Biometria e autenticação

Com a utilização cada vez maior de Tecnologias da Informação e das Comunicações (TIC) nos Sistemas de Informação (SI) das organizações, surgem com crescente evidência os problemas de segurança e, em particular, a questão da autenticação do utilizador. Esta questão é hoje fundamental já que o acesso indevido a informação sensível pode provocar grandes prejuízos à organização. Neste trabalho descreve-se uma das técnicas utilizadas na autenticação, a biometria, como forma de aumentar a qualidade da autenticação. Nesse sentido, é analisado o estado da arte, são identificadas algumas vantagens, desvantagens e limitações das principais tecnologias desenvolvidas e procura-se perceber o impacto que a autenticação biométrica pode ter nas organizações, quando conjugada com a tecnologia proporcionada pelos cartões com capacidade de processamento e armazenamento seguro, conhecidos como Smart Cards. Finalmente, é brevemente introduzido o projecto de investigação em curso para o desenvolvimento de um sistema que explora estas tecnologias

Data mining a prostate cancer dataset using rough sets

Prostate cancer remains one of the leading causes of cancer death worldwide, with a reported incidence rate of 650,000 cases per annum worldwide. The causal factors of prostate cancer still remain to be determined. In this paper, we investigate a medical dataset containing clinical information on 502 prostate cancer patients using the machine learning technique of rough sets. Our preliminary results yield a classification accuracy of 90%, with high sensitivity and specificity (both at approximately 91%). Our results yield a predictive positive value (PPN) of 81% and a predictive negative value (PNV) of 95%. In addition to the high classification accuracy of our system, the rough set approach also provides a rule-based inference mechanism for information extraction that is suitable for integration into a rule-based system. The generated rules relate directly to the attributes and their values and provide a direct mapping between them

Critical aspects In authentication graphic keys

In order to increase the number of possible keys (key’s space), some applications are using, as the user’s authentication secret, images instead of words, taking advantage of the several possibilities for each mouse click and of the fact that humans memorize images better then words. This paper presents the characterisation of the graphical keys chosen by almost 200 regular users of a website and the results show some important fact that must taken into account to maximize the security of the authentication process.(undefined

Developing a keystroke dynamics based agent using rough sets

Software based biometrics, utilising keystroke dynamics has been proposed as a cost effective means of enhancing computer access security. Keystroke dynamics has been successfully employed as a means of identifying legitimate/illegitimate login attempts based on the typing style of the login entry. In this paper, we collected keystroke dynamics data in the form of digraphs from a series of users entering a specific login ID. We wished to determine if there were any particular patterns in the typing styles that would indicate whether a login attempt was legitimate or not using rough sets. Our analysis produced a sensitivity of 98%, specificity of 94% and an overall accuracy of 97% with respect to detecting intruders. In addition, our results indicate that typing speed and particular digraph combinations were the main determinants with respect to automated detection of system attacks

Generation of authentication strings from graphic keys

The traditional authentication system used in technological applications is the well-known and widely spread user/password pair. This technology as proved itself as well acceptable by the users and quite safe when used according to good security practices, this is: frequent change of the password; use of letters, number and symbols in the password; not revealing the password to others; not using the same password in more then one service; etc. But this is not what really happens, so we need to improve the protocol. Graphical secrets present lots of advantages and can increase the level of security without a significant change in the users habits. For that, we need to possess strong ways to convert them into strings that will fed the implemented passwords systems. In this paper we present a method to do so

Enhancing login security through the use of keystroke input dynamics

Security is a critical component of most computer systems – especially those used in E-commerce activities over the Internet. Global access to information makes security a critical design issue in these systems. Deployment of sophisticated hardware based authentication systems is prohibitive in all but the most sensitive installations. What is required is a reliable, hardware independent and efficient security system. In this paper, we propose an extension to a keystroke dynamics based security system. We provide evidence that completely software based systems based on keystroke input dynamics can be as effective as expensive and cumbersome hardware based systems. Our system is a behavioral based system that captures the typing patterns of a user and uses that information, in addition to standard login/password security to provide a system that is user-friendly and very effective at detecting imposters. The results provide a means of dealing with enhanced security that is growing in demand in web-based applications such as E-commerce.(undefined

Enrollment time as a requirement for biometric hand recognition systems

Biometric systems are increasingly being used as a means for authentication to provide system security in modern technologies. The performance of a biometric system depends on the accuracy, the processing speed, the template size, and the time necessary for enrollment. While much research has focused on the first three factors, enrollment time has not received as much attention. In this work, we present the findings of our research focused upon studying user’s behavior when enrolling in a biometric system. Specifically, we collected information about the user’s availability for enrollment in respect to the hand recognition systems (e.g., hand geometry, palm geometry or any other requiring positioning the hand on an optical scanner). A sample of 19 participants, chosen randomly apart their age, gender, profession and nationality, were used as test subjects in an experiment to study the patience of users enrolling in a biometric hand recognition system.by FCT – Fundação para a Ciência e Tecnologia within the Project Scope UID/CEC/00319/20

Cyberwar – Russia the usual suspect

The evolution of the technology and the changes in the organization and control of the critical infrastructures of nations are creating a new combat front. The cases studied in this paper relate to the attack to the information systems and services of Estonia, in May 2007, and Georgia, in August 2008, occurring at the same time as the conventional military operation executed by the Russian Federation’s army in the South Ossetia. The Russian Federation has been repeatedly accused of this operations, but the data collected raises doubts and in the second case-study showed the existence of a poorly organized network, related to Russian criminal organizations, supporting the possibility of this being an instance of the Maoist concept of the “People’s war”. This paper will also show that, despite the unsophisticated resources used in most of the attacks and to promote them, the damages in the selected targets were considerable.info:eu-repo/semantics/publishedVersio

Authenticating computer access based on keystroke dynamics using a probabilistic neural network

Comunicação apresentada na 2nd Annual International Conference on Global e-Security, Docklands, UK, 20 - 22 April 2006.Most computer systems are secured using a login id and password. When computers are connected to the internet, they become more vulnerable as more machines are available to attack them. In this paper, we present a novel method for protecting/enhancing login protection that can reduce the potential threat of internet connected computers. Our method is based on and enhancement to login id/password based on keystroke dynamics. We employ a novel authentication algorithm based on a probabilistic neural network. Our results indicate that we can achieve an equal error rate of less than 5%, comparable to what is achieved with hardware based solutions such as fingerprint scanners and facial recognition systems

Information technologies for the information agent

The information agent has requirements in the Information Technology (IT) age that are in everything comparable to those of one hundred years ago. But, despite being similar, they require new forms of implementation due to the evolution of the communication platforms and protocols and to the increase in the amount of information that has to be known, stored, transmitted, and interpreted. Although, in many situations, the information agent will make use of everyday equipment, he will always require levels of trust in the processes that are far beyond those of the everyday citizen. But this cannot imply to carry huge infrastructures that will reveal the agent’s intentions. In extreme situations the information agent is the soldier engaged in military activities in hostile environments. There, above all places, he requires light weight trustable equipment and protocols that can perform those tasks. This work, while making the parallel with the traditional methods, proposes a technological environment able to give answer to the requirements of information agents dealing with the need for a competitive intelligence advantage through the correct use of IT, namely biometrics, alternative authentication processes, Public Key Infrastructures and anti-fishing technologies