A Closer Look at Keyboard Acoustic Emanations: Random Passwords, Typing Styles and Decoding Techniques

We take a closer look at keyboard acoustic emanations specifically for the purpose of eavesdropping over random passwords. In this scenario, dictionary and HMM language models are not applicable; the attacker can only utilize the raw acoustic information which has been recorded. We investigate several existing signal processing techniques for our purpose, and introduce a novel technique – time-frequency decoding – that improves the detection accuracy compared to previous techniques. We also carefully examine the effect of typing style – a crucial variable largely ignored by prior research – on the detection accuracy. Our results show that using the same typing style (hunt and peck) for both training and decoding the data, the best case success rate for detecting correctly the typed key is 64% per character. The results also show that changing the typing style, to touch typing, during the decoding stage reduces the success rate, but using the time-frequency technique, we can still achieve a success rate of around 40% per character. Our work takes the keyboard acoustic attack one step further, bringing it closer to a full-fledged vulnerability under realistic scenarios (different typing styles and random passwords). Our results suggest that while the performance of these attacks degrades under such conditions, it is still possible, utilizing the time-frequency technique, to considerably reduce the exhaustive search complexity of retrieving a random password

Implementing BP-Obfuscation Using Graph-Induced Encoding

We implemented (a simplified version of) the branching-program obfuscator due to Gentry et al. (GGH15), which is itself a variation of the first obfuscation candidate by Garg et al. (GGHRSW13). To keep within the realm of feasibility, we had to give up on some aspects of the construction, specifically the ``multiplicative bundling\u27\u27 factors that protect against mixed-input attacks. Hence our implementation can only support read-once branching programs. To be able to handle anything more than just toy problems, we developed a host of algorithmic and code-level optimizations. These include new variants of discrete Gaussian sampler and lattice trapdoor sampler, efficient matrix-manipulation routines, and many tradeoffs. We expect that these optimizations will find other uses in lattice-based cryptography beyond just obfuscation. Our implementation is the first obfuscation attempt using the GGH15 graded encoding scheme, offering performance advantages over other graded encoding methods when obfuscating finite-state machines with many states. In out most demanding setting, we were able to obfuscate programs with input length of 20 nibbles (80 bits) and over 100 states, which seems out of reach for prior implementations. Although further optimizations are surely possible, we do not expect any implementation of current schemes to be able to handle much larger parameters

A pilot study of cyber security and privacy related behavior and personality traits

ABSTRACT Recent research has begun to focus on the factors that cause people to respond to phishing attacks as well as affect user behavior on social networks. This study examines the correlation between the Big Five personality traits and email phishing response. Another aspect examined is how these factors relate to users' tendency to share information and protect their privacy on Facebook (which is one of the most popular social networking sites). This research shows that when using a prize phishing email, neuroticism is the factor most correlated to responding to this email, in addition to a gender-based difference in the response. This study also found that people who score high on the openness factor tend to both post more information on Facebook as well as have less strict privacy settings, which may cause them to be susceptible to privacy attacks. In addition, this work detected no correlation between the participants estimate of being vulnerable to phishing attacks and actually being phished, which suggests susceptibility to phishing is not due to lack of awareness of the phishing risks and that real-time response to phishing is hard to predict in advance by online users. The goal of this study is to better understand the traits that contribute to online vulnerability, for the purpose of developing customized user interfaces and secure awareness education, designed to increase users' privacy and security in the future

Foundations for Esports Curricula in Higher Education

Esports has generated an industry of increasing economic and cultural importance. In recent years, universities and other higher education institutions have responded to its growth by establishing programmes of study which aim to satisfy the needs of innovators operating in the area. However, there is not yet consensus on what an esports curriculum should include. Despite being a technology-driven sector with ethical and professional dimensions that intersect computing, current ACM and IEEE curricula do not mention esports. Furthermore, existing courses tend to provide teaching and training on a wide variety of topics aside from those traditionally in computer science. These include: live events management; psychological research; sports science; marketing; public relations; video (livestream) production; and community management; in addition to coaching and communication. This working group examined the requirements for developing esports studies at universities with a focus on understanding career prospects in esports and on the challenges presented by its interdisciplinary complexity. Thereby, paving the way for a framework to support the design of esports curricula in higher education

Towards a Framework to Support the Design of Esports Curricula in Higher Education

Esports has generated an industry of increasing economic and cultural importance. In recent years, universities and other higher education institutions have responded to its growth by establishing undergraduate courses to satisfy the needs of innovators operating in the area. However, there is not yet consensus on what an esports curriculum should include. Despite being a technology-driven sector with ethical and professional dimensions that intersect computing, current ACM and IEEE curricula do not mention esports. Furthermore, existing courses tend to provide teaching and training on a wide variety of topics aside from those traditionally in computer science. These include: live events management; psychological research; sports science; marketing; public relations; video (livestream) production; and community management; in addition to coaching. This working group seeks to examine the requirements for developing esports studies at universities with a focus on understanding career prospects in esports and on the challenges presented by its disciplinary complexity. The group will identify key learning outcomes and assess how they align with industry needs, paving the way for a framework to support the design of esports curricula in higher education