Jing-Chiou Liou

A Sophisticated RFID Application on Multi-Factor Authentication

Authentication is the process of verifying a users credentials when they are requesting services from any secure system. The most commonly form of authentication is the single-factor authentication, which only requires one factor for the user to log into the system. In this case, the username and password together act as a single-factor. A more secure technique is the multi-factor authentication, which requires more than one factor to gain access into a particular system. In this paper, we propose a RFID Factor Authentication Application (RFAA), an enhanced technique from Sof Token [1] that acts as a technique for two-factor authentication. The RFAA not only sustains the next level of security but also is proven to prevent most of security breaches.

Toward better software test estimates and requirement tracking

Estimating the effort and cost, and developing the project schedule are very important for building a successful software project. But estimation is hard. There is always pressure from project sponsor and management for software development team to commit to shorter schedule and lower cost. It is no exception for testing. Test is a key activity for software quality. Some of the main challenges in testing today are to match the test cases with requirements correctly, and to provide accurate estimates and track the test progress accordingly. In this paper, we present a parametric model for software test estimate along with a test graph for matching test cases with requirements and test cases analysis to aid in producing a more accurate estimates and tracking. The model and the test graph can be used jointly or individually. The model and the test graph have been used by multi-million-dollar software projects for more than three years. It is shown that they produced very accurate estimations, within 10% of deviation, even with very high requirement volatility.

An experiment of hit-and-run wireless attacks

Most security research focuses on protection from security threats. In this paper, we surveyed potential attacks to wireless networks, especially the usage of virtual machine infrastructure to carry out hit-and-run type of attacks. In the study of attacks, we demonstrate how to use a virtual machine to gain access and control to wireless routers while hiding attacker identities. We illustrate such attacks on our own private wireless network, as well as neighbourhood networks with granted permissions. Besides identifying the vulnerabilities of wireless routers, we studied the damages that can be done through such attacks and propose some solutions to detect and protect against this kind of hit-and-run attacks.

A Study of Biometric Feature for a Recall-Based Behavioral Graphical Mobile Authentication

With the increasing use of mobile devices, including smart phones and tablets, in todays IT infrastructure, the paradigms of computer applications have been significantly changed. One area of studies is to utilize a new authentication scheme that will provide a better protection on access control and privacy of the mobile device user. Currently, most of the mobile devices have implemented scheme such as biometric or graphical user authentication. However, study shows people still comfortably use password code as the primary mean for authentication, even it is proven unsecure. In this paper, we propose a graphical mobile authentication scheme that integrates the psychologically popular passcode into a behavioral biometric authentication. This authentication scheme provides an easy transition from a simple passcode to a more secure recall-based graphical mode and helps to prevent shoulder surfing that many graphical authentications suffered from.

A Study of the Internet Privacy in Private Browsing Mode

Today the Internet has revolutionized it into a cyberspace, mainly due to its attributes of convenience, interoperability, fast search and confidence. It provides an affordable and secure way to spontaneously link people and computers across geographical boundaries. The massive economy of online services and digital information has dramatically changed our life today. Digital private information is sensitive personal information digitally stored in cyberspace, or being transmitted through the Internet. This may include gender, age, race, location, and records on health, finance, and even online activities. Although these types of data are usually privately stored, they can be intentionally or unintentionally revealed while surfing the Internet. To address the digital privacy concern, current Web Browsers developed the Private Browsing Mode (PBM) which promises to serve the user to surf the internet without leaving traces on the local machine. In this paper, we study the Internet privacy using Private Browsing Mode (PBM) with four test scenarios on several popular browsers. The test results indicate that, with current design of web sites and web browsers, even under PBM, privacy information could still be retrieved. We hope the finding can provide us an opportunity to improve future design of PBM in browsers.

An efficient process model for distributed software application developments

One of the problems we face today for software development is how we can comply with the speed of change in the business environment. To address the issue, we present a new paradigm called Progressive Development Model that gradually releases the software components according to the current business needs. In this paper, we also present a design pattern of software architecture optimized for Progress Development Model. Under the design pattern, system functionalities are identified into two components: Core and user functions. With a standardized interface called AIL, staged user functions can be attached onto the core without breaking or deforming the overall architecture. The development model is especially suitable for the distributed software applications development that is getting its popularity recently.