Comparative eye tracking of experts and novices in web single sign-on

Security indicators in web browsers alert users to the presence of a secure connection between their computer and a web server; many studies have shown that such indicators are largely ignored by users in general. In other areas of computer security, research has shown that technical expertise can decrease user susceptibility to attacks. In this work, we examine whether computer or security expertise affects use of web browser security indicators. Our study takes place in the context of web-based single sign-on, in which a user can use credentials from a single identity provider to login to many relying websites; single sign-on is a more complex, and hence more difficult, security task for users. In our study, we used eye trackers and surveyed participants to examine the cues individuals use and those they report using, respectively. Our results show that users with security expertise are more likely to self-report looking at security indicators, and eye-tracking data shows they have longer gaze duration at security indicators than those without security expertise. However, computer expertise alone is not correlated with recorded use of security indicators. In survey questions, neither experts nor novices demonstrate a good understanding of the security consequences of web-based single sign-on.

Behavioral biometrics for persistent single sign-on

Driven by the rapid development of ubiquitous and pervasive computing, personalized services and applications are deployed to support our lives. Accordingly, the number of interfaces and devices (smartphone, tablet computer, etc.) provided to access and consume these services is growing continuously. To simplify the complexity of managing many accounts with different credentials, Single Sign-On (SSO) solutions have been introduced. However, a single password for many accounts represents a single-point-of-failure. Furthermore, once initiated SSO session is a high potential risk when the working station is left unlocked and unattended. In this paper, we present a conception of a Persistent Single Sign-On (PSSO) for ubiquitous home environments by involving the capabilities of Behavioral Biometrics to check the identity of the user continuously in an unobtrusive manner.

Identity Provider Shibboleth per il servizio di federazione e Single Sign-On di Ateneo

L’università di Bologna, da sempre attenta alle nuove tecnologie e all’innovazione, si è dotata nel 2010 di un Identity Provider (IDP), ovvero un servizio per la verifica dell’identità degli utenti dell’organizzazione tramite username e password in grado di sollevare le applicazioni web (anche esterne all’organizzazione) dall’onere di verificare direttamente le credenziali dell’utente delegando totalmente la responsabilità sul controllo dell’identità digitale all’IDP. La soluzione adottata (Microsoft ADFS) si è dimostrata generalmente semplice da configurare e da gestire, ma ha presentato problemi di integrazione con le principali federazioni di identità regionali e italiane (FedERa e IDEM) a causa di una incompatibilità con il protocollo SAML 1.1, ancora utilizzato da alcuni dei servizi federati. Per risolvere tale incompatibilità il "CeSIA – Area Sistemi Informativi e Applicazioni" dell’Università di Bologna ha deciso di dotarsi di un Identity Provider Shibboleth, alternativa open source ad ADFS che presenta funzionalità equivalenti ed è in grado di gestire tutte le versioni del protocollo SAML (attualmente rilasciato fino alla versione 2.0). Il mio compito è stato quello di analizzare, installare, configurare e integrare con le federazioni IDEM e FedERa un’infrastruttura basata sull’IDP Shibboleth prima in test poi in produzione, con la collaborazione dei colleghi che in precedenza si erano occupati della gestione della soluzione Microsoft ADFS. Il lavoro che ho svolto è stato suddiviso in quattro fasi: - Analisi della situazione esistente - Progettazione della soluzione - Installazione e configurazione di un Identity Provider in ambiente di test - Deploy dell’Identity Provider in ambiente di produzione

Self-identified experts lost on the interwebs

Security cues found in web browsers are meant to alert users to potential online threats, yet many studies demonstrate that security indicators are largely ineffective in this regard. Those studies have depended upon self-reporting of subjects' use or aggregate experimentation that correlate responses to sites with and without indicators. We report on a laboratory experiment using eye-tracking to follow the behavior of self-identified computer experts as they share information across popular social media websites. The use of eye-tracking equipment allows us to explore possible behavioral differences in the way experts perceive web browser security cues, as opposed to non-experts. Unfortunately, due to the use of self-identified experts, technological issues with the setup, and demographic anomalies, our results are inconclusive. We describe our initial experimental design, lessons learned in our experimentation, and provide a set of steps for others to follow in implementing experiments using unfamiliar technologies, eye-tracking specifically, subjects with different experience with the laboratory tasks, as well as individuals with varying security expertise. We also discuss recruitment and how our design will address the inherent uncertainties in recruitment, as opposed to design for an ideal population. Some of these modifications are generalizable, together they will allow us to run a larger 2x2 study, rather than a study of only experts using two different single sign-on systems.

Monetary integration and real estate markets: an investigation of the impact of the introduction of a single currency on real estate performance

This paper assesses the impact of the monetary integration on different types of stock returns in Europe. In order to isolate European factors, the impact of global equity integration and small cap factors are investigated. European countries are sub-divided according to the process of monetary convergence. Analysis shows that national equity indices are strongly influenced by global market movements, with a European stock factor providing additional explanatory power. The global and European factors explain small cap and real estate stocks much less well –suggesting an increased importance of ‘local’ drivers. For real estate, there are notable differences between core and non-core countries. Core European countries exhibit convergence – a convergence to a European rather than a global factor. The non-core countries do not seem to exhibit common trends or movements. For the non-core countries, monetary integration has been associated with increased dispersion of returns, lower correlation and lower explanatory power of a European factor. It is concluded that this may be explained by divergence in underlying macro-economic drivers between core and non-core countries in the post-Euro period.

Complication and failure rates in patients treated for chronic periodontitis and restored with single crowns on teeth and/or implants

Objectives: To assess the biological and technical complication rates of single crowns on vital teeth (SC-V), endodontically treated teeth without post and core (SC-E), with a cast post and core (SC-PC) and on implants (SC-I). Material and methods: From 392 patients with chronic periodontitis treated and documented by graduate students during the period from 1978 to 2002, 199 were reexamined during 2005 for this retrospective cohort study, and 64 of these patients were treated with SCs. Statistical analysis included Kaplan–Meier survival functions and event rates per 100 years of object-time. Poisson regression was used to compare the four groups of crowns with respect to the incidence rate ratio of failures, and failures and complications combined over 10 years and the entire observation period. Results: Forty-one (64%) female and 23 (36%) male patients participated in the reexamination. At the time of seating the crowns, the mean patient age was 46.8 (range 24–66.3) years. One hundred and sixty-eight single unit crowns were incorporated. Their mean follow-up time was 11.8 (range 0.8–26.4) years. During the time of observation, 22 biological and 11 technical complications occurred; 19 SC were lost. The chance for SC-V (56) to remain free of any failure or complication was 89.3% (95% confidence interval [CI] 76.1–95.4) after 10 years, 85.8% (95% CI 66–94.5) for SC-E (34), 75.9% for SC-PC (39), (95% CI 58.8–86.7) and 66.2% (95% CI 45.1–80.7) for SC-I (39). Over 10 years, 95% of SC-I remained free of failure and demonstrated a cumulative incidence of failure or complication of 34%. Compared with SC-E, SC-I were 3.5 times more likely to yield failures or complications and SC-PC failed 1.7 times more frequently than did SC-E. SC-V had the lowest rate of failures or complications over the 10 years. Conclusions: While SCs on vital teeth have the best prognosis, those on endodontically treated teeth have a slightly poorer prognosis over 10 years. Crowns on teeth with post and cores and implant-supported SCs displayed the highest incidence of failures and complications.

Systematic review of the survival rate and the incidence of biological, technical, and aesthetic complications of single crowns on implants reported in longitudinal studies with a mean follow-up of 5 years

To assess the 5-year survival of implant-supported single crowns (SCs) and to describe the incidence of biological, technical, and aesthetic complications. The focused question was: What is the survival rate of implants supporting single crowns and implant-supported crowns with a mean follow-up of 5 years and to which extent do biological, technical, and aesthetic complications occur?

Failures and complications in patients with birth defects restored with fixed dental prostheses and single crowns on teeth and/or implants

OBJECTIVES: To assess retrospectively, over at least 5 years, the incidences of technical and biological complications and failures in young adult patients with birth defects affecting the formation of teeth. MATERIAL AND METHODS: All insurance cases with a birth defect that had crowns and fixed dental prostheses (FDPs) inserted more than 5 years ago were contacted and asked to participate in a reexamination. RESULTS: The median age of the patients was 19.3 years (range 16.6-24.7 years) when prosthetic treatment was initiated. Over the median observation period of 15.7 years (range 7.4-24.9 years) and considering the treatment needs at the reexamination, 19 out of 33 patients (58%) with reconstructions on teeth remained free from all failures or complications. From the patients with FDPs and single unit crowns (SCs) on implants followed over a median observation period of 8 years (range 4.6-15.3 years), eight out of 17% or 47% needed a retreatment or repair at some point due to a failure or a complication. From the three groups of patients, the cases with amelogenesis/dentinogenesis imperfecta demonstrated the highest failure and complication rates. In the cases with cleft lip, alveolus and palate (CLAP) or hypodontia/oligodontia, 71% of the SCs and 73% of the FDPs on teeth (FDP T) remained complication free over a median observation period of about 16 years. Sixty-two percent of the SCs and 64% of the FDPs on implants remained complication free over 8 years. Complications occurred earlier with implant-supported reconstructions. CONCLUSIONS: Because healthy, pristine teeth can be left unprepared, implant-supported SCs and FDPs are the treatment choice in young adults with birth defects resulting in tooth agenesis and in whom the edentulous spaces cannot be closed by means of orthodontic therapy. However, the trend for earlier and more frequent complications with implant-supported reconstructions in young adults, expecting many years of function with the reconstructions, has to be weighed against the benefits of keeping teeth unprepared. In cases with CLAP in which anatomical conditions render implant placement difficult and in which teeth adjacent to the cleft require esthetic corrections, the conventional FDP T still remains the treatment of choice.

Plastid-localized acetyl-CoA carboxylase of bread wheat is encoded by a single gene on each of the three ancestral chromosome sets

5′-End fragments of two genes encoding plastid-localized acetyl-CoA carboxylase (ACCase; EC 6.4.1.2) of wheat (Triticum aestivum) were cloned and sequenced. The sequences of the two genes, Acc-1,1 and Acc-1,2, are 89% identical. Their exon sequences are 98% identical. The amino acid sequence of the biotin carboxylase domain encoded by Acc-1,1 and Acc-1,2 is 93% identical with the maize plastid ACCase but only 80–84% identical with the cytosolic ACCases from other plants and from wheat. Four overlapping fragments of cDNA covering the entire coding region were cloned by PCR and sequenced. The wheat plastid ACCase ORF contains 2,311 amino acids with a predicted molecular mass of 255 kDa. A putative transit peptide is present at the N terminus. Comparison of the genomic and cDNA sequences revealed introns at conserved sites found in the genes of other plant multifunctional ACCases, including two introns absent from the wheat cytosolic ACCase genes. Transcription start sites of the plastid ACCase genes were estimated from the longest cDNA clones obtained by 5′-RACE (rapid amplification of cDNA ends). The untranslated leader sequence encoded by the Acc-1 genes is at least 130–170 nucleotides long and is interrupted by an intron. Southern analysis indicates the presence of only one copy of the gene in each ancestral chromosome set. The gene maps near the telomere on the short arm of chromosomes 2A, 2B, and 2D. Identification of three different cDNAs, two corresponding to genes Acc-1,1 and Acc-1,2, indicates that all three genes are transcriptionally active.

Women putting up "Dolly Madison" sign on Madison Avenue at Second Women's March

General note: Title and date provided by Bettye Lane.

Strengthening and formally verifying privacy in identity management systems

In a digital world, users’ Personally Identifiable Information (PII) is normally managed with a system called an Identity Management System (IMS). There are many types of IMSs. There are situations when two or more IMSs need to communicate with each other (such as when a service provider needs to obtain some identity information about a user from a trusted identity provider). There could be interoperability issues when communicating parties use different types of IMS. To facilitate interoperability between different IMSs, an Identity Meta System (IMetS) is normally used. An IMetS can, at least theoretically, join various types of IMSs to make them interoperable and give users the illusion that they are interacting with just one IMS. However, due to the complexity of an IMS, attempting to join various types of IMSs is a technically challenging task, let alone assessing how well an IMetS manages to integrate these IMSs. The first contribution of this thesis is the development of a generic IMS model called the Layered Identity Infrastructure Model (LIIM). Using this model, we develop a set of properties that an ideal IMetS should provide. This idealized form is then used as a benchmark to evaluate existing IMetSs. Different types of IMS provide varying levels of privacy protection support. Unfortunately, as observed by Jøsang et al (2007), there is insufficient privacy protection in many of the existing IMSs. In this thesis, we study and extend a type of privacy enhancing technology known as an Anonymous Credential System (ACS). In particular, we extend the ACS which is built on the cryptographic primitives proposed by Camenisch, Lysyanskaya, and Shoup. We call this system the Camenisch, Lysyanskaya, Shoup - Anonymous Credential System (CLS-ACS). The goal of CLS-ACS is to let users be as anonymous as possible. Unfortunately, CLS-ACS has problems, including (1) the concentration of power to a single entity - known as the Anonymity Revocation Manager (ARM) - who, if malicious, can trivially reveal a user’s PII (resulting in an illegal revocation of the user’s anonymity), and (2) poor performance due to the resource-intensive cryptographic operations required. The second and third contributions of this thesis are the proposal of two protocols that reduce the trust dependencies on the ARM during users’ anonymity revocation. Both protocols distribute trust from the ARM to a set of n referees (n > 1), resulting in a significant reduction of the probability of an anonymity revocation being performed illegally. The first protocol, called the User Centric Anonymity Revocation Protocol (UCARP), allows a user’s anonymity to be revoked in a user-centric manner (that is, the user is aware that his/her anonymity is about to be revoked). The second protocol, called the Anonymity Revocation Protocol with Re-encryption (ARPR), allows a user’s anonymity to be revoked by a service provider in an accountable manner (that is, there is a clear mechanism to determine which entity who can eventually learn - and possibly misuse - the identity of the user). The fourth contribution of this thesis is the proposal of a protocol called the Private Information Escrow bound to Multiple Conditions Protocol (PIEMCP). This protocol is designed to address the performance issue of CLS-ACS by applying the CLS-ACS in a federated single sign-on (FSSO) environment. Our analysis shows that PIEMCP can both reduce the amount of expensive modular exponentiation operations required and lower the risk of illegal revocation of users’ anonymity. Finally, the protocols proposed in this thesis are complex and need to be formally evaluated to ensure that their required security properties are satisfied. In this thesis, we use Coloured Petri nets (CPNs) and its corresponding state space analysis techniques. All of the protocols proposed in this thesis have been formally modeled and verified using these formal techniques. Therefore, the fifth contribution of this thesis is a demonstration of the applicability of CPN and its corresponding analysis techniques in modeling and verifying privacy enhancing protocols. To our knowledge, this is the first time that CPN has been comprehensively applied to model and verify privacy enhancing protocols. From our experience, we also propose several CPN modeling approaches, including complex cryptographic primitives (such as zero-knowledge proof protocol) modeling, attack parameterization, and others. The proposed approaches can be applied to other security protocols, not just privacy enhancing protocols.

Privacy compliance verification in cryptographic protocols

To provide privacy protection, cryptographic primitives are frequently applied to communication protocols in an open environment (e.g. the Internet). We call these protocols privacy enhancing protocols (PEPs) which constitute a class of cryptographic protocols. Proof of the security properties, in terms of the privacy compliance, of PEPs is desirable before they can be deployed. However, the traditional provable security approach, though well-established for proving the security of cryptographic primitives, is not applicable to PEPs. We apply the formal language of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various privacy properties of PIEMCP using state space analysis techniques. This investigation provides insights into the modelling and analysis of PEPs in general, and demonstrates the benefit of applying a CPN-based formal approach to the privacy compliance verification of PEPs.