Identity management : strengthening one-time password authentication through usability

Usability in HCI (Human-Computer Interaction) is normally understood as the simplicity and clarity with which the interaction with a computer program or a web site is designed. Identity management systems need to provide adequate usability and should have a simple and intuitive interface. The system should not only be designed to satisfy service provider requirements but it has to consider user requirements, otherwise it will lead to inconvenience and poor usability for users when managing their identities. With poor usability and a poor user interface with regard to security, it is highly likely that the system will have poor security. The rapid growth in the number of online services leads to an increasing number of different digital identities each user needs to manage. As a result, many people feel overloaded with credentials, which in turn negatively impacts their ability to manage them securely. Passwords are perhaps the most common type of credential used today. To avoid the tedious task of remembering difficult passwords, users often behave less securely by using low entropy and weak passwords. Weak passwords and bad password habits represent security threats to online services. Some solutions have been developed to eliminate the need for users to create and manage passwords. A typical solution is based on generating one-time passwords, i.e. passwords for single session or transaction usage. Unfortunately, most of these solutions do not satisfy scalability and/or usability requirements, or they are simply insecure. In this thesis, the security and usability aspects of contemporary methods for authentication based on one-time passwords (OTP) are examined and analyzed. In addition, more scalable solutions that provide a good user experience while at the same time preserving strong security are proposed.

The influence of personality traits in predicting information processing and message persuasiveness

Gray‘s (2000) revised Reinforcement Sensitivity Theory (r-RST) was used to investigate personality effects on information processing biases to gain-framed and loss-framed anti-speeding messages and the persuasiveness of these messages. The r-RST postulates that behaviour is regulated by two major motivational systems: reward system or punishment system. It was hypothesised that both message processing and persuasiveness would be dependent upon an individual‘s sensitivity to reward or punishment. Student drivers (N = 133) were randomly assigned to view one of four anti-speeding messages or no message (control group). Individual processing differences were then measured using a lexical decision task, prior to participants completing a personality and persuasion questionnaire. Results indicated that participants who were more sensitive to reward showed a marginally significant (p = .050) tendency to report higher intentions to comply with the social gain-framed message and demonstrate a cognitive processing bias towards this message, than those with lower reward sensitivity.

Cracking the code : a checklist to complement CRAs for first year Justice students

It is well recognised in the literature on first year higher education that there is a need for Universities to provide further support and development in student learning skills and engagement. Assessment and feedback is an area with differing expectations and understandings among academics and students (e.g. AUSSE, CEQ). Consistency and explicitness in academic feedback is fundamental in assisting students in their transition to university education and learning. This poster captures the progress of an 18 month funded by the Faculty of Law Teaching and Learning Grant scheme (QUT). The project sought to develop and trial an assessment checklist/diagnostic tool to accompany Criteria Referenced Assessment sheets for students within the School of Justice, Law Faculty, Queensland University of Technology (QUT).The checklist was trialled across four units in the School of Justice (Law faculty) amongst an estimated cohort of over 600 students undertaking single and dual degrees.

Some empirical results for neo-Piagetian reasoning in novice programmers and the relationship to code explanation questions

Recent research on novice programmers has suggested that they pass through neo-Piagetian stages: sensorimotor, preoperational, and concrete operational stages, before eventually reaching programming competence at the formal operational stage. This paper presents empirical results in support of this neo-Piagetian perspective. The major novel contributions of this paper are empirical results for some exam questions aimed at testing novices for the concrete operational abilities to reason with quantities that are conserved, processes that are reversible, and properties that hold under transitive inference. While the questions we used had been proposed earlier by Lister, he did not present any data for how students performed on these questions. Our empirical results demonstrate that many students struggle to answer these problems, despite the apparent simplicity of these problems. We then compare student performance on these questions with their performance on six explain in plain English questions.

Anonymity and one-way authentication in key exchange protocols

Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.

Minimizing information leakage of tree-based RFID authentication protocols using alternate tree-walking

The privacy of efficient tree-based RFID authentication protocols is heavily dependent on the branching factor on the top layer. Indefinitely increasing the branching factor, however, is not a viable option. This paper proposes the alternate-tree walking scheme as well as two protocols to circumvent this problem. The privacy of the resulting protocols is shown to be comparable to that of linear-time protocols, where there is no leakage of information, whilst reducing the computational load of the database by one-third of what is required of tree-based protocols during authentication. We also identify and address a limitation in quantifying privacy in RFID protocols.

Secure authentication procedure with mobile device for ubiquitous health environments

Medical industries have brought Information Technology (IT) in their systems for both patients and medical staffs due to the numerous benefits of IT we experience at presently. Moreover, the Mobile healthcare (M-health) system has been developed as the first step of Ubiquitous Health Environment (UHE). With the mobility and multi-functions, M-health system will be able to provide more efficient and various services for both doctors and patients. Due to the invisible feature of mobile signals, hackers have easier access to hospital networks than wired network systems. This may result in several security incidents unless security protocols are well implemented. In this paper, user authentication and authorization procedures will applied as a featured component at each level of M-health systems inthe hospital environment. Accordingly, M-health system in the hospital will meet the optimal requirements as a countermeasure to its vulnerabilities.

Efficient safety message dissemination for cooperative collision warning via context modelling

A Cooperative Collision Warning System (CCWS) is an active safety techno- logy for road vehicles that can potentially reduce traffic accidents. It provides a driver with situational awareness and early warnings of any possible colli- sions through an on-board unit. CCWS is still under active research, and one of the important technical problems is safety message dissemination. Safety messages are disseminated in a high-speed mobile environment using wireless communication technology such as Dedicated Short Range Communication (DSRC). The wireless communication in CCWS has a limited bandwidth and can become unreliable when used inefficiently, particularly given the dynamic nature of road traffic conditions. Unreliable communication may significantly reduce the performance of CCWS in preventing collisions. There are two types of safety messages: Routine Safety Messages (RSMs) and Event Safety Messages (ESMs). An RSM contains the up-to-date state of a vehicle, and it must be disseminated repeatedly to its neighbouring vehicles. An ESM is a warning message that must be sent to all the endangered vehi- cles. Existing RSM and ESM dissemination schemes are inefficient, unscalable, and unable to give priority to vehicles in the most danger. Thus, this study investigates more efficient and scalable RSM and ESM dissemination schemes that can make use of the context information generated from a particular traffic scenario. Therefore, this study tackles three technical research prob- lems, vehicular traffic scenario modelling and context information generation, context-aware RSM dissemination, and context-aware ESM dissemination. The most relevant context information in CCWS is the information about possible collisions among vehicles given a current vehicular traffic situation. To generate the context information, this study investigates techniques to model interactions among multiple vehicles based on their up-to-date motion state obtained via RSM. To date, there is no existing model that can represent interactions among multiple vehicles in a speciffic region and at a particular time. The major outcome from the first problem is a new interaction graph model that can be used to easily identify the endangered vehicles and their danger severity. By identifying the endangered vehicles, RSM and ESM dis- semination can be optimised while improving safety at the same time. The new model enables the development of context-aware RSM and ESM dissemination schemes. To disseminate RSM efficiently, this study investigates a context-aware dis- semination scheme that can optimise the RSM dissemination rate to improve safety in various vehicle densities. The major outcome from the second problem is a context-aware RSM dissemination protocol. The context-aware protocol can adaptively adjust the dissemination rate based on an estimated channel load and danger severity of vehicle interactions given by the interaction graph model. Unlike existing RSM dissemination schemes, the proposed adaptive scheme can reduce channel congestion and improve safety by prioritising ve- hicles that are most likely to crash with other vehicles. The proposed RSM protocol has been implemented and evaluated by simulation. The simulation results have shown that the proposed RSM protocol outperforms existing pro- tocols in terms of efficiency, scalability and safety. To disseminate ESM efficiently, this study investigates a context-aware ESM dissemination scheme that can reduce unnecessary transmissions and deliver ESMs to endangered vehicles as fast as possible. The major outcome from the third problem is a context-aware ESM dissemination protocol that uses a multicast routing strategy. Existing ESM protocols use broadcast rout- ing, which is not efficient because ESMs may be sent to a large number of ve- hicles in the area. Using multicast routing improves efficiency because ESMs are sent only to the endangered vehicles. The endangered vehicles can be identified using the interaction graph model. The proposed ESM protocol has been implemented and evaluated by simulation. The simulation results have shown that the proposed ESM protocol can prevent potential accidents from occurring better than existing ESM protocols. The context model and the RSM and ESM dissemination protocols can be implemented in any CCWS development to improve the communication and safety performance of CCWS. In effect, the outcomes contribute to the realisation of CCWS that will ultimately improve road safety and save lives.

The role of alternative message strategies in advertising performance : challenges to the B2B marketing paradigm

In this study the impact of message strategy on advertising performance will be in examined in a business-to-business (B2B) context. From a theoretical standpoint, the study will explore differences in message type between symbolic and literal approaches in B2B advertisements. While there has been much discussion on the effect of symbolism, (eg. metaphors, abstract images and figurative language), an empirically-tested scale that measures the degree of symbolism has not been developed. This research project focuses on development of a methodological scale to accurately test the difference in the direction of message appeals. Thus, insights in the role of message strategy in the B2B adoption process are anticipated with contributions in future consumer and business advertising research.

Examining the effects of an eco-driving message on driver distraction

This paper examines the effects of an eco-driving message on driver distraction. Two in-vehicle distracter tasks were compared with an eco-driving task and a baseline task in an advanced driving simulator. N = 22 subjects were asked to perform an eco-driving, CD changing, and a navigation task while engaged in critical manoeuvres during which they were expected to respond to a peripheral detection task (PDT) with total duration of 3.5 h. The study involved two sessions over two consecutive days. The results show that drivers’ mental workloads are significantly higher during navigation and CD changing tasks in comparison to the two other scenarios. However, eco-driving mental workload is still marginally significant (p ∼ .05) across different manoeuvres. Similarly, event detection tasks show that drivers miss significantly more events in the navigation and CD changing scenarios in comparison to both the baseline and eco-driving scenario. Analysis of the practice effect shows that drivers’ baseline scenario and navigation scenario exhibit significantly less demand on the second day. Drivers also can detect significantly more events on the second day for all scenarios. The authors conclude that even reading a simple message while driving could potentially lead to missing an important event, especially when executing critical manoeuvres. However, there is some evidence of a practice effect which suggests that future research should focus on performance with habitual rather than novel tasks. It is recommended that sending text as an eco-driving message analogous to the study circumstances should not be delivered to drivers on-line when vehicle is in motion.

Context-aware multicast protocol for emergency message dissemination in vehicular networks

Road traffic accidents can be reduced by providing early warning to drivers through wireless ad hoc networks. When a vehicle detects an event that may lead to an imminent accident, the vehicle disseminates emergency messages to alert other vehicles that may be endangered by the accident. In many existing broadcast-based dissemination schemes, emergency messages may be sent to a large number of vehicles in the area and can be propagated to only one direction. This paper presents a more efficient context aware multicast protocol that disseminates messages only to endangered vehicles that may be affected by the emergency event. The endangered vehicles can be identified by calculating the interaction among vehicles based on their motion properties. To ensure fast delivery, the dissemination follows a routing path obtained by computing a minimum delay tree. The multicast protocol uses a generalized approach that can support any arbitrary road topology. The performance of the multicast protocol is compared with existing broadcast protocols by simulating chain collision accidents on a typical highway. Simulation results show that the multicast protocol outperforms the other protocols in terms of reliability, efficiency, and latency.