Biblio

The paper presents a novel model of hybrid biometric-based authentication. Currently, the recognition accuracy of a single biometric verification system is often much reduced due to many factors such as the environment, user mode and physiological defects of an individual. Apparently, the enrolment of static biometric is highly vulnerable to impersonation attack. Due to the fact of single biometric authentication only offers one factor of verification, we proposed to hybrid two biometric attributes that consist of physiological and behavioural trait. In this study, we utilise the static and dynamic features of a human face. In order to extract the important features from a face, the primary steps taken are image pre-processing and face detection. Apparently, to distinguish between a genuine user or an imposter, the first authentication is to verify the user's identity through face recognition. Solely depending on a single modal biometric is possible to lead to false acceptance when two or more similar face features may result in a relatively high match score. However, it is found the False Acceptance Rate is 0.55% whereas the False Rejection Rate is 7%. By reason of the security discrepancies in the mentioned condition, therefore we proposed a fusion method whereby a genuine user will select a facial expression from the seven universal expression (i.e. happy, sad, anger, disgust, surprise, fear and neutral) as enrolled earlier in the database. For the proof of concept, it is proven in our results that even there are two or more users coincidently have the same face features, the selected facial expression will act as a password to be prominently distinguished a genuine or impostor user.

Small, local groups who share protected resources (e.g., families, work teams, student organizations) have unmet authentication needs. For these groups, existing authentication strategies either create unnecessary social divisions (e.g., biometrics), do not identify individuals (e.g., shared passwords), do not equitably distribute security responsibility (e.g., individual passwords), or make it difficult to share or revoke access (e.g., physical keys). To explore an alternative, we designed Thumprint: inclusive group authentication with a shared secret knock. All group members share one secret knock, but individual expressions of the secret are discernible. We evaluated the usability and security of our concept through two user studies with 30 participants. Our results suggest that (1) individuals who enter the same shared thumprint are distinguishable from one another, (2) that people can enter thumprints consistently over time, and (3) that thumprints are resilient to casual adversaries.

Mobile devices offer a convenient way of accessing our digital lives and many of those devices hold sensitive data that needs protecting. Mobile and wireless communications networks, combined with cloud computing as Mobile Cloud Computing (MCC), have emerged as a new way to provide a rich computational environment for mobile users, and business opportunities for cloud providers and network operators. It is the convenience of the cloud service and the ability to sync across multiple platforms/devices that has become the attraction to cloud computing. However, privacy, security and trust issues may still be a barrier that impedes the adoption of MCC by some undecided potential users. Those users still need to be convinced of the security of mobile devices, wireless networks and cloud computing. This paper is the result of a comprehensive review of one typical secure measure-authentication methodology research, spanning a period of five years from 2012–2017. MCC capabilities for sharing distributed resources is discussed. Authentication in MCC is divided in to two categories and the advantages of one category over its counterpart are presented, in the process of attempting to identify the most secure authentication scheme.

Biometrics are widely used for authentication in several domains, services and applications. However, only very few systems succeed in effectively combining highly secure user authentication with an adequate privacy protection of the biometric templates, due to the difficulty associated with jointly providing good authentication performance, unlinkability and irreversibility to biometric templates. This thwarts the use of biometrics in remote authentication scenarios, despite the advantages that this kind of architectures provides. We propose a user-specific approach for decoupling the biometrics from their binary representation before using biometric protection schemes based on fuzzy extractors. This allows for more reliable, flexible, irreversible and unlinkable protected biometric templates. With the proposed biometrics decoupling procedures, biometric metadata, that does not allow to recover the original biometric template, is generated. However, different biometric metadata that are generated starting from the same biometric template remain statistically linkable, therefore we propose to additionally protect these using a second authentication factor (e.g., knowledge or possession based). We demonstrate the potential of this approach within a two-factor authentication protocol for remote biometric authentication in mobile scenarios.

The continued acceptance of enhanced security technologies in the private sector, such as two-factor authentication, has prompted significant changes of organizational security practices. While past work has focused on understanding how users in consumer settings react to enhanced security measures for banking, email, and more, little work has been done to explore how these technological transitions and applications occur within organizational settings. Moreover, while many corporations have invested significantly to secure their networks for the sake of protecting valuable intellectual property, academic institutions, which also create troves of intellectual property, have fallen behind in this endeavor. In this paper, we detail a transition from a token-based, two-factor authentication system within an academic institution to an entirely digital system utilizing employee-owned mobile devices. To accomplish this, we first conducted discussions with staff from the Information Security Office to understand the administrative perspective of the transition. Second, our key contribution is the analysis of an in-depth survey to explore the perceived benefits and usability of the novel technological requirements from the employee perspective. In particular, we investigate the implications of the new authentication system based on employee acceptance or opposition to the mandated technological transition, with a specific focus on the utilization of personal devices for workplace authentication.

Remote user authentication is an essential process to provide services securely during accessing on-line applications where its aim is to find out the legitimacy of an user. The traditional password based remote user authentication is quite popular and widely used but such schemes are susceptible to dictionary attack. To enhance the system security, numerous password based remote user authentication schemes using smartcard have been submitted. However, most of the schemes proposed are either computationally expensive or vulnerable to several kinds of known attacks. In this paper, the authors have developed a two factor based remote user authentication scheme using ElGamal cryptosystem. The validity of the proposed scheme is also confirmed through BAN logic. Besides that authors have done security analysis and compared with related schemes which proclaim that the proposed scheme is able to resist against several kinds of known attacks effectively. The proposed scheme is also simulated with AVISPA tool and expected outcome is achieved where it ensures that the scheme is secured against some known attacks. Overall, the presented scheme is suitable, secure and applicable in any real time applications.

Online social networks (OSNs) have seen a remarkable rise in the presence of surreptitious automated accounts. Massive human user-base and business-supportive operating model of social networks (such as Twitter) facilitates the creation of automated agents. In this paper we outline a systematic methodology and train a classifier to categorise Twitter accounts into 'automated' and 'human' users. To improve classification accuracy we employ a set of novel steps. First, we divide the dataset into four popularity bands to compensate for differences in types of accounts. Second, we create a large ground truth dataset using human annotations and extract relevant features from raw tweets. To judge accuracy of the procedure we calculate agreement among human annotators as well as with a bot detection research tool. We then apply a Random Forests classifier that achieves an accuracy close to human agreement. Finally, as a concluding step we perform tests to measure the efficacy of our results.

Anthropomorphic artificial agents, computed characters or humanoid robots, can be sued to investigate human cognition. They are intrinsically ambivalent. They appear and act as humans, hence we should tend to consider them as human, yet we know they are machine designed by humans, and should not consider them as humans. Reviewing a number of behavioral and neurophysiological studies provides insights into social mechanisms that are primarily influenced by the appearance of the agent, and in particular its resemblance to humans, and other mechanisms that are influenced by the knowledge we have about the artificial nature of the agent. A significant finding is that, as expected, humans don't naturally adopt an intentional stance when interacting with artificial agents.

In contrast with goal-oriented dialogue, social dialogue has no clear measure of task success. Consequently, evaluation of these systems is notoriously hard. In this paper, we review current evaluation methods, focusing on automatic metrics. We conclude that turn-based metrics often ignore the context and do not account for the fact that several replies are valid, while end-of-dialogue rewards are mainly hand-crafted. Both lack grounding in human perceptions.

With the repaid growth of social tagging users, it becomes very important for social tagging systems how the required resources are recommended to users rapidly and accurately. Firstly, the architecture of an agent-based intelligent social tagging system is constructed using agent technology. Secondly, the design and implementation of user interest mining, personalized recommendation and common preference group recommendation are presented. Finally, a self-adaptive recommendation strategy for social tagging and its implementation are proposed based on the analysis to the shortcoming of the personalized recommendation strategy and the common preference group recommendation strategy. The self-adaptive recommendation strategy achieves equilibrium selection between efficiency and accuracy, so that it solves the contradiction between efficiency and accuracy in the personalized recommendation model and the common preference recommendation model.

Given social media users' plethora of interactions, appropriately controlling access to such information becomes a challenging task for users. Selecting the appropriate audience, even from within their own friend network, can be fraught with difficulties. PACMAN is a potential solution for this dilemma problem. It's a personal assistant agent that recommends personalized access control decisions based on the social context of any information disclosure by incorporating communities generated from the user's network structure and utilizing information in the user's profile. PACMAN provides accurate recommendations while minimizing intrusiveness.

Whether an idea, information, disease, or innovation diffuses throughout a society depends not only on the structure of the network of interactions, but also on the timing of those interactions. Recent studies have shown that diffusion can fail on a network in which people are only active in "bursts," active for a while and then silent for a while, but diffusion could succeed on the same network if people were active in a more random Poisson manner. Those studies generally consider models in which nodes are active according to the same random timing process and then ask which timing is optimal. In reality, people differ widely in their activity patterns – some are bursty and others are not. We model diffusion on networks in which agents differ in their activity patterns. We show that bursty behavior does not always hurt the diffusion, and in fact having some (but not all) of the population be bursty significantly helps diffusion. We prove that maximizing diffusion requires heterogeneous activity patterns across agents, and the overall maximizing pattern of agents' activity times does not involve any Poisson behavior.

In this paper we discuss building large scale virtual reality reconstructions of historical heritage sites and populating it with crowds of virtual agents. Such agents are capable of performing complex actions, while respecting the cultural and historical accuracy of agent behaviour. In many commercial video games such agents either have very limited range of actions (resulting primitive behaviour) or are manually designed (resulting high development costs). In contrast, we follow the principles of automatic goal generation and automatic planning. Automatic goal generation in our approach is achieved through simulating agent needs and then producing a goal in response to those needs that require satisfaction. Automatic planning refers to techniques that are concerned with producing sequences of actions that can successfully change the state of an agent to the state where its goals are satisfied. Classical planning algorithms are computationally costly and it is difficult to achieve real-time performance for our problem domain with those. We explain how real-time performance can be achieved with Case-Based Planning, where agents build plan libraries and learn how to reuse and combine existing plans to archive their dynamically changing goals. We illustrate the novelty of our approach, its complexity and associated performance gains through a case-study focused on developing a virtual reality reconstruction of an ancient Mesopotamian settlement in 5000 B.C.

Nonverbal cues are considered the most important part in social communication. Many people desire people; but due to the stigma and unavailability of resources, they are unable to practice their social skills. In this work, we envision a virtual assistant that can give individuals real-time feedback on their smiles, eye-contact, body language and volume modulation that is available anytime, anywhere using a computer browser. To instantiate our idea, we have set up a Wizard-of-Oz study in the context of speed-dating with 47 individuals. We collected videos of the participants having a conversation with a virtual agent before and after of a speed-dating session. This study revealed that the participants who used our system improved their gesture in a face-to-face conversation. Our next goal is to explore different machine learning techniques on the facial and prosodic features to automatically generate feedback on the nonverbal cues. In addition, we want to explore different strategies of conveying real-time feedback that is non-threatening, repeatable, objective and more likely to transfer to a real-world conversation.

In interpersonal interactions, humans speak in part by considering their social distance and position with respect to other people, thereby developing relationships. In our research, we focus on positive politeness (PP), a strategy for positively reducing the distance people in human communication using language. In addition, we propose an agent that attempts to actively interact with humans. First, we design a dialog system based on the politeness theory. Next, we examine the effect of our proposed method on interactions. For our experiments, we implemented two agents:the method proposed for performing PP and a conventional method that performs negative politeness based on the unobjectionable behavior. We then compare and analyze impressions of experiment participants in response to the two agents. From our results, male participants accepted PP more frequently than female participants. Further, the proposed method lowered the perceived sense of interacting with a machine for male participants.

For optimal human-robot interaction, understanding the determinants and components of anthropomorphism is crucial. This research assessed the influence of an agent's social cues and controlling language use on user's perceptions of the agent's expertise, sociability, and trustworthiness. In a game context, the agent attempted to persuade users to modify their choices using high or low controlling language and using different levels of social cues (advice with text-only with no robot embodiment as the agent, a robot with elementary social cues, and a robot with advanced social cues). As expected, low controlling language lead to higher perceived anthropomorphism, while the robotic agent with the most social cues was selected as the most expert advisor and the non-social agent as the most trusted advisor.

With increasing interest in the development of intelligent agents capable of learning, proficiently automating tasks, and gaining world knowledge, the importance of integrating the ability to converse naturally with users is more crucial now than ever before. This thesis aims to understand and characterize different aspects of social language to facilitate the development of intelligent agents that are socially aware and able to engage users to a level that was not previously possible with language generation systems. Using various machine learning algorithms and data-driven approaches to model the nuances of social language in dialogue, such as factual and emotional expression, sarcasm and humor and the related subclasses of rhetorical questions and hyperbole, we can come closer to modeling the characteristics of the social language that allows us to express emotion and knowledge, and thereby exhibit these styles in the agents we develop.

Since the Information Networks are added to the current electricity networks, the security and privacy of individuals is challenged. This combination of technologies creates vulnerabilities in the context of smart grid power which disrupt the consumer energy supply. Methods based on encryption are against the countermeasures attacks that have targeted the integrity and confidentiality factors. Although the cryptography strategies are used in Smart Grid, key management which is different in size from tens to millions of keys (for meters), is considered as the critical processes. The Key mismanagement causes to reveal the secret keys for attacker, a symmetric key distribution method is recently suggested by [7] which is based on a symmetric key distribution, this strategy is very suitable for smart electric meters. The problem with this method is its vulnerability to impersonating respondents attack. The proposed approach to solve this problem is to send the both side identifiers in encrypted form based on hash functions and a random value, the proposed solution is appropriate for devices such as meters that have very little computing power.

By applying power usage statistics from smart meters, users are able to save energy in their homes or control smart appliances via home automation systems. However, owing to security and privacy concerns, it is recommended that smart meters (SM) should not have direct communication with smart appliances. In this paper, we propose a design for a smart meter gateway (SMGW) associated with a two-phase authentication mechanism and key management scheme to link a smart grid with smart appliances. With placement of the SMGW, we can reduce the design complexity of SMs as well as enhance the strength of security.

Integration of information technologies with the current power infrastructure promises something further than a smart grid: implementation of smart cities. Power efficient cities will be a significant step toward greener cities and a cleaner environment. However, the extensive use of information technologies in smart cities comes at a cost of reduced privacy. In particular, consumers' power profiles will be accessible by third parties seeking information over consumers' personal habits. In this paper, a methodology for enhancing privacy of electricity consumption patterns is proposed and tested. The proposed method exploits digital connectivity and predictive tools offered via smart grids to morph consumption patterns by grouping consumers via an optimization scheme. To that end, load anticipation, correlation and Theil coefficients are utilized synergistically with genetic algorithms to find an optimal assembly of consumers whose aggregated pattern hides individual consumption features. Results highlight the efficiency of the proposed method in enhancing privacy in the environment of smart cities.

The collection of high frequency metering data in the emerging smart grid gives rise to the concern of consumer privacy. Anonymization of metering data is one of the proposed approaches in the literature, which enables transmission of unmasked data while preserving the privacy of the sender. Distributed anonymization methods can reduce the dependency on service providers, thus promising more privacy for the consumers. However, the distributed communication among the end-users introduces overhead and requires methods to prevent external attacks. In this paper, we propose four variants of a distributed anonymization method for smart metering data privacy, referred to as the Collaborative Anonymity Set Formation (CASF) method. The performance overhead analysis and security analysis of the variants are done using NS-3 simulator and the Scyther tool, respectively. It is shown that the proposed scheme enhances the privacy preservation functionality of an existing anonymization scheme, while being robust against external attacks.

With the rapid development of smart grid, smart meters are deployed at energy consumers' premises to collect real-time usage data. Although such a communication model can help the control center of the energy producer to improve the efficiency and reliability of electricity delivery, it also leads to some security issues. For example, this real-time data involves the customers' privacy. Attackers may violate the privacy for house breaking, or they may tamper with the transmitted data for their own benefits. For this purpose, many data aggregation schemes are proposed for privacy preservation. However, rare of them cares about both the data aggregation and fine-grained access control to improve the data utility. In this paper, we proposes a data aggregation scheme based on attribute decision tree. Security analysis illustrates that our scheme can achieve the data integrity, data privacy preservation and fine- grained data access control. Experiment results show that our scheme are more efficient than existing schemes.

Legal metrology embraces the regulation and control of measuring instruments (MI) used in a diversity of applications including industry, transportation, commerce, medical care and environment protection [3]. Only in Europe, MI are responsible for an annual turnover of more than 500 billion Euros [1]. In developing countries, MI demand has increased substantially due to the adoption of technologies and methods well established in developed countries [3]. MI also can be seen as elementary build blocks for new technologies such as smart grids, Internet of Things and cyber physical systems [1, 2]. Thus legal metrology is crucial to assure the correctness of measurements, protecting the economic system while regulating consumer relations and enhances MI reliability [2].

Power grids are undergoing major changes due to rapid growth in renewable energy resources and improvements in battery technology. While these changes enhance sustainability and efficiency, they also create significant management challenges as the complexity of power systems increases. To tackle these challenges, decentralized Internet-of-Things (IoT) solutions are emerging, which arrange local communities into transactive microgrids. Within a transactive microgrid, "prosumers" (i.e., consumers with energy generation and storage capabilities) can trade energy with each other, thereby smoothing the load on the main grid using local supply. It is hard, however, to provide security, safety, and privacy in a decentralized and transactive energy system. On the one hand, prosumers' personal information must be protected from their trade partners and the system operator. On the other hand, the system must be protected from careless or malicious trading, which could destabilize the entire grid. This paper describes Privacy-preserving Energy Transactions (PETra), which is a secure and safe solution for transactive microgrids that enables consumers to trade energy without sacrificing their privacy. PETra builds on distributed ledgers, such as blockchains, and provides anonymity for communication, bidding, and trading.

Transport Layer Security (TLS), has become the de-facto standard for secure Internet communication. When used correctly, it provides secure data transfer, but used incorrectly, it can leave users vulnerable to attacks while giving them a false sense of security. Numerous efforts have studied the adoption of TLS (and its predecessor, SSL) and its use in the desktop ecosystem, attacks, and vulnerabilities in both desktop clients and servers. However, there is a dearth of knowledge of how TLS is used in mobile platforms. In this paper we use data collected by Lumen, a mobile measurement platform, to analyze how 7,258 Android apps use TLS in the wild. We analyze and fingerprint handshake messages to characterize the TLS APIs and libraries that apps use, and also evaluate weaknesses. We see that about 84% of apps use default OS APIs for TLS. Many apps use third-party TLS libraries; in some cases they are forced to do so because of restricted Android capabilities. Our analysis shows that both approaches have limitations, and that improving TLS security in mobile is not straightforward. Apps that use their own TLS configurations may have vulnerabilities due to developer inexperience, but apps that use OS defaults are vulnerable to certain attacks if the OS is out of date, even if the apps themselves are up to date. We also study certificate verification, and see low prevalence of security measures such as certificate pinning, even among high-risk apps such as those providing financial services, though we did observe major third-party tracking and advertisement services deploying certificate pinning.