Search Results (92)

Wireless sensor systems can collect and share a large amount of data for different kinds of applications, but are also vulnerable to cyberattacks. The impact of cyberattacks on systems’ confidentiality, integrity, and availability can be mitigated by using authentication procedures and cryptographic algorithms. Authentication passwords and cryptographic keys may be stored in a non-volatile memory, which may be easily tampered with. Alternately, Physical Unclonable Functions (PUFs) can be adopted. They generate a chip’s unique fingerprint, by exploiting the randomness of process parameters’ variations occurring during chip fabrication, thus constituting a more secure alternative to the adoption of non-volatile memories for password storage. PUF reliability is of primary concern to guarantee a system’s availability. In this paper, the reliability of a Static Random Access Memory (SRAM)-based PUF implemented by a standard 32 nm CMOS technology is investigated, as a function of different operating conditions, such as noise, power supply voltage, and temperature, and considering different values of transistor conduction threshold voltages. The achieved results will show that transistor threshold voltage and noise are the operating conditions mostly affecting PUF reliability, while the impact of temperature variations is lower, and that of power supply variations is negligible. Full article

With the rapid evolution of computing technologies and the increased proliferation of online services, secure remote user authentication methods have become essential. Among these methods, password-based authentication remains dominant due to its straightforward implementation and ease of use. Nevertheless, password-based systems are particularly prone to credential theft from keylogging attacks, making user passwords easily compromised. To address these risks, image-based authentication methods were developed, allowing users to enter passwords through mouse clicks rather than keyboard input, thereby reducing vulnerabilities associated with conventional password entry. However, subsequent studies have shown that mouse movement and click information can still be obtained using APIs such as the GetCursorPos() function or WM_INPUT message, thus undermining the intended security benefits of image-based authentication. In response, various defense strategies have sought to inject artificial or random mouse data through functions such as SetCursorPos() or by utilizing the WM_INPUT message, in an effort to disguise authentic user input. Despite these defenses, recent machine learning-based attacks have demonstrated that such naïve bogus input can be distinguished from legitimate mouse data with up to 99% classification accuracy, resulting in substantial exposure of actual user actions. To address this, a technique leveraging Generative Adversarial Networks (GAN) was introduced to produce artificial mouse data closely mimicking genuine user input, which has been shown to reduce the attack success rate by roughly 37%, offering enhanced protection for mouse-driven authentication systems. This article seeks to advance GAN-based mouse data protection by integrating multiple adversarial generative models and conducting a comprehensive evaluation of their effectiveness with respect to data processing techniques, feature selection, generation intervals, and model-specific performance differences. Our experimental findings reveal that the enhanced approach reduces attack success rates by up to 48%, marking an 11% performance gain over previous mouse data protection approaches, and providing stronger empirical support that our method offers superior protection for user authentication data compared to prior techniques. Full article

Although emerging technologies are increasingly adopted in teaching and learning, their potential to enhance educational administration remains underexplored. In particular, few studies examine how conversational agents, virtual reality (VR), and robotic process automation (RPA) can jointly streamline administrative workflows in multilingual and multicultural university environments. This study addresses this gap by presenting an integrated solution deployed on the website of an engineering faculty where programs are delivered in foreign languages. The proposed system combines a multilingual chatbot, a VR-based administrative guide and virtual tour, and RPA modules supporting certificate generation, password resets, and exam scheduling. Through an A/B usability test, usage analytics, and qualitative feedback, we evaluate the effectiveness of these technologies in improving access to information, reducing response time, and lowering administrative workload. Results show that this triad significantly enhances efficiency and student experience, particularly for international students requiring continuous support. The paper contributes a replicable model for leveraging emerging technologies in educational administration and offers insights for institutions seeking scalable and student-centered digital transformation. Full article

In personal computers, data is input through devices such as keyboards and mice, and various services are received from the internet. To provide these online services, secure user authentication methods are essential. Knowledge-based authentication methods, such as PINs or passwords, have been widely implemented in most services due to their ease of implementation. However, security threats such as brute-force attacks, phishing attacks, and keyboard data attacks that intercept sensitive user information have emerged. To counter these security threats, image-based authentication methods using mouse input were introduced. However, vulnerabilities arose when functions like GetCursorPos() or WM_INPUT messages were used, allowing mouse input data to be intercepted, thereby undermining image-based authentication. To defend against these attacks, counter-defence methods were developed to generate fake mouse data, protecting actual mouse data. With the advent of these defence methods, there has been a demand for attack methods to classify fake and real mouse data. Recently, machine learning-based methods have been employed on the attacker’s side to classify real mouse data, effectively distinguishing fake from real mouse data and compromising the security of image-based authentication methods. Therefore, this paper proposes a defence technology to safely protect mouse data from theft attacks using machine learning, specifically leveraging Generative Adversarial Networks (GANs). To achieve the goal of this defence technology, the distribution of fake mouse data generated using GANs was analyzed, verifying the feasibility of mouse defence methods. In summary, a system incorporating the defence technology was constructed, and a dataset containing both fake and real mouse data was created. Based on the constructed environment, the performance of the mouse data defence technology was evaluated. The results showed that it reduced performance by up to 37% in the dataset with the highest performance of existing machine learning-based attack methods. This study concludes that the proposed mouse data defence technology effectively addresses vulnerabilities and security threats related to user authentication information in various services relying on image-based authentication methods. Full article

Developing conductive hydrogels that balance high conductivity, stretchability, transparency, and sensitivity for next-generation wearable sensors remains challenging due to inherent trade-offs. This study introduces a straightforward approach to fabricate a semi-interpenetrating double-network hydrogel comprising polyvinyl alcohol (PVA), polyacrylamide (PAM), and lithium chloride (LiCl) to overcome these limitations. Leveraging hydrogen bonding for energy dissipation and chemical cross-linking for structural integrity, the design achieves robust mechanical properties. The incorporation of 1 mol/L LiCl significantly enhances ionic conductivity, while also providing plasticizing and moisture-retention benefits. The optimized hydrogel exhibits impressive ionic conductivity (0.47 S/m, 113% enhancement), excellent mechanical performance (e.g., 0.177 MPa tensile strength, 730% elongation, 0.68 MJ m⁻³ toughness), high transparency (>85%), and superior strain sensitivity (gauge factors ~1). It also demonstrates rapid response/recovery and robust fatigue resistance. Functioning as a wearable sensor, it reliably monitors diverse human activities and enables novel, secure data handling applications, such as finger-motion-driven Morse code interfaces and gesture-based password systems. This accessible fabrication method yields versatile hydrogels with promising applications in health tracking, interactive devices, and secure communication technologies. Full article

As digital technologies become increasingly integrated into daily life, individuals with intellectual disabilities face both opportunities and risks in virtual environments. Despite widespread internet access and frequent use of digital devices among the general population, many individuals with disabilities continue to experience significant barriers to digital participation. These include difficulties in using technological tools, limited access to devices at home, and challenges in navigating online environments safely and independently. This study investigates the cybersecurity knowledge, risk perception, and privacy practices of 28 university students with mild intellectual disabilities in Spain. Utilizing a validated, accessible self-assessment questionnaire, the research analyzes participants’ understanding of digital threats, self-protective behaviors, and gender-based differences in knowledge and decision-making. Results reveal a generally high awareness of online risks and appropriate use of privacy settings, though inconsistencies in password security and high social media usage persist. Female participants demonstrated slightly higher levels of theoretical knowledge. The findings underscore the urgent need for inclusive, accessible cybersecurity education tailored to cognitive diversity. Promoting digital autonomy and safety through targeted interventions can reduce the digital divide and foster full social participation. This research contributes to the broader discourse on digital inclusion and protection for individuals with disabilities in an increasingly connected world. Full article

The perception of football as a male-dominated sport by society, coupled with the socio-cultural and economic barriers faced by women, has constrained their presence in the domain of football and revealed the manifestation of gender norms within the sport. This exclusion further masculinizes sport, negatively affecting social unity and cohesion, and deepening inequality within sport. Within this context, the study seeks to reveal how football fans perceive female and male referees through metaphorical representations. Participants, selected using purposive sampling, are individuals who regularly attend football matches and have experience watching games officiated by female football referees. The research employed a phenomenological approach to analyse metaphors generated by 352 football fans regarding female and male referees. Data were collected online through the Google Forms platform, which was accessible only to the researcher via password-protected access. During the analysis process, metaphors were coded, categorized, and transformed into meaningful interpretative formats. Results indicate that female referees are predominantly described with metaphors associated with sexist objectification, such as “flower”, “rose”, and “queen.” Female referees are represented by social roles and stereotypes metaphors like “mother,” and “gold,” yet they are also confronted with violence and disparaging metaphors such as “trash” and “chaos.” Conversely, male referees are perceived through metaphors evoking strength, toughness, and authority, including “lion”, “stone”, “authority”, “king”, and “leader.” These metaphorical representations highlight the persistence of gender norms within sport, demonstrating how women’s professional competencies are overshadowed by societal codes. Moreover, they are depicted as figures of power and discipline, reflecting masculinity within the sporting context. Ultimately, the research seeks to raise awareness about gender-based perceptions and foster transformation towards greater gender equality in sport. Full article

The rapid evolution of virtual reality systems and the broader metaverse landscape has prompted growing research interest in biometric authentication methods for user verification. These solutions offer an additional layer of access control that surpasses traditional password-based approaches by leveraging unique physiological or behavioral traits. Current literature emphasizes analyzing controller position and orientation data, which presents challenges when using convolutional neural networks (CNNs) with non-continuous Euler angles. The novelty of the presented approach is that it addresses this limitation. We propose a modality transformation approach that generates acceleration and angular velocity signals from trajectory and orientation data. Specifically, our work employs algebraic techniques—including quaternion algebra—to model these dynamic signals. Both the original and transformed data were then used to train various CNN architectures, including Vanilla CNNs, attention-enhanced CNNs, and Multi-Input CNNs. The proposed modification yielded significant performance improvements across all datasets. Specifically, F1-score accuracy increased from 0.80 to 0.82 for the Comos subset, from 0.77 to 0.82 for the Quest subset, and notably from 0.83 to 0.92 for the Vive subset. Full article

The CPace protocol (Internet-Draft:draft-irtf-cfrg-cpace-14) is a password-authenticated key exchange optimized for simplicity. In particular, it involves only two messages exchanged in an arbitrary order. CPace combines a simple and elegant design with privacy guarantees obtained via strict mathematical proofs. In this paper, we go further and analyze its resilience against malicious cryptography implementations. While the clever design of CPace immediately eliminates many kleptographic techniques applicable to many other protocols of this kind, we point to the remaining risks related to kleptographic setups. We show that such attacks can break the security and privacy features of CPace. Thereby, we point to the necessity of very careful certification of the devices running CPace, focusing in particular on critical threats related to random number generators. Full article

According to the latest Verizon DBIR report, credential abuse, including password reuse and human factors in password creation, remains the leading attack vector. It was revealed that most users change their passwords only when they forget them, and 35% of respondents find mandatory password rotation policies inconvenient. These findings highlight the importance of combining technical solutions with user-focused education to strengthen password security. In this research, the “human factor in the creation of usernames and passwords” is considered a vulnerability, as identifying the patterns or rules used by users in password generation can significantly reduce the number of possible combinations that attackers need to try in order to gain access to personal data. The proposed method based on an LSTM model operates at a character level, detecting recurrent structures and generating generalized masks that reflect the most common components in password creation. Open datasets of 31,000 compromised passwords from real-world leaks were used to train the model and it achieved over 90% test accuracy without signs of overfitting. A new method of evaluating the individual password creation habits of users and automatically fetching context-rich keywords from a user’s public web and social media footprint via a keyword-extraction algorithm is developed, and this approach is incorporated into a web application that allows clients to locally fine-tune an LSTM model locally, run it through ONNX, and carry out all inference on-device, ensuring complete data confidentiality and adherence to privacy regulations. Full article

The rapid development of network communication technology has led to an increased focus on the security of image storage and transmission in multimedia information. This paper proposes an enhanced image security communication scheme based on Fibonacci interleaved diffusion and non-degenerate chaotic system to address the inadequacy of current image encryption technology. The scheme utilizes a hash function to extract the hash characteristic values of the plaintext image, generating initial perturbation keys to drive the chaotic system to generate initial pseudo-random sequences. Subsequently, the input image is subjected to a light scrambling process at the bit level. The Q matrix generated by the Fibonacci sequence is then employed to diffuse the obtained intermediate cipher image. The final ciphertext image is then generated by random direction confusion. Throughout the encryption process, plaintext correlation mechanisms are employed. Consequently, due to the feedback loop of the plaintext, this algorithm is capable of resisting known-plaintext attacks and chosen-plaintext attacks. Theoretical analysis and empirical results demonstrate that the algorithm fulfils the cryptographic requirements of confusion, diffusion, and avalanche effects, while also exhibiting a robust password space and excellent numerical statistical properties. Consequently, the security enhancement mechanism based on Fibonacci interleaved diffusion and non-degenerate chaotic system proposed in this paper effectively enhances the algorithm’s resistance to cryptographic attacks. Full article

Rainbow table attacks utilize a time-memory trade-off to efficiently crack passwords by employing precomputed tables containing chains of passwords and hash values. Generating these tables is computationally intensive, and several researchers have proposed utilizing parallel computing to speed up the generation process. This paper introduces a modification to the traditional master-slave parallelization model using the MPI framework, where, unlike previous approaches, the generation of starting points is decentralized, allowing each process to generate its own tasks independently. This design is proposed to reduce communication overhead and improve the efficiency of rainbow table generation. We reduced the number of inter-process communications by letting each process generate chains independently. We conducted three experiments to evaluate the performance of the parallel rainbow tables generation algorithm for four cryptographic hash functions: NTLMv2, MD5, SHA-256 and SHA-512. The first experiment assessed parallel performance, showing near-linear speedup and 95–99% efficiency across varying numbers of nodes. The second experiment evaluated scalability by increasing the number of processed chains from 100 to 100,000, revealing that higher workloads significantly impacted execution time, with SHA-512 being the most computationally intensive. The third experiment evaluated the effect of chain length on execution time, confirming that longer chains increase computational cost, with SHA-512 consistently requiring the most resources. The proposed approach offers an efficient and practical solution to the computational challenges of rainbow tables generation. The findings of this research can benefit key stakeholders, including cybersecurity professionals, ethical hackers, digital forensics experts and researchers in cryptography, by providing an efficient method for generating rainbow tables to analyze password security. Full article

As a crucial component of account protection system evaluation and intrusion detection, the advancement of password guessing technology encounters challenges due to its reliance on password data. In password guessing research, there is a conflict between the traditional models’ need for large training samples and the limitations on accessing password data imposed by privacy protection regulations. Consequently, security researchers often struggle with the issue of having a very limited password set from which to guess. This paper introduces a small-sample password guessing technique that enhances cross-domain features. It analyzes the password set using probabilistic context-free grammar (PCFG) to create a list of password structure probabilities and a dictionary of password fragment probabilities, which are then used to generate a password set structure vector. The method calculates the cosine similarity between the small-sample password set B from the target area and publicly leaked password sets $A_i$ using the structure vector, identifying the set $A_{max}$ with the highest similarity. This set is then utilized as a training set, where the features of the small-sample password set are enhanced by modifying the structure vectors of the training set. The enhanced training set is subsequently employed for PCFG password generation. The paper uses hit rate as the evaluation metric, and Experiment I reveals that the similarity between B and $A_i$ can be reliably measured when the size of B exceeds 150. Experiment II confirms the hypothesis that a higher similarity between $A_i$ and B leads to a greater hit rate of $A_i$ on the test set of B, with potential improvements of up to 32% compared to training with B alone. Experiment III demonstrates that after enhancing the features of $A_{max}$, the hit rate for the small-sample password set can increase by as much as 10.52% compared to previous results. This method offers a viable solution for small-sample password guessing without requiring prior knowledge. Full article

This paper presents MZAP, a mobile application designed to digitalize basketball match tracking and generate secure, searchable endgame reports. Used by the Basketball League of Serbia, MZAP creates tamper-proof digitally signed records stored as password-protected PDFs with unique UUIDs, digital signatures, and QR codes. Each report is accompanied by a JSON file containing match data, enabling efficient validation through hashed checksums and facilitating data extraction and searchability. The system supports both online and offline modes, bilingual interfaces, mobile and tablet use, and includes features such as WiFi-based monitoring, physical printing, and various sharing options. The solution aims to reduce officials’ working time and increase data accuracy by minimizing human error through structural and UI-level validation methods and real-time monitoring by multiple observers during games. As part of the MZAP software suite, MZAP Converter is under development to support the digitization of legacy paper-based reports using custom CRNN neural networks to optically recognize and digitize historical paper-based reports, bringing them to the same standard as newly created digital ones. The paper also reflects on the broader impact of digital transformation within the Basketball League of Serbia. Full article

This study presents one of the most extensive analyses of the lifecycle of leaked authentication credentials to date, bridging the gap between database breaches and real-world cyberattacks. We analyze over 27 billion leaked credentials—nearly 4 billion unique—using a sophisticated data filtering and normalization pipeline to handle breach inconsistencies. Following this analysis, we deploy a distributed sensor network of 39 honeypots running 14 unique services across 9 networks over a one-year-long experiment, capturing one of the most comprehensive authentication datasets in the literature. We analyze leaked credentials, SSH and Telnet session data, and HTTP authentication requests for their composition, characteristics, attack patterns, and occurrence. We comparatively assess whether credentials from leaks surface in real-world attacks. We observe a significant overlap of honeypot logins with common password wordlists (e.g., Nmap, John) and defaultlists (e.g., Piata, Mirai), and limited overlaps between leaked credentials, logins, and dictionaries. We examine generative algorithms (e.g., keywalk patterns, hashcat rules), finding they are widely used by users but not attackers—unless included in wordlists. Our analyses uncover unseen passwords and methods likely designed to detect honeypots, highlighting an adversarial arms race. Our findings offer critical insights into password reuse, mutation, and attacker strategies, with implications for authentication security, attack detection, and digital forensics. Full article