Visualizing Keyboard Pattern Passwords

Passwords are fundamental security vulnerabilities in many systems. Several researchers have investigated the trade-off between password memorability versus resiliency to cracking and have looked at alternative systems such as graphical passwords and biometrics. To create stronger passwords, many systems enforce rules regarding the required length and types of characters passwords must contain. Another suggested approach is to use passphrases to combat dictionary attacks. One common ‘trick’ used to remember passwords that conform to complex rules is to select a pattern of keys on the keyboard. Although appearing random, the pattern is easy to remember. The purpose of this research was to investigate how often patterns are used, whether patterns could be classified into common categories, and whether those categories could be used to attack and defeat pattern-based passwords. Visualization techniques were used to collect data and assist in pattern categorization. The approach successfully identified 2 out of 11 passwords in a real-world password file that were not discovered with a traditional dictionary attack. This article will present the approach used to collect and categorize patterns, and describe the resulting attack method that successfully identified passwords in a live system.

Download Full-text

On the Security of a Simple Three-Party Key Exchange Protocol without Server’s Public Keys

The Scientific World JOURNAL ◽

10.1155/2014/479534 ◽

2014 ◽

Vol 2014 ◽

pp. 1-7 ◽

Cited By ~ 4

Author(s):

Junghyun Nam ◽

Kim-Kwang Raymond Choo ◽

Minkyu Park ◽

Juryon Paik ◽

Dongho Won

Keyword(s):

Real World ◽

Key Exchange ◽

Authenticated Key Exchange ◽

Key Exchange Protocol ◽

Dictionary Attack ◽

Security Vulnerabilities ◽

Network Applications ◽

Public Keys ◽

Man In The Middle ◽

Key Exchange Protocols

Authenticated key exchange protocols are of fundamental importance in securing communications and are now extensively deployed for use in various real-world network applications. In this work, we reveal major previously unpublished security vulnerabilities in the password-based authenticated three-party key exchange protocol according to Lee and Hwang (2010): (1) the Lee-Hwang protocol is susceptible to a man-in-the-middle attack and thus fails to achieve implicit key authentication; (2) the protocol cannot protect clients’ passwords against an offline dictionary attack; and (3) the indistinguishability-based security of the protocol can be easily broken even in the presence of a passive adversary. We also propose an improved password-based authenticated three-party key exchange protocol that addresses the security vulnerabilities identified in the Lee-Hwang protocol.

Download Full-text

AcSIS: Authentication System Based on Image Splicing

Engineering, Technology & Applied Science Research ◽

10.48084/etasr.3060 ◽

2019 ◽

Vol 9 (5) ◽

pp. 4808-4812

Author(s):

S. Hamid ◽

N. Z. Bawany ◽

S. Khan

Keyword(s):

Success Rate ◽

Brute Force ◽

Image Splicing ◽

Password Authentication ◽

Trade Off ◽

Graphical Passwords ◽

Password Security ◽

Authentication System ◽

Digital Assets ◽

Dictionary Attacks

Text-based passwords are widely used for the authentication of digital assets. Typically, password security and usability is a trade-off, i.e. easy-to-remember passwords have higher usability that makes them vulnerable to brute-force and dictionary attacks. Complex passwords have stronger security but poor usability. In order to strengthen the security in conjunction with the improved usability, we hereby propose a novel graphical authentication system. This system is a picture-based password scheme which comprises of the method of image splicing. Authentication data were collected from 33 different users. The usability of the method was evaluated via a comparison between the number of correct and incorrect authentication attempts and time taken. Additionally, a comparison was made between our proposed method and a complex text-based password authentication method using the authentication success rate. Authentication using image splicing proved to be resilient to brute-force attacks since the processing of images consumes a voluminous password space. The evaluation of the usability revealed that graphical passwords were easy-to-remember, resulting in a higher number of correct attempts. The proposed method produced 50% higher success rate compared to the text-based method. Findings motivate the use of the proposed method for securing digital assets.

Download Full-text

Randomised Gaussian Process Upper Confidence Bound for Bayesian Optimisation

Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence ◽

10.24963/ijcai.2020/316 ◽

2020 ◽

Author(s):

Julian Berk ◽

Sunil Gupta ◽

Santu Rana ◽

Svetha Venkatesh

Keyword(s):

Gaussian Process ◽

Real World ◽

Confidence Bound ◽

Trade Off ◽

Upper Confidence Bound ◽

Exploration Exploitation

In order to improve the performance of Bayesian optimisation, we develop a modified Gaussian process upper confidence bound (GP-UCB) acquisition function. This is done by sampling the exploration-exploitation trade-off parameter from a distribution. We prove that this allows the expected trade-off parameter to be altered to better suit the problem without compromising a bound on the function's Bayesian regret. We also provide results showing that our method achieves better performance than GP-UCB in a range of real-world and synthetic problems.

Download Full-text

The Ethics of Regulation

Deakin Papers on International Business Economics ◽

10.21153/dpibe2010vol3no2art184 ◽

2010 ◽

Vol 3 (2) ◽

pp. 1-8

Author(s):

David Antoni ◽

Freddy Leal

Keyword(s):

Real World ◽

Regulatory Environment ◽

Trade Off ◽

The Real ◽

Ideal World ◽

Effi Ciency ◽

Self Interest ◽

Main Factors ◽

Regulatory Intervention

Regulations are often imposed in order to correct any failures in the market, whether the failure is a result of the functioning of a market or the behaviour of a government. However, every regulatory intervention br ings up a question: How ethical is the regulation? Even if a regulatory intervention could achieve more effici ency or more equity, it may not mean that it is ethi cal. The concept of ethics is ne cessarily subjective, it is based on the morals and standards of a society. Yet even though a society may be concerned about ethics, the issues of equity and altrui sm matter as does the way in which firms produce and seek to rationally an d efficiently maximize profit. Defining ethics is a difficul t issue, and defining ethical regu lation is even more difficult. Any form of regulation is a tool for interv ention used to balanc e the trade-off between efficiency and equity to create harmony between a market or economy and the society it functions within. In an ideal world, any go vernment intervention implemented would be for the greater benefit of all. However, this does not always happen in the vicissitudes of the real world when governments regulate an d intervene in markets, which are, in turn, based on the principle of rational self-interest and efficiency. In this paper we discuss the role of society in market regu lation. The discussion will focus on the importance of society on ethics and therefore on what constitutes ethical regulations. In fact we argue that equity, effi ciency or even failures are not the main factors to consider when regulating. It is society that defines ethics and how society understands ethics influences the regulatory environment

Download Full-text

From Monetary to Nonmonetary Mechanism Design via Artificial Currencies

Mathematics of Operations Research ◽

10.1287/moor.2020.1098 ◽

2021 ◽

Author(s):

Artur Gorokh ◽

Siddhartha Banerjee ◽

Krishnamurthy Iyer

Keyword(s):

Decision Making ◽

Mechanism Design ◽

Real World ◽

Price Of Anarchy ◽

Black Box ◽

Trade Off ◽

Two Agents ◽

Over Time ◽

Artificial Currency

Nonmonetary mechanisms for repeated allocation and decision making are gaining widespread use in many real-world settings. Our aim in this work is to study the performance and incentive properties of simple mechanisms based on artificial currencies in such settings. To this end, we make the following contributions: For a general allocation setting, we provide two black-box approaches to convert any one-shot monetary mechanism to a dynamic nonmonetary mechanism using an artificial currency that simultaneously guarantees vanishing gains from nontruthful reporting over time and vanishing losses in performance. The two mechanisms trade off between their applicability and their computational and informational requirements. Furthermore, for settings with two agents, we show that a particular artificial currency mechanism also results in a vanishing price of anarchy.

Download Full-text

Availability Estimation of Demand Buses as Human Transportation System, Using Self-Organizing Map

International Journal of Knowledge Society Research ◽

10.4018/jksr.2011070105 ◽

2011 ◽

Vol 2 (3) ◽

pp. 49-60

Author(s):

Toyohide Watanabe ◽

Kentaro Uesugi

Keyword(s):

Cost Management ◽

Main Idea ◽

Transportation System ◽

Self Organizing Map ◽

Trade Off ◽

Alternative Transportation ◽

Visualization Techniques ◽

Self Organizing

The demand bus is a new transportation means, which is timely planned and runs order by order in accordance with independent requests of individual customers. Demand buses are alternative transportation vehicles, replacing traditional routing-oriented buses. In this paper, the authors address the characteristic issues, attend to the practical operations, and estimate and evaluate the trade-off strategies between usage convenience and cost management. The main idea, which is established from the features among parameters interpretatively, is to make use of visualization techniques and apply a self-organizing map (SOM) to this visualization. The authors display the co-related classification results computed individually from several selected parameters to keep their meaningful correspondence.

Download Full-text

A Simple and Approximately Optimal Mechanism for a Buyer with Complements

Operations Research ◽

10.1287/opre.2020.2039 ◽

2020 ◽

Author(s):

Alon Eden ◽

Michal Feldman ◽

Ophir Friedler ◽

Inbal Talgam-Cohen ◽

S. Matthew Weinberg

Keyword(s):

Real World ◽

Recent Literature ◽

Revenue Maximization ◽

Trade Off ◽

Optimal Mechanism

Recent literature on approximately optimal revenue maximization has shown that in settings where agent valuations for items are complement free, the better of selling the items separately and bundling them together guarantees a constant fraction of the optimal revenue. However, most real-world settings involve some degree of complementarity among items. The role that complementarity plays in the trade-off of simplicity versus optimality has been an obvious missing piece of the puzzle. In “A Simple and Approximately Optimal Mechanism for a Buyer with Complements,” the authors show that the same simple selling mechanism—the better of selling separately and as a grand bundle—guarantees a $\Theta(d)$ fraction of the optimal revenue, where $d$ is a measure of the degree of complementarity. One key modeling contribution is a tractable notion of “degree of complementarity” that admits meaningful results and insights—they demonstrate that previous definitions fall short in this regard.

Download Full-text

A Theory of Experimenters: Robustness, Randomization, and Balance

The American Economic Review ◽

10.1257/aer.20171634 ◽

2020 ◽

Vol 110 (4) ◽

pp. 1206-1230 ◽

Cited By ~ 4

Author(s):

Abhijit V. Banerjee ◽

Sylvain Chassang ◽

Sergio Montero ◽

Erik Snowberg

Keyword(s):

Decision Maker ◽

Real World ◽

Robust Performance ◽

Control Groups ◽

Trade Off ◽

Performance Guarantees ◽

Important Concern ◽

Expected Performance ◽

And Control ◽

Shed Light

This paper studies the problem of experiment design by an ambiguity-averse decision-maker who trades off subjective expected performance against robust performance guarantees. This framework accounts for real-world experimenters’ preference for randomization. It also clarifies the circumstances in which randomization is optimal: when the available sample size is large and robustness is an important concern. We apply our model to shed light on the practice of rerandomization, used to improve balance across treatment and control groups. We show that rerandomization creates a trade-off between subjective performance and robust performance guarantees. However, robust performance guarantees diminish very slowly with the number of rerandomizations. This suggests that moderate levels of rerandomization usefully expand the set of acceptable compromises between subjective performance and robustness. Targeting a fixed quantile of balance is safer than targeting an absolute balance objective. (JEL C90, D81)

Download Full-text

Dust & Magnet: Multivariate Information Visualization Using a Magnet Metaphor

Information Visualization ◽

10.1057/palgrave.ivs.9500099 ◽

2005 ◽

Vol 4 (4) ◽

pp. 239-256 ◽

Cited By ~ 79

Author(s):

Ji Soo Yi ◽

Rachel Melton ◽

John Stasko ◽

Julie A. Jacko

Keyword(s):

General Population ◽

Information Visualization ◽

Real World ◽

Daily Life ◽

Information Age ◽

Visualization Tool ◽

Visualization Technique ◽

Visualization Techniques

The use of multivariate information visualization techniques is intrinsically difficult because the multidimensional nature of data cannot be effectively presented and understood on real-world displays, which have limited dimensionalities. However, the necessity to use these techniques in daily life is increasing as the amount and complexity of data grows explosively in the information age. Thus, multivariate information visualization techniques that are easier to understand and more accessible are needed for the general population. In order to meet this need, the present paper proposes Dust & Magnet, a multivariate information visualization technique using a magnet metaphor and various interactive techniques. The intuitive magnet metaphor and subsequent interactions facilitate the ease of learning this multivariate information visualization technique. A visualization tool such as Dust & Magnet has the potential to increase the acceptance of and utility for multivariate information by a broader population of users who are not necessarily knowledgeable about multivariate information visualization techniques.

Download Full-text

Research into Navigation, Collaborative Interaction, and Gigapixel Displays

Journal of Interactive Systems ◽

10.5753/jis.2011.586 ◽

2011 ◽

Vol 2 (2) ◽

pp. 1

Author(s):

Roy A Ruddle ◽

David J Duke

Keyword(s):

Virtual Reality ◽

Cancer Diagnosis ◽

Real World ◽

Research Group ◽

Large Datasets ◽

Graph Exploration ◽

Communication Breakdown ◽

Collaborative Interaction ◽

Visualization Techniques

Research by the Visualization & Virtual Reality Research Group (School of Computing, University of Leeds, UK) includes themes that focus on navigation, collaborative interaction, and gigapixel displays. The group also carries out research into visualization techniques and systems, including new systems technologies for visualization, and tools for investigating features within large datasets. This article summarizes that research and describes current projects that are taking place: Virtual trails to aid real-world navigation, Mobile geophysics, Communication breakdown in collaborative VR, Cancer diagnosis with a VR Microscope, Visual analytic interfaces for optimization, and Overlays for graph exploration.

Download Full-text