user privacy continues to grow, but assessing such risks has proven difficult. In this paper, we discuss three factors which complicate the assessment of privacy risks in the context of the smart home. Firstly, smart devices are highly heterogeneous and hard to categorise, so top-down, taxonomy-oriented approaches to risk assessment do not fit well. Secondly, the threat landscape is vast, varied, and growing. Thirdly, the chief asset, personal information, is difficult to value-especially given that its value can be hugely affected by aggregation. To address these factors, we propose a novel, bottom-up approach in which the smart home ecosystem is reduced to its data-collecting capabilities (such as sensors and apps) and then privacy risk is assessed based on the information that the user exposes. We define a capability-oriented model which is system-neutral, extensible, and therefore well-suited to the fast-evolving nature of the smart home

The effect of neoadjuvant chemotherapy and chemoradiotherapy on exercise capacity and outcome following upper gastrointestinal cancer surgery: an observational cohort study

Background: In 2014 approximately 21,200 patients were diagnosed with oesophageal and gastric cancer in England and Wales, of whom 37 % underwent planned curative treatments. Potentially curative surgical resection is associated with significant morbidity and mortality. For operable locally advanced disease, neoadjuvant chemotherapy (NAC) improves survival over surgery alone. However, NAC carries the risk of toxicity and is associated with a decrease in physical fitness, which may in turn influence subsequent clinical outcome. Lower levels of physical fitness are associated with worse outcome following major surgery in general and Upper Gastrointestinal Surgery (UGI) surgery in particular. Cardiopulmonary exercise testing (CPET) provides an objective assessment of physical fitness. The aim of this study is to test the hypothesis that NAC prior to upper gastrointestinal cancer surgery is associated with a decrease in physical fitness and that the magnitude of the change in physical fitness will predict mortality 1 year following surgery.Methods: This study is a multi-centre, prospective, blinded, observational cohort study of participants with oesophageal and gastric cancer scheduled for neoadjuvant cancer treatment (chemo- and chemoradiotherapy) and surgery. The primary endpoints are physical fitness (oxygen uptake at lactate threshold measured using CPET) and 1-year mortality following surgery; secondary endpoints include post-operative morbidity (Post-Operative Morbidity Survey (POMS)) 5 days after surgery and patient related quality of life (EQ-5D-5 L).Discussion: The principal benefits of this study, if the underlying hypothesis is correct, will be to facilitate better selection of treatments (e.g. NAC, Surgery) in patients with oesophageal or gastric cancer. It may also be possible to develop new treatments to reduce the effects of neoadjuvant cancer treatment on physical fitness. These results will contribute to the design of a large, multi-centre trial to determine whether an in-hospital exercise-training programme that increases physical fitness leads to improved overall survival.<br/

Human Immunity and the Design of Multi-Component, Single Target Vaccines

BACKGROUND: Inclusion of multiple immunogens to target a single organism is a strategy being pursued for many experimental vaccines, especially where it is difficult to generate a strongly protective response from a single immunogen. Although there are many human vaccines that contain multiple defined immunogens, in almost every case each component targets a different pathogen. As a consequence, there is little practical experience for deciding where the increased complexity of vaccines with multiple defined immunogens vaccines targeting single pathogens will be justifiable. METHODOLOGY/PRINCIPAL FINDINGS: A mathematical model, with immunogenicity parameters derived from a database of human responses to established vaccines, was used to predict the increase in the efficacy and the proportion of the population protected resulting from addition of further immunogens. The gains depended on the relative protection and the range of responses in the population to each immunogen and also to the correlation of the responses between immunogens. In most scenarios modeled, the gain in overall efficacy obtained by adding more immunogens was comparable to gains obtained from a single immunogen through the use of better formulations or adjuvants. Multi-component single target vaccines were more effective at decreasing the proportion of poor responders than increasing the overall efficacy of the vaccine in a population. CONCLUSIONS/SIGNIFICANCE: Inclusion of limited number of antigens in a vaccine aimed at targeting a single organism will increase efficacy, but the gains are relatively modest and for a practical vaccine there are constraints that are likely to limit multi-component single target vaccines to a small number of key antigens. The model predicts that this type of vaccine will be most useful where the critical issue is the reduction in proportion of poor responders

The Prevalence of Visual Impairment in People with Dementia (the PrOVIDe study): a cross-sectional study of people aged 60–89 years with dementia and qualitative exploration of individual, carer and professional perspectives

Background: The prevalence of visual impairment (VI) and dementia increases with age and these conditions may coexist, but few UK data exist on VI among people with dementia. Objectives: To measure the prevalence of eye conditions causing VI in people with dementia and to identify/describe reasons for underdetection or inappropriate management. Design: Stage 1 – cross-sectional prevalence study. Stage 2 – qualitative research exploring participant, carer and professional perspectives of eye care. Setting: Stage 1 – 20 NHS sites in six English regions. Stage 2 – six English regions. Participants: Stage 1 – 708 participants with dementia (aged 60–89 years): 389 lived in the community (group 1) and 319 lived in care homes (group 2). Stage 2 – 119 participants. Interventions: Stage 1 gathered eye examination data following domiciliary sight tests complying with General Ophthalmic Services requirements and professional guidelines. Cognitive impairment was assessed using the Standardised Mini-Mental State Examination (sMMSE) test, and functional ability and behavior were assessed using the Bristol Activities of Daily Living Scale and Cambridge Behavioural Inventory – Revised. Stage 2 involved individual interviews (36 people with dementia and 11 care workers); and separate focus groups (34 optometrists; 38 family and professional carers). Main outcome measures.: VI defined by visual acuity (VA) worse than 6/12 or worse than 6/18 measured before and after refraction. Results: Stage 1 – when participants wore their current spectacles, VI prevalence was 32.5% [95% confidence interval (CI) 28.7% to 36.5%] and 16.3% (95% CI 13.5% to 19.6%) for commonly used criteria for VI of VA worse than 6/12 and 6/18, respectively. Of those with VI, 44% (VA 80% of participants. There was no evidence that the management of VI in people with dementia differed from that in older people in general. Exploratory analysis suggested significant deficits in some vision-related aspects of function and behaviour in participants with VI. Stage 2 key messages – carers and care workers underestimated how much can be achieved in an eye examination. People with dementia and carers were unaware of domiciliary sight test availability. Improved communication is needed between optometrists and carers; optometrists should be informed of the person’s dementia. Tailoring eye examinations to individual needs includes allowing extra time. Optometrists wanted training and guidance about dementia. Correcting VI may improve the quality of life of people with dementia but should be weighed against the risks and burdens of undergoing examinations and cataract surgery on an individual basis. Limitations: Sampling bias is possible owing to quota-sampling and response bias. Conclusions: The prevalence of VI is disproportionately higher in people with dementia living in care homes. Almost 50% of presenting VI is correctable with spectacles, and more with cataract surgery. Areas for future research are the development of an eye-care pathway for people with dementia; assessment of the benefits of early cataract surgery; and research into the feasibility of specialist optometrists for older people

Inferring user height and improving impersonation attacks in mobile payments using a smartwatch

In this paper, we show that as a user makes mobile payments with a smartwatch, the height of the user can be inferred purely from inertial sensor data captured on the watch (with R 2 scores of up to 0.77). Besides unwanted information exposure, we also show that users of a similar height are more difficult to distinguish between in terms of their tap gesture data and that an attacker who chooses a victim of a similar height can improve the success chance of impersonation (by increasing the false acceptance rate by up to 20.6%)

CableAuth: a biometric second factor authentication scheme for electric vehicle charging

Electric vehicle charging sessions can be authorised in different ways, ranging from smartphone applications to smart cards with unique identifiers that link the electric vehicle to the charging station. However, these methods do not provide strong authentication guarantees. In this paper, we propose a novel second factor authentication scheme to tackle this problem. We show that by using inertial sensor data collected from IMU sensors either embedded in the handle of the charging cable or on a separate smartwatch, users can be authenticated implicitly by behavioural biometrics as they unhook the cable from the charging station and plug it into their car at the start of a charging session. To validate the system, we conducted a user study (n=20) to collect data and we developed a suite of authentication models for which we achieve EERs of 0.06

WatchAuth: user authentication and intent recognition in mobile payments using a smartwatch

In this paper, we show that the tap gesture, performed when a user ‘taps’ a smartwatch onto an NFC-enabled terminal to make a payment, is a biometric capable of implicitly authenticating the user and simultaneously recognising intent-to-pay. The proposed system can be deployed purely in software on the watch without requiring updates to payment terminals. It is agnostic to terminal type and position and the intent recognition portion does not require any training data from the user. To validate the system, we conduct a user study (n=16) to collect wrist motion data from users as they interact with payment terminals and to collect long-term data from a subset of them (n=9) as they perform daily activities. Based on this data, we identify optimum gesture parameters and develop authentication and intent recognition models, for which we achieve EERs of 0.08 and 0.04, respectively

"Recreational use values for Victoria’s Parks"

Generalised travel-cost models were specified for the repeatable measurement of the economic value of recreation in Parks. Valuations of recreational use have been undertaken for approximately 30 metropolitan parks in Melbourne and 35 National Parks and other sites in rural Victoria. Zonal models were used and the distance ranges for each zone were set as variable parameters in a spreadsheet model. The distance from each postcode in Australia to the park was calculated using the longitude and latitude for the particular park, and for the centroid of each postcode. This specification enabled us to observe that the choice of distance ranges for each zone can have a substantial impact on the goodness of fit and on the implied level of consumer surplus per visit. The study has not been finalised and consequently few results are presented here. Nevertheless, the process of developing a generalised model and the preliminary results have caused the authors to be concerned about three aspects of travel-cost modelling, namely: 1. the allocation of consumer surplus between multiple destinations for those visitors who visited more than one destination during the trip that included the Park in question; 2. the choice of distance ranges for each postcode zone; and 3. the choice of functional form. Different approaches to each of these matters changes substantially the results obtained from the travel-cost modelling. The second aspect (distance ranges) appears not to have been addressed previously in the literature, and our approach to the first aspect (multiple destinations) may offer a new approach. Comments would be appreciated, particularly since this Study is yet to be completed. Readers are encouraged to email us: [email protected]