scholarly journals The implementation of two-factor web authentication system based on facial recognition

2017 ◽  
Vol 7 (2) ◽  
pp. 68
Author(s):  
Sultan Zavrak ◽  
Seyhmus Yilmaz ◽  
Huseyin Bodur ◽  
Sinan Toklu
Keyword(s):  
Facial Recognition ◽  
Personal Information ◽  
Web Security ◽  
Third Party ◽  
Difficult Situation ◽  
Authentication Mechanism ◽  
Authentication System ◽  
The Individual ◽  
High Level ◽  
The Web

The security of the web is a very important issue, because every day we make a variety of operations in it, for different reasons, during the day. Apart from protecting the information, contacts, accounts and data on the web, such data should be inaccessible to third-party persons. This in turn depends on the success of the authentication process performed on the individual web. With authentication, it is possible for users to protect their information and make their transactions only for themselves. However, the authentication mechanism used at this point must have a high level of safety. With the purpose to damage a person's privacy and access account information and gain profit in this way, many malicious persons have developed various methods of attacks to bypass authentication mechanisms. These methods sometimes succeed on a variety of authentication mechanisms, and put users and relevant websites into a difficult situation, and may even damage them in a variety of aspects. In order to protect personal information on the web system and provide the security of transactions carried out at a high level, in this study, we propose a two-factor authentication mechanism based on facial recognition. Besides, we discuss some implementation details about the proposed method. The proposed method aims to bring a new approach to the authentication system to perform our online process with the highest security. In addition to the standard authentication systems, using face recognition as a secondary level of security will contribute to the emergence of a new authentication mechanism.   Keywords: Web authentication, two-factor authentication, web security, facial recognition.   The security of the web is a very important issue, because every day we make a variety of operations in it, for different reasons, during the day. Apart from protecting the information, contacts, accounts and data on the web, such data should be inaccessible to third-party persons. This in turn depends on the success of the authentication process performed on the individual web. With authentication, it is possible for users to protect their information and make their transactions only for themselves. However, the authentication mechanism used at this point must have a high level of safety. With the purpose to damage a person's privacy and access account information and gain profit in this way, many malicious persons have developed various methods of attacks to bypass authentication mechanisms. These methods sometimes succeed on a variety of authentication mechanisms, and put users and relevant websites into a difficult situation, and may even damage them in a variety of aspects. In order to protect personal information on the web system and provide the security of transactions carried out at a high level, in this study, we propose a two-factor authentication mechanism based on facial recognition. Besides, we discuss some implementation details about the proposed method. The proposed method aims to bring a new approach to the authentication system to perform our online process with the highest security. In addition to the standard authentication systems, using face recognition as a secondary level of security will contribute to the emergence of a new authentication mechanism. Keywords: Web authentication, two-factor authentication, web security, facial recognition.  

scholarly journals The implementation of two-factor web authentication system based on facial recognition

2018 ◽  
Vol 7 (2) ◽  
pp. 92-101 ◽  
Author(s):  
Sultan Zavrak ◽  
Seyhmus Yilmaz ◽  
Huseyin Bodur ◽  
Sinan Toklu
Keyword(s):  
Facial Recognition ◽  
Personal Information ◽  
Third Party ◽  
Difficult Situation ◽  
New Approach ◽  
Authentication Mechanism ◽  
Authentication System ◽  
The Individual ◽  
High Level ◽  
The Web

AbstractThe security of the web is a very important issue, because every day we make a variety of operations in it, for different reasons, during the day. Apart from protecting the information, contacts, accounts and data on the web, such data should be inaccessible to third-party persons. This in turn depends on the success of the authentication process performed on the individual web. With authentication, it is possible for users to protect their information and make their transactions only for themselves. However, the authentication mechanism used at this point must have a high level of safety. With the purpose to damage a person's privacy and access account information and gain profit in this way, many malicious persons have developed various methods of attacks to bypass authentication mechanisms. These methods sometimes succeed on a variety of authentication mechanisms, and put users and relevant websites into a difficult situation, and may even damage them in a variety of aspects. In order to protect personal information on the web system and provide the security of transactions carried out at a high level, in this study, we propose a two-factor authentication mechanism based on facial recognition. Besides, we discuss some implementation details about the proposed method. The proposed method aims to bring a new approach to the authentication system to perform our online process with the highest security. In addition to the standard authentication systems, using face recognition as a secondary level of security will contribute to the emergence of a new authentication mechanism.

scholarly journals Public perception of the practices of digital profiling and social score: the situation in Russia and China

2021 ◽  
pp. 56-76
Author(s):  
Roman Z. Rouvinsky ◽  
Ekaterina Rouvinskaya ◽  
Tatiana Komarova
Keyword(s):  
Public Perception ◽  
Personal Information ◽  
Credit System ◽  
Chinese Youth ◽  
Social Credit ◽  
Written Form ◽  
The Government ◽  
High Level ◽  
Web Platform ◽  
The Web

This comparative research is dedicated to the attitude of the residents of PRC and Russia towards the practices of digital profiling and social score (ranking / grading) that are currently being implemented worldwide. Analysis is conducted on the results of interviewing the Chinese citizens, as well as sociological survey carried out among the Russian residents. The interviewing of the Chinese citizens was conducted in two stages: September 2020 via questionnaire in a written form; and March 2021, through the web platform CrowdSignal. The survey of the Russian residents was carried out from September 8, 2021 to October 26, 2021 in the form of filling out a printed questionnaire, as well as through the web platform. The conducted interviews demonstrate a high level of confidence of Chinese youth in the practices of collecting and processing personal information that were adopted in China, as well as the government initiatives on implementation of the score mechanisms in public administration. Unlike the Chinese citizens, the Russian residents including youth, to a considerable extent are inclined towards distrust in the government and namely private commercial companies with regards to their method of collecting and use personal information. A significant part of the Russian residents have not yet made up their mind on digital profiling and social credit system, or are cautious of such innovations.

Satisfaction, Frustration, and Delight

2001 ◽  
pp. 231-251 ◽  
Author(s):  
Jennifer Edson Escalas ◽  
Kapil Jain ◽  
Judi E. Strebel
Keyword(s):  
Web Sites ◽  
Web Site ◽  
Internet Technology ◽  
Third Party ◽  
The Internet ◽  
Research Project ◽  
The Individual ◽  
Site Internet ◽  
The Web

This research project develops a framework for understanding how consumers interact with Web sites on the Internet. Our goal is to understand the interaction of individuals and Web sites from the perspective of the marketer, or third-party, who has created the site. Internet technology enables marketers to customize their interaction with consumers in order to better meet consumer needs. We are interested in whether and how this works. Our framework builds on four interdependent elements: first, the individual Internet user’s mindset as he/she enters a particular Web site, which includes, importantly, the user’s expectations; second, the Web site itself (consisting of four components: structure, content, connectivity, and malleability); third, the individual/Web site interaction; and fourth, the user’s evaluation of the Web site, which affects behavior.

Security evaluation of the OAuth 2.0 framework

2015 ◽  
Vol 23 (1) ◽  
pp. 73-101 ◽  
Author(s):  
Eugene Ferry ◽  
John O Raw ◽  
Kevin Curran
Keyword(s):  
Web Application ◽  
Third Party ◽  
Security Evaluation ◽  
Client Application ◽  
Content Type ◽  
Threat Model ◽  
Cloud Data ◽  
Security Issues ◽  
Authentication Mechanism ◽  
The Web

Purpose – The interoperability of cloud data between web applications and mobile devices has vastly improved over recent years. The popularity of social media, smartphones and cloud-based web services have contributed to the level of integration that can be achieved between applications. This paper investigates the potential security issues of OAuth, an authorisation framework for granting third-party applications revocable access to user data. OAuth has rapidly become an interim de facto standard for protecting access to web API data. Vendors have implemented OAuth before the open standard was officially published. To evaluate whether the OAuth 2.0 specification is truly ready for industry application, an entire OAuth client server environment was developed and validated against the speciation threat model. The research also included the analysis of the security features of several popular OAuth integrated websites and comparing those to the threat model. High-impacting exploits leading to account hijacking were identified with a number of major online publications. It is hypothesised that the OAuth 2.0 specification can be a secure authorisation mechanism when implemented correctly. Design/methodology/approach – To analyse the security of OAuth implementations in industry a list of the 50 most popular websites in Ireland was retrieved from the statistical website Alexa (Noureddine and Bashroush, 2011). Each site was analysed to identify if it utilised OAuth. Out of the 50 sites, 21 were identified with OAuth support. Each vulnerability in the threat model was then tested against each OAuth-enabled site. To test the robustness of the OAuth framework, an entire OAuth environment was required. The proposed solution would compose of three parts: a client application, an authorisation server and a resource server. The client application needed to consume OAuth-enabled services. The authorisation server had to manage access to the resource server. The resource server had to expose data from the database based on the authorisation the user would be given from the authorisation server. It was decided that the client application would consume emails from Google’s Gmail API. The authorisation and resource server were modelled around a basic task-tracking web application. The client application would also consume task data from the developed resource server. The client application would also support Single Sign On for Google and Facebook, as well as a developed identity provider “MyTasks”. The authorisation server delegated authorisation to the client application and stored cryptography information for each access grant. The resource server validated the supplied access token via public cryptography and returned the requested data. Findings – Two sites out of the 21 were found to be susceptible to some form of attack, meaning that 10.5 per cent were vulnerable. In total, 18 per cent of the world’s 50 most popular sites were in the list of 21 OAuth-enabled sites. The OAuth 2.0 specification is still very much in its infancy, but when implemented correctly, it can provide a relatively secure and interoperable authentication delegation mechanism. The IETF are currently addressing issues and expansions in their working drafts. Once a strict level of conformity is achieved between vendors and vulnerabilities are mitigated, it is likely that the framework will change the way we access data on the web and other devices. Originality/value – OAuth is flexible, in that it offers extensions to support varying situations and existing technologies. A disadvantage of this flexibility is that new extensions typically bring new security exploits. Members of the IETF OAuth Working Group are constantly refining the draft specifications and are identifying new threats to the expanding functionality. OAuth provides a flexible authentication mechanism to protect and delegate access to APIs. It solves the password re-use across multiple accounts problem and stops the user from having to disclose their credentials to third parties. Filtering access to information by scope and giving the user the option to revoke access at any point gives the user control of their data. OAuth does raise security concerns, such as defying phishing education, but there are always going to be security issues with any authentication technology. Although several high impacting vulnerabilities were identified in industry, the developed solution proves the predicted hypothesis that a secure OAuth environment can be built when implemented correctly. Developers must conform to the defined specification and are responsible for validating their implementation against the given threat model. OAuth is an evolving authorisation framework. It is still in its infancy, and much work needs to be done in the specification to achieve stricter validation and vendor conformity. Vendor implementations need to become better aligned in order to provider a rich and truly interoperable authorisation mechanism. Once these issues are resolved, OAuth will be on track for becoming the definitive authentication standard on the web.

scholarly journals A SURVEY OF E-COMMERCE SECURITY THREATS AND SOLUTIONS

2021 ◽  
Vol 2 ◽  
pp. 1-9
Author(s):  
Stanislav Dakov ◽  
Anna Malinova
Keyword(s):  
Denial Of Service ◽  
Web Security ◽  
Third Party ◽  
Security Threats ◽  
Business Information Systems ◽  
Security Issues ◽  
Network Connection ◽  
Client Data ◽  
Cross Site ◽  
The Web

E-commerce security is part of the Web security problems that arise in all business information systems that operate over the Internet. However, in e-commerce security, the dimensions of web security – secrecy, integrity, and availability-are focused on protecting the consumer’s and e-store site’s assets from unauthorized access, use, alteration, or destruction. The paper presents an overview of the recent security issues in e-commerce applications and the usual points the attacker can target, such as the client (data, session, identity); the client computer; the network connection between the client and the webserver; the web server; third party software vendors. Discussed are effective approaches and tools used to address different e-commerce security threats. Special attention is paid to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), phishing attacks, SQL injection, Man-in-the-middle, bots, denial-of-service, encryption, firewalls, SSL digital signatures, security certificates, PCI compliance. The research outlines and suggests many security solutions and best practices.

scholarly journals Vulnerabilidad de Ambientes Virtuales de Aprendizaje utilizando SQLMap, RIPS, W3AF y Nessus [Vulnerability in Virtual Learning Environments using SQLMap, RIPS, W3AF and Nessus]

2014 ◽  
Author(s):  
Alexander Barinas López ◽  
Andrea Catherine Alarcón Aldana ◽  
Mauro Callejas Cuervo
Keyword(s):  
Information Security ◽  
Web Services ◽  
Learning Environments ◽  
Personal Information ◽  
Virtual Learning ◽  
Web Security ◽  
Vulnerability Analysis ◽  
Virtual Learning Environments ◽  
Palabras Clave ◽  
The Web

Resumen Actualmente y cada segundo se realizan ataques masivos a servicios web, los cuales ponen en riesgo la información personal y acceso de aquellos que lo utilizan, atentando contra la autenticidad, integridad y confidencialidad de la información. Los Ambientes Virtuales de Aprendizaje, AVA, no son ajenos a estos ataques, razón por la cual se presenta un estudio que aborda aspectos sobre seguridad de la información en la web, herramientas de seguridad y análisis de vulnerabilidades, así como también se propone algunos criterios a evaluar en cuanto a seguridad de información en AVA y posteriormente se realiza el proceso de análisis de seguridad por medio de las herramientas SQLMap, RIPS, W3AF y Nessus. Palabras Clave: Seguridad de la información, seguridad Web, análisis de vulnerabilidades, Ambientes Virtuales de Aprendizaje.   Abstract Currently and every second massive attacks are made to Web services, which put at risk the personal information and access to those who use it, undermining the authenticity, integrity and confidentiality of information. Virtual Learning Environments are no strangers to these attacks, which currently study that address security aspects of information on the web, security tools and vulnerability analysis and also proposes some criteria to assess as information security in Virtual Learning Environments subsequently is performed process of analysis with the safety tools SQLMap, RIPS, W3AF and Nessus. Keywords: Information security, web security, vulnerability analysis, Virtual Learning Environments.

scholarly journals Investigation of Physical Education Teachers’ Altruism Features

2020 ◽  
Vol 13 (7) ◽  
pp. 177
Author(s):  
Şıhmehmet YİĞİT ◽  
Eyüp ACAR
Keyword(s):  
Physical Education ◽  
Personal Information ◽  
Physical Education Teachers ◽  
Measurement Tool ◽  
School Type ◽  
Significant Difference ◽  
Two Factors ◽  
Questionnaire Form ◽  
The Individual ◽  
High Level

Purpose of the research: it is aimed to examine whether the levels of altruism of Physical Education and sports teachers differ according to some variables. This research consists of a total of 126 teachers, 35 women and 91 men, who work as physical education and sports teachers at primary education secondary grade and secondary schools in Kütahya province. In the research, ‘Personal Information Form’ developed by the researcher and the 20-item Altruism scale, which consists of two factors and was formed by Ersanlı and Çabuker (2015) with the aim of developing a measurement tool that can measure the individual’s level of altruism and that is suitable for Turkish society and culture. In reliability validity analysis, Cronbach Alpha internal consistency coefficient was found as α=.76.The analysis related to the questionnaire form used in the research and the scale was done through the SPSS 22 program. Mann-Whitney U test and Kruskal Wallis test were conducted for more than two independent sample groups. As a result of the research; when the results were analyzed according to gender, age, place of duty, school type, year variables of teachers working as physical education and sports teachers, no significant difference was seen due to the high level of teachers’ altruism points.

Coding for Evaluation and Treatment

2008 ◽  
Vol 18 (1) ◽  
pp. 9-20 ◽  
Author(s):  
Mark Kander ◽  
Steve White
Keyword(s):  
Medical Record ◽  
Treatment Session ◽  
Accurate Diagnosis ◽  
Third Party ◽  
Speech Language Pathologists ◽  
Adequate Information ◽  
Diagnosis Codes ◽  
Coding Rules ◽  
Procedure Codes ◽  
The Web

Abstract This article explains the development and use of ICD-9-CM diagnosis codes, CPT procedure codes, and HCPCS supply/device codes. Examples of appropriate coding combinations, and Coding rules adopted by most third party payers are given. Additionally, references for complete code lists on the Web and a list of voice-related CPT code edits are included. The reader is given adequate information to report an evaluation or treatment session with accurate diagnosis, procedure, and supply/device codes. Speech-language pathologists can accurately code services when given adequate resources and rules and are encouraged to insert relevant codes in the medical record rather than depend on billing personnel to accurately provide this information. Consultation is available from the Division 3 Reimbursement Committee members and from [email protected] .

Territorial Distribution of Alcohol and Drug Addictions Mortality Concerning Regional Disparities in the Slovak Republic from Year 1996 to Year 2015

2020 ◽  
Keyword(s):  
Mortality Rate ◽  
Slovak Republic ◽  
Regional Disparities ◽  
Point Of View ◽  
Extreme Position ◽  
Data Set ◽  
Female Sex ◽  
Male Sex ◽  
The Individual ◽  
High Level

BACKGROUND: This paper deals with territorial distribution of the alcohol and drug addictions mortality at a level of the districts of the Slovak Republic. AIM: The aim of the paper is to explore the relations within the administrative territorial division of the Slovak Republic, that is, between the individual districts and hence, to reveal possibly hidden relation in alcohol and drug mortality. METHODS: The analysis is divided and executed into the two fragments – one belongs to the female sex, the other one belongs to the male sex. The standardised mortality rate is computed according to a sequence of the mathematical relations. The Euclidean distance is employed to compute the similarity within each pair of a whole data set. The cluster analysis examines is performed. The clusters are created by means of the mutual distances of the districts. The data is collected from the database of the Statistical Office of the Slovak Republic for all the districts of the Slovak Republic. The covered time span begins in the year 1996 and ends in the year 2015. RESULTS: The most substantial point is that the Slovak Republic possesses the regional disparities in a field of mortality expressed by the standardised mortality rate computed particularly for the diagnoses assigned to the alcohol and drug addictions at a considerably high level. However, the female sex and the male sex have the different outcome. The Bratislava III District keeps absolutely the most extreme position. It forms an own cluster for the both sexes too. The Topoľčany District bears a similar extreme position from a point of view of the male sex. All the Bratislava districts keep their mutual notable dissimilarity. Contrariwise, evaluation of a development of the regional disparities among the districts looks like notably heterogeneously. CONCLUSIONS: There are considerable regional discrepancies throughout the districts of the Slovak Republic. Hence, it is necessary to create a common platform how to proceed with the solution of this issue.

Quantitative indicators of air traffic controllers’ attitude to the danger of errors

2020 ◽  
pp. 68-78
Author(s):  
O. M. Reva ◽  
V. V. Kamyshin ◽  
S. P. Borsuk ◽  
V. A. Shulhin ◽  
A. V. Nevynitsyn
Keyword(s):  
Human Factor ◽  
Differential Method ◽  
Air Traffic ◽  
Professional Activity ◽  
Aviation Accidents ◽  
Air Traffic Controllers ◽  
The Difference ◽  
Level Of Significance ◽  
The Individual ◽  
High Level

The negative and persistent impact of the human factor on the statistics of aviation accidents and serious incidents makes proactive studies of the attitude of “front line” aviation operators (air traffic controllers, flight crewmembers) to dangerous actions or professional conditions as a key component of the current paradigm of ICAO safety concept. This “attitude” is determined through the indicators of the influence of the human factor on decision-making, which also include the systems of preferences of air traffic controllers on the indicators and characteristics of professional activity, illustrating both the individual perception of potential risks and dangers, and the peculiarities of generalized group thinking that have developed in a particular society. Preference systems are an ordered (ranked) series of n = 21 errors: from the most dangerous to the least dangerous and characterize only the danger preference of one error over another. The degree of this preference is determined only by the difference in the ranks of the errors and does not answer the question of how much time one error is more dangerous in relation to another. The differential method for identifying the comparative danger of errors, as well as the multistep technology for identifying and filtering out marginal opinions were applied. From the initial sample of m = 37 professional air traffic controllers, two subgroups mB=20 and mG=7 people were identified with statisti-cally significant at a high level of significance within the group consistency of opinions a = 1%. Nonpara-metric optimization of the corresponding group preference systems resulted in Kemeny’s medians, in which the related (middle) ranks were missing. Based on these medians, weighted coefficients of error hazards were determined by the mathematical prioritization method. It is substantiated that with the ac-cepted accuracy of calculations, the results obtained at the second iteration of this method are more ac-ceptable. The values of the error hazard coefficients, together with their ranks established in the preference systems, allow a more complete quantitative and qualitative analysis of the attitude of both individual air traffic controllers and their professional groups to hazardous actions or conditions.

Sign in / Sign up

Export Citation Format

Share Document