Nur Haryani Zakaria

Shoulder surfing defence for recall-based graphical passwords

Graphical passwords are often considered prone to shoulder-surfing attacks, where attackers can steal a users password by peeking over his or her shoulder in the authentication process. In this paper, we explore shoulder surfing defence for recall-based graphical password systems such as Draw-A-Secret and Background Draw-A-Secret, where users doodle their passwords (i.e. secrets) on a drawing grid. We propose three innovative shoulder surfing defence techniques, and conduct two separate controlled laboratory experiments to evaluate both security and usability perspectives of the proposed techniques. One technique was expected to work to some extent theoretically, but it turned out to provide little protection. One technique provided the best overall shoulder surfing defence, but also caused some usability challenges. The other technique achieved reasonable shoulder surfing defence and good usability simultaneously, a good balance which the two other techniques did not achieve. Our results appear to be also relevant to other graphical password systems such as Pass-Go.

Can Single Sign-on Improve Password Management? A Focus Group Study

This article presents a research concerning password management and single sign-on for accessing Internet applications. Many Internet applications require users to subscribe to their services and authenticate themselves through the use of login credentials. The number of such applications is increasing exponentially, which caused ineffective login credential management among users. This study was conducted with two objectives (i) to identify how users manage their usernames and passwords and (ii) to examine whether users see the benefits of single sign-on. To achieve these objectives, a focus group interview was conducted on students from a local university. The results of the study suggested that the students did not practise proper password management. Further, it suggested that single sign-on may not be the immediate solution to improve the students’ password management.

Towards designing effective security messages: Persuasive password guidelines

The current state of information security compliance in workplaces is deteriorating. In many cases human factors were attributed as the cause of the problem. Humans are well known as the weakest link in the security chain. Commonly, end-users will depend on security messages when confronted with security-related decision making. Most of the time, end-users will try their best to make sense of unclear instructions in order to cope with situations. This indicates the way security messages are presented is of utmost importance. However, research focusing on designing effective security messages is quite limited. This paper presents research in progress, towards designing effective security messages focusing on passwords guidelines. Our initial review indicated the lack of persuasive elements in the current password guidelines may lead to unmotivated behaviour of producing good (strong) passwords. This paper also includes initial results obtained from pilot study which reveal promising results supporting the usage of persuasion strategies to improve the current state information security compliance.

A popularity based caching strategy for the future Internet

Information-Centric Networking (ICN) is an attractive network model receiving increasing consideration by the research community because of its inspiring features. To better manage the Internet usage move from host-centric communication to receiver-driven content retrieval, revolutionary ICN architectures have been proposed. A distinguished characteristic of these innovative architectures is to provide ubiquitous and transparent in-network caching to enhance network resource utilization and accelerate content dissemination. With the exponential increase of Internet traffic, the issue of content storage is a growing concern in ICN. In this paper, we present a caching strategy that considerably increases cache hit rate and reduces stretch ratio, which are the most important metrics in the evaluation of ICN caching. Through extensive simulations, it is shown that our proposed work is a favorable and realistic contribution for the standardization exercise of data caching for achieving accurate and valid network performance in the future Internet.

Security Evaluation of Distortion Technique for Graphical Authentication

Extensive research has been done on graphical-based authentication schemes that focus on memorability issues. However, less consideration has been given to the new security threat imposed towards these schemes. The downside of this graphical authentication is that the images may expose more information than text, and this makes it more vulnerable to security threats such as shoulder surfing attack. This study evaluates the significance of using distorted images as a variable of countermeasure to shoulder surfing attack on graphical password systems. Filter strength was applied to indicate distortion level which may influence the resiliency of the graphical based password. An experiment was conducted on 45 participants to investigate whether image distortion may help to prevent or reduce shoulder surfing attack. The outcome showed that filter strength indeed plays a significant role to certain extends towards the distortion technique applied to combat shoulder surfing attack. The contributions of this study are valuable for improving the graphical based authentication system especially in providing better security as well as maintaining high usability.

A user preference study of authentication mechanisms for mobile learning applications

Many application providers enforce users to register and create credentials to use their applications. The registration process usually requires the users to fill in personal information in which it is a time-consuming process. Additionally, it also increases the number of usernames and passwords that users need to remember which leads to password fatigue. Social login is a way to address this problem. With the benefits that social login could offer, this study aims to examine the user’s preference towards authentication mechanisms used for mobile learning applications. An experimental study was conducted using a mobile learning application named LANGKAWI ISLANDS. Forty participants participated in this study on a voluntary basis and used the traditional social login on LANGKAWI ISLANDS. Sign up/in time using both mechanisms is recorded. Then, the participants stated their preference for the authentication mechanisms. The result suggests that authentication process of LANGKAWI ISLANDS is much faster using social login and more favored by the participants.

The determinants impacting the adoption of cloud computing in Yemen institutions

Cloud computing is a novel trend in the sphere of information technology. This study sought to identify the determinants that impact cloud computing adoption in Yemen higher education institutions. Three contexts of possible influencers were investigated: technological, organizational, and environmental contexts. This study was based on TOE framework (technology, organizational, and environment), targeting the higher intuitions. To accomplish the objective of the study, an exploratory study consisting of one method, including quantitative (survey) was initiated to determine the importance of each of these influencers and the degree of influence. In this research, the determinants are examined by using SmartPLS Program, as powerful statistical tools for structural equation modeling. The results showed that the factors of relative advantage, compatibility, security, top management support, regulatory support, have positive impacts on the adoption of cloud computing in this particular context.Cloud computing is a novel trend in the sphere of information technology. This study sought to identify the determinants that impact cloud computing adoption in Yemen higher education institutions. Three contexts of possible influencers were investigated: technological, organizational, and environmental contexts. This study was based on TOE framework (technology, organizational, and environment), targeting the higher intuitions. To accomplish the objective of the study, an exploratory study consisting of one method, including quantitative (survey) was initiated to determine the importance of each of these influencers and the degree of influence. In this research, the determinants are examined by using SmartPLS Program, as powerful statistical tools for structural equation modeling. The results showed that the factors of relative advantage, compatibility, security, top management support, regulatory support, have positive impacts on the adoption of cloud computing in this particular context.

The Requirement Model for Improved OpenID Single Sign-On (SSO) Authentication to Thwart Phishing Attack

The problem of password memorability among users has led to the introduction of Single Sign-On (SSO) authentication. It enables users to login using a set of username and password which then allows an access into multiple websites without the hassle of repeating the same usernames and passwords. One of the most common SSO protocol is OpenID which is said to offer flexibility and security. Unfortunately, the existing OpenID model is prone to phishing attack whereby there is a lack of mechanism to ensure the authenticity of the OpenID provider. This scenario complicates the situation especially when there exists tools to generate phishing attacks are easily available without requiring much technical expertise. Moreover, users awareness are claimed to be insufficient to rely on since statistics of phishing attacks are shown to be increasing. Thus, this research attempts to propose page token as a mechanism to thwart phishing attack. This research produced and evaluated an improved requirement model that incorporates the page token as proposed mechanism. The outcomes show promising result towards the effort of thwarting phishing attacks.

Oving K-Means Clustering using discretization technique in Network Intrusion Detection System

Network Intrusion Detection Systems (NIDSs) have always been designed to enhance and improve the network security issue by detecting, identifying, assessing and reporting any unauthorized and illegal network connections and activities. The purpose of this research is to improve on the existing Anomaly Based Intrusion Detection (ABID) method using K-Means clustering technique as to maximize the detection rate and accuracy while minimizing the false alarm. The problem with outliers may disturb the K-Means clustering process as it might be avoided in the clustering process from mixing with the normal data that make the NIDSs become less accurate. Thus this research aims to improve the performance of the ABID systems that balance the loss of information or ignored data in clustering. An integrated machine learning algorithm using K-Means Clustering with discretization technique and Naïve Bayes Classifier (KMC-D+NBC) is proposed against ISCX 2012 Intrusion Detection Evaluation Dataset. The outcome depicts that the proposed method generates better detection rate and accuracy up to 99.3% and 99.5% respectively and reduces the false alarm to 1.2% with better efficiency of 0.03 seconds time taken to build model.

Engagement in Web-Based Learning System: An Investigation of Linear and Nonlinear Navigation

This paper investigates linear and nonlinear navigations in Web-based learning (WBL) systems. The aim of the study was to identify whether the linear and the nonlinear navigations could be the factors that influence students’ engagement within WBL environment. An experimental study was conducted on seventy-two students from a university in Malaysia using a Web-based system for learning Basic Computer Networks and a self-report inventory. The results of this study suggested that the types of navigation support affected engagement from certain aspects.