Kirsi Helkala

Biometric Gait Authentication Using Accelerometer Sensor

This paper presents a biometric user authentication based on a person’s gait. Unlike most previous gait recognition approaches, which are based on machine vision techniques, in our approach gait patterns are extracted from a physical device attached to the lower leg. From the output of the device accelerations in three directions: vertical, forward-backward, and sideways motion of the lower leg are obtained. A combination of these accelerations is used for authentication. Applying two different methods, histogram similarity and cycle length, equal error rates (EER) of 5% and 9% were achieved, respectively.

Gait recognition using acceleration from MEMS

This paper presents an approach on recognising individuals based on 3D acceleration data from walking, which are collected using MEMS. Unlike most other gait recognition methods, which are based on video source, our approach uses walking acceleration in three directions: vertical, backward-forward and sideways. Using gait samples from 21 individuals and applying two methods, histogram similarity and cycle length, the equal error rates of 5% and 9% are achieved, respectively.

Password Education Based on Guidelines Tailored to Different Password Categories

General password policies do not guarantee that passwords fulfilling the requirement are good enough. The policies have a tendency to be too broad to be useful for all users. Different users have different designing processes based on what kind of passwords they most easily remember. Users are also often left to generate passwords on their own without any training. In our study we used new password creation guidelines when teaching students password secu- rity. We divided passwords into three password categories: Word password, Mixture password and Non-word password. For each category different password generation guidelines were taught to students. Students had access to the password quality measurement tool, which not only measured the strength of the password but also guided students in the generation process. Our goal is to measure the effect of education on the strength of a password and analyze recall rates of the passwords created by the new guidelines. It is shown that education had a positive effect and that pass- words became stronger right after the education. The most important result is that a password structure got changed as the variation of structures increased and different structure types were more evenly distributed. However, after half a year without reminders or education repetition, most of the positive effect was lost. While password structures still differed, they had become less complex as participants had given up using special characters. Recall rates of the passwords generated with new guidelines are good.

Password Generation and Search Space Reduction

It is easy for humans to design passwords that are easily remembered. However, such passwords may have a predictable structure, making exhaustive search feasible. We have divided human-generated passwords into three categories: Non-word passwords, Mixture passwords, and Word passwords; depending on their overall structure. Within these categories, we have analyzed the search-space reduction of several common password sub-structures. From this analysis, we have derived guidelines that yield strong passwords within in each password category. Our results contribute towards the goal of achieving both strong and memorable passwords.

Disabilities and Authentication Methods: Usability and Security

Social media and services available in the Internet should be accessible for all. However, information within the services and media needs to be protected, so that only a specific user or group of users have access to their own private information. Authentication is a visible element of information protection and its essence is that users prove that they are who they claim to be. For most of us, this is an almost unnoticeable routine before actually using the service. However, there are many legitimate users who find this task difficult or impossible, such as those with disabilities. In this paper, we focus on people with Parkinsons disease, dyslexia, vision impairment and upper extremity disabilities. We show how these disabilities affect the security level and usability of current authentication methods, namely static PIN codes, textual passwords, one-time codes generated either by a code generator or received via SMS.

Formalizing the ranking of authentication products

Purpose – The purpose of this paper is to present a new method for ranking authentication products. Using this method, issues such as technical performance, application/system‐specific requirements, cost and usability are addressed. The method simplifies and makes the selection process more transparent by identifying issues that are important when selecting products.Design/methodology/approach – The paper used quantitative cost and performance analysis.Findings – The method can be widely applied, allowing the comparison and ranking of an extensive variety of authentication products (passwords, biometrics, tokens). The method can be used for both product selection and the process of product development as supported by the case studies.Originality/value – This is a work that demonstrates how to compare authentication methods from different categories. A novel ranking method has been developed which allows the comparison of different authentication products in a defined usage scenario.

Towards a Cognitive Agility Index: The Role of Metacognition in Human Computer Interaction

Research on human factors in the cyber domain is lacking. Metacognitive awareness and regulation have been shown to be important factors in performance, but research integrating metacognitive strategies in socio-technical systems is lacking. This study aims to investigate metacognition as a potential index of evaluating individual cognitive performance in cyberspace operations. Cyber military cadets were tested during a cyber-exercise to see how metacognitive awareness and regulation influenced performance in the Hybrid Space conceptual framework. Findings suggest that metacognitive strategies could explain Hybrid Space performance outcomes and support the development of a cognitive agility index for cyber operators. Future research and training programs for cyber officers should incorporate metacognition as measurement outcomes and in training to help index development and performance.

Socio-technical communication: The hybrid space and the OLB model for science-based cyber education

ABSTRACT Lessons from safety-critical sociotechnical systems, such as aviation and acute medical care, demonstrate the importance of the human factor and highlight the crucial role of efficient communication between human agents. Although a large proportion of fatal incidents in aviation have been linked to failures in communication, cognitive engineering provides the theoretical framework to mitigate risks and increase performance in sociotechnical systems not only in the civil sector, but also in the military domain. Conducting cyber operations in multidomain battles presents new challenges for military training and education as the increased importance of psychological factors such as metacognitive skills and perspective-taking both in lower and higher ranking staff, becomes more apparent. The Hybrid Space framework (Jøsok et al., 2016) provides a blueprint for describing the cognitive and behavioral constraints for maneuvering between socio-technical and cyber-physical systems whilst cooperating, coordinating or competing with accompanying cognitive styles in the chain of command. We apply the Hybrid Space framework to communicative challenges in the military cyber domain and suggest a three-phase Orienting, Locating, Bridging model for safe and efficient communication between partners. Based on the educational principles of the Norwegian Defence Cyber Academy, we discuss the required skill-sets and knowledge in which cyber officer cadets are trained and taught early in their education, and how these refer to the theoretical framework of the Hybrid Space and the key principles of communication as defined in cognitive engineering.

Face Recognition Using Separate Layers of the RGB Image

In many cases face recognition of still images is performed with greyscale images. These images are actually converted from a color image to greyscale before the analysis takes place. A consequence of such a conversion is obviously loss of information, which could influence the performance of the face recognition system. It would be interesting to see if using one of the three color layers of the RGB image could give better recognition performance compared to the greyscale converted image. We conducted two experiments and the results indeed support this idea. We found that the red layer of the RGB image gives the best recognition performance, especially in the cases where an extra light source is used to light up (part of) the face of the participants in the experiments. In the case that the participants were facing the camera we saw the equal error rate drop from 3.3% for the greyscale images to 1.8% for the red layer of the RGB images in our initial experiment.

Macrocognition Applied to the Hybrid Space: Team Environment, Functions and Processes in Cyber Operations

As cyber is increasingly integrated into military operations, conducting military cyber operations requires the effective coordination of teams. This interdisciplinary contribution discusses teams working in, and in relation to the cyber domain as a part of a larger socio-technical system, and the need for a better understanding of the human factors that contribute to individual and team performance in such settings. To extend an existing macrocognitive model [19] describing functions and processes into a conceptual framework that maps cognitive processes along cyber-physical and tactical-strategic dimensions (the Hybrid Space; [4]) to gain a better understanding of environmental complexity, and how to operate effectively in a cyber team context. Current experience from conducting cyber network defence exercises at the Norwegian Defence Cyber Academy and implications for future education and training are discussed.