Search Results (15)

This paper provides a comprehensive review of the recent literature on passkeys, a more secure and phishing-resistant authentication method compared to traditional passwords. Despite their clear advantages, passkeys have not yet replaced the de facto standard of password authentication. This literature survey aims to outline a holistic picture of the related research, focusing on technical aspects as well as user-centric perspectives on usability and perception. The main challenges hindering passkey adoption are misaligned user perception and technical issues regarding account recovery, sharing, and delegation. Research suggests that improved user education and awareness could address these challenges. Existing studies have also analyzed and contributed to enhancing the usability of passkeys. However, the current literature highlights a clear gap for more academic research focusing on effective strategies to improve the user perception of passkeys, as the existing work primarily concentrates on technical and usability aspects. Addressing this research gap may lead to increased passkey adoption among end users, ultimately improving the overall security of authentication systems. Full article

We analyze the popular in practice FIDO2 authentication scheme from the point of view of kleptographic threats that have not been addressed so far in the literature. We show that despite its spartan design and apparent efforts to make it immune to dishonest protocol participants, the unlinkability features of FIDO2 can be effectively broken without a chance to detect it by observing protocol executions. Moreover, we show that a malicious authenticator can enable an adversary to seize the authenticator’s private keys, thereby enabling the impersonation of the authenticator’s owner. As a few components of the FIDO2 protocol are the source of the problem, we argue that either their implementation details must be scrutinized during a certification process or the standardization bodies introduce necessary updates in FIDO2 (preferably, minor ones), making it resilient to kleptographic attacks. Full article

An emerging corpus exists pertaining to societal judgements of image-based sexual harassment and abuse (IBSHA). This type of research centres on the non-consensual sharing of intimate images (NCSII; sometimes called ‘revenge pornography’), but recent legislative developments seeking to convict those who engage in the unsolicited sending of intimate images (USII; sometimes called ‘dick pics’) evoke a need to broaden this literature. Moreover, in the context of recent and highly publicised accounts featuring both celebrity perpetrators and victims of IBSHA, it is important to understand whether celebrity status impacts said judgements. We present three studies outlining judgement differences between vignettes featuring NCSII and USII as a function of perpetrator/victim celebrity status and as predicted by previously implicated personality traits and beliefs. In Studies 1 (N = 261) and 2 (N = 237), though vignettes involving NCSII were perceived more criminal in nature and anticipated to evoke more harm than USII, said victims also received more blame. Contrary to our hypotheses, there was no further impact of celebrity status on either the perpetrator (Study 2) or victim (Study 3; N = 207). Finally, although dark personality traits (associated with callousness and low empathy) predicted variation in judgements of IBSHA across all studies, in Study 2, psychopathic personality traits specifically predicted proclivity to engage in NCSII but not USII. The results are discussed in reference to the importance of IBSHA-related education on an international level and the pursuit of further legislation in this area. Full article

With the development of sensor and communication technologies, the Internet of Things (IoT) subsystem is gradually becoming a crucial part in vehicles. It can effectively enhance functionalities of vehicles. However, new attack types are also emerging. For example, a driver with the smart key in their pocket can push the start button to start a car. At the same time, security issues in the push-to-start scenario are pervasive, such as smart key forgery. In this study, we propose a vehicle Passive Entry Passive Start (PEPS) system that adopts deep learning algorithms to recognize the driver using the electrocardiogram (ECG) signals measured on the driver’s smart watch. ECG signals are used for personal identification. Smart watches, serving as new smart keys of the PEPS system, can improve convenience and security. In the experiment, we consider commercial smart watches capable of sensing ECG signals. The sample rate and precision are typically lower than those of a 12-lead ECG used in hospitals. The experimental results show that Long Short-Term Memory (LSTM) models achieve the best accuracy score for identity recognition (91%) when a single ECG cycle is used. However, it takes at least 30 min for training. The training of a personalized Auto Encoder model takes only 5 min for each subject. When 15 continuous ECG cycles are sensed and used, this can achieve 100% identity accuracy. As the personalized Auto Encoder model is an unsupervised learning one-class recognizer, it can be trained using only the driver’s ECG signal. This will simplify the management of ECG recordings extremely, as well as the integration of the proposed technology into PEPS vehicles. A FIDO (Fast Identify Online)-like environment for the proposed PEPS system is discussed. Public key cryptography is adopted for communication between the smart watch and the PEPS car. The driver is first verified on the smart watch via local ECG biometric authentication, and then identified by the PEPS car. Phishing attacks, MITM (man in the middle) attacks, and replay attacks can be effectively prevented. Full article

FIDO2 authentication is starting to be applied in numerous web authentication services, aiming to replace passwords and their known vulnerabilities. However, this new authentication method has not been integrated yet with network authentication systems. In this paper, we introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. Our proposal describes a novel protocol for captive-portal network authentication using FIDO2 Authenticators as security keys and passkeys. For validating our proposal, we have developed a prototype of FIDO2CAP authentication in a mock scenario. Using this prototype, we performed a usability experiment with 15 real users. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication. Full article

FIDO (Fast Identity Online) is a set of network identity standards established by the FIDO Alliance. It employs a framework based on public key cryptography to facilitate multi-factor authentication (MFA) and biometric login, ensuring the robust protection of personal data associated with cloud accounts and ensuring the security of server-to-terminal device protocols during the login process. The FIDO Alliance has established three standards: FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework (FIDO UAF), and the Client to Authenticator Protocols (CTAP). The newer CTAP, also known as FIDO2, integrates passwordless login and two-factor authentication. Importantly, FIDO2’s support for major browsers enables users to authenticate their identities via FIDO2 across a broader range of platforms and devices, ushering in the era of passwordless authentication. In the FIDO2 framework, if a user’s device is stolen or compromised, then the private key may be compromised, and the public key stored on the FIDO2 server may be tampered with by attackers attempting to impersonate the user for identity authentication, posing a high risk to information security. Recognizing this, this study aims to propose a solution based on the FIDO2 framework, combined with blockchain technology and access control, called the FIDO2 blockchain architecture, to address existing security vulnerabilities in FIDO2. By leveraging the decentralized nature of the blockchain, the study addresses potential single points of failure in FIDO2 server centralized identity management systems, thereby enhancing system security and availability. Furthermore, the immutability of the blockchain ensures the integrity of public keys once securely stored on the chain, effectively reducing the risk of attackers impersonating user identities. Additionally, the study implements an access control mechanism to manage user permissions effectively, ensuring that only authorized users can access corresponding permissions and preventing unauthorized modifications and abuse. In addition to proposing practical solutions and steps, the study explains and addresses security concerns and conducts performance evaluations. Overall, this study brings higher levels of security and trustworthiness to FIDO2, providing a robust identity authentication solution. Full article

Polycystic Ovary Syndrome (PCOS) is an endocrine condition that has been associated with atypical emotional regulation strategy use as well as elevated levels of depression, anxiety, self-harm and suicidal ideation. Despite the existence of clinical screening guidance for this population, there is still little to no understanding of how non-suicidal self-injury and suicidal ideation and intention manifest in women with PCOS and how this might differ from women without PCOS. Within this cross-sectional investigation, women with and without a diagnosis of PCOS (n = 418) completed validated metrics of emotion dysregulation, rumination and non-suicidal self-injury (NSSI), as well as self-reported indices of previous suicidal ideation and future suicidal intention. Group comparisons indicated that women with, relative to those without, PCOS reported significantly greater metrics across all variables. Moreover, serial mediation analyses were conducted to test the ideation-to-action framework of suicide in women with PCOS, with the positive relationship between a PCOS diagnosis and future suicidal intention being explained through the indirect pathway of increased emotion dysregulation, recent suicidal ideation and NSSI. Our findings call to action the need for international screening for suicide intention and self-harm in women with PCOS. Full article

With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems. Full article

During the last few years, some of the most relevant IT companies have started to develop new authentication solutions which are not vulnerable to attacks like phishing. WebAuthn and FIDO authentication standards were designed to replace or complement the de facto and ubiquitous authentication method: username and password. This paper performs an analysis of the current implementations of these standards while testing and comparing these solutions in a high-level analysis, drawing the context of the adoption of these new standards and their integration with the existing systems, from web applications and services to different use cases on desktop and server operating systems. Full article

Due to its flexibility in terms of charging and billing, the smart grid is an enabler of many innovative energy consumption scenarios. One such example is when a landlord rents their property for a specific period to tenants. Then the electricity bill could be redirected from the landlord’s utility to the tenant’s utility. This novel scenario of the smart grid ecosystem, defined in this paper as Grid-to-Go (G2Go), promotes a green economy and can drive rent reductions. However, it also creates critical privacy issues, since utilities may be able to track the tenant’s activities. This paper presents P4G2Go, a novel privacy-preserving scheme that provides strong security and privacy assertions for roaming consumers against honest but curious entities of the smart grid. At the heart of P4G2Go lies the Idemix cryptographic protocol suite, which utilizes anonymous credentials and provides unlinkability of the consumer activities. Our scheme is complemented by the MASKER protocol, used to protect the consumption readings, and the FIDO2 protocol for strong and passwordless authentication. We have implemented the main components of P4G2Go, to quantitatively assess its performance. Finally, we reason about its security and privacy properties, proving that P4G2Go achieves to fulfill the relevant objectives. Full article

A Black Hole (BH) is a spacetime region with a horizon and where geodesics converge to a singularity. At such a point, the gravitational field equations fail. As an alternative to the problem of the singularity arises the existence of Exotic Compact Objects (ECOs) that prevent the problem of the singularity through a transition phase of matter once it has crossed the horizon. ECOs are characterized by a closeness parameter or cutoff, $ϵ$, which measures the degree of compactness of the object. This parameter is established as the difference between the radius of the ECO’s surface and the gravitational radius. Thus, different values of $ϵ$ correspond to different types of ECOs. If $ϵ$ is very big, the ECO behaves more like a star than a black hole. On the contrary, if $ϵ$ tends to a very small value, the ECO behaves like a black hole. It is considered a conceptual model of the origin of the cutoff for ECOs, when a dust shell contracts gravitationally from an initial position to near the Schwarzschild radius. This allowed us to find that the cutoff makes two types of contributions: a classical one governed by General Relativity and one of a quantum nature, if the ECO is very close to the horizon, when estimating that the maximum entropy is contained within the material that composes the shell. Such entropy coincides with the Bekenstein–Hawking entropy. The established cutoff corresponds to a dynamic quantity dependent on coordinate time that is measured by a Fiducial Observer (FIDO). Without knowing the details about quantum gravity, parameter $ϵ$ is calculated, which, in general, allows distinguishing the ECOs from BHs. Specifically, a black shell (ECO) is undistinguishable from a BH. Full article

During the last few years, the FIDO Alliance and the W3C have been working on a new standard called WebAuthn that aims to substitute the obsolete password as an authentication method by using physical security keys instead. Due to its recent design, the standard is still changing and so are the needs for protocol testing. This research has driven the development of a web application that supports the standard and gives extensive information to the user. This tool can be used by WebAuthn developers and researchers, helping them to debug concrete use cases with no need for an ad hoc implementation. Full article

With benefits to both human well-being and pro-nature conservation behaviors, nature connectedness is emerging as an important psychological construct for a sustainable future. The growing research and applied and policy-related interests require a straightforward measure of nature connectedness that is suitable for both children and adult populations. To establish the reliability of the new Nature Connection Index (NCI) three factor analyses were conducted. One was based on a large Monitor of Engagement with the Natural Environment (MENE) dataset for adults (n = 3568) with a replication from data sets collected online (n = 553), and a third used MENE data from children (n = 351). To validate the NCI as a measure for nature connectedness an online comparison study (n = 153) included the NCI alongside other established measures. The results showed that the NCI was a reliable and valid scale that offers a short, simple alternative to other measures of nature connectedness, particularly for populations including both children and adults, measured face to face or online. The utility of the NCI is also supported, with variations associated with various pro-environmental and pro-conservation behaviors observed, and importantly the NCI also revealed changes in nature connectedness across the lifespan. Full article

Existing sustainable IT services have several problems related to user authentication such as the inefficiency of managing the system security, low security, and low usability. In this paper, we propose a Fast IDentity Online (FIDO) authenticator that performs continuous authentication with implicit authentication based on user context and multimodal authentication. The proposed FIDO authenticator, a context-aware multimodal FIDO authentication (CAMFA) method, combines information such as the user context, state of the mobile device, and user biometrics, then applies implicit and explicit authentication methods to meet the level of authentication required by the service provider. This reduces the user’s explicit authentication burden and continually authenticates users at risk during the session. Moreover, it is able to respond to attacks such as the theft of the authentication method or session hijacking. To study the effectiveness of CAMFA, we ran a user study by collecting data from 22 participants over 42 days of activity on a practical Android platform. The result of the user study demonstrates that the number of explicit authentication requests could be reduced by half. Based on the results of this study, an advanced user authentication that provides multimodal and continuous authentication could be applied to sustainable IT services. Full article

Lectin microarray technology was applied to compare the glycosylation pattern of the monoclonal antibody MB311 expressed in SP2.0 cells to an antibody-dependent cellular cytotoxic effector function (ADCC)-optimized variant (MB314). MB314 was generated by a plant expression system that uses genetically modified moss protoplasts (Physcomitrella patens) to generate a de-fucosylated version of MB311. In contrast to MB311, no or very low interactions of MB314 with lectins Aspergillus oryzae l-fucose (AOL), Pisum sativum agglutinin (PSA), Lens culinaris agglutinin (LCA), and Aleuria aurantia lectin (AAL) were observed. These lectins are specific for mono-/biantennary N-glycans containing a core fucose residue. Importantly, this fucose indicative lectin-binding pattern correlated with increased MB314 binding to CD16 (FcγRIII; receptor for the constant region of an antibody)—whose affinity is mediated through core fucosylation—and stronger ADCC. In summary, these results demonstrate that lectin microarrays are useful orthogonal methods during antibody development and for characterization. Full article