Paul L. Reynolds

Authentication and Supervision: A Survey of User Attitudes

User authentication is a vital element in ensuring the secure operation of IT systems. In the vast majority of cases, this role is fulfilled by the password, but evidence suggests that this approach is easily compromised. Whilst many alternatives exist, particularly in the form of biometric methods, questions remain over the likely user acceptance. This paper presents the results of a survey that examines user attitudes towards a range of authentication and supervision techniques. It is concluded that whilst there is still an element of reluctance amongst users to depart from the familiar password based mechanisms, many are convinced of the need for improved authentication controls. The acceptability to users of various new techniques is variable, but many seem willing to consider a range of alternative methods.

Acceptance of Subscriber Authentication Methods For Mobile Telephony Devices

Mobile phones are now an accepted part of everyday life, with users becoming more reliant on the services that they can provide. In the vast majority of systems, the only security to prevent unauthorized use of the handset is a four digit Personal Identification Number (PIN). This paper presents the findings of a survey into the opinions of subscribers regarding the need for security in mobile devices, their use of current methods, and their attitudes towards alternative approaches that could be employed in the future. It is concluded that, although the need for security is understood and appreciated, the current PIN-based approach is under-utilized and can, therefore, be considered to provide inadequate protection in many cases. Surveyed users responded positively towards alternative methods of authentication, such as fingerprint scanning and voice verification. Based upon these findings, the paper concludes that a non-intrusive, and possibly hybrid, method of authentication (using a combination of techniques) would best satisfy the needs of future subscribers.

The implications of technological developments on Tourist Information Centres

Abstract Technological developments are increasingly touching and changing the nature of and processes in industry and society. Tourism is by no means exempt from these changes. The aim of the research reported in this article is to address the issue of the implications of technological development in Tourist Information Centres (TICs). The main areas of concern are a combination of social and technical issues which need to be addressed in order for TICs to keep up with the demands of the consumer. In addition, a shift to a sales and service led operation would appear to be a necessary course of action. Recommendations are made to assist in tackling these problems at an operational level and it is recognised that greater attention must be focused on this area in order to ensure the future effectiveness of the tourist information service.

Keystroke dynamics on a mobile handset: a feasibility study

The ability of third generation telephones to store sensitive information, such as financial records, digital certificates and company records, makes them desirable targets for impostors. This paper details the feasibility of a non‐intrusive subscriber authentication technique – the use of keystroke dynamics. This feasibility study comprises a number of investigations into the ability of neural networks to authenticate users successfully based on their interactions with a mobile phone keypad. The initial results are promising with network classification performing well, achieving a 9.8 per cent false rejection rate and an 11.0 per cent false acceptance rate.

Refereed paper: Computer crime and abuse: A survey of public attitudes and awareness

In recent years, a number of surveys have indicated a significant escalation in reported incidents of computer crime and abuse. This rise is coupled with increasing attention to the issue in the mass media, which has the effect of heightening public perceptions of problems with IT and may represent a barrier to the adoption of technologies such as the Internet and World Wide Web. This paper considers the effects of computer crime and draws upon the results of a survey conducted to assess public attitudes and awareness of the issue. With the mass media playing an important role in shaping individual opinions, this survey considered the effect that the reporting of incidents has upon public perceptions and understanding of computer crime and abuse. The survey results show that individual awareness of computer crime and abuse is high and that the majority of respondents perceive it to be a problem. However, the views expressed regarding the seriousness of the different types of abuse (and the potential motivations for them) were more variable. In addition, awareness of abuse is more widespread than knowledge of the associated legislation that may be used to prevent and punish it. The results also revealed the significant potential for media reports to influence opinions in this area, highlighting the importance of a responsible attitude in order to foster the information society.

Using Keystroke Analysis as a Mechanism for Subscriber Authentication on Mobile Handsets

The next few years will witness the widespread introduction of third generation mobile networks, completing the transition from the purely telephony devices of the first generation analogue networks, into a multimedia mobile communications tool. The ability of these new handsets to store and access sensitive information such as financial records, digital certificates and company records in association with a large handset penetration (864 million subscribers) makes them a desirable target for impostors. The authentication technique for current mobile phones has many weaknesses from a technological and subscriber perspective, and as such non-intrusive and stronger subscriber authentication techniques are required. This study investigates the plausibility of one such technique that of keystroke analysis, comparing and contrasting a number of pattern recognition and neural network based approaches to classification. It was found that neural network-based approaches performed substantially better than the pattern recognition-based approaches with false acceptance and false rejection rates of 3.2%.

A distributed and cooperative user authentication framework

As the requirement for companies and individuals to protect information and personal details comes more into focus, the implementation of security that goes beyond the ubiquitous password or Personal Identification Number (PIN) is paramount. With the ever growing number of us utilizing more than one device simultaneously, the problem and need is compounded. This paper proposes a novel approach to security that leverages the collective confidence of user identity held by the multiplicity of devices present at any given time. User identity confidence is reinforced by sharing established credentials between devices, enabling them to make informed judgments on their own security position. An Adaptive Security Control Engine (ASCE) is outlined, illustrating how an environment sensitive and adaptive security envelope can be established and maintained around an individual.

A non-intrusive biometric authentication mechanism utilising physiological characteristics of the human head

This paper proposes and evaluates a non-intrusive biometric authentication technique drawn from the discrete areas of biometrics and Auditory Evoked Responses. The technique forms a hybrid multi-modal biometric in which variations in the human voice due to the propagation effects of acoustic waves within the human head are used to verify the identity of a user. The resulting approach is known as the Head Authentication Technique (HAT). Evaluation of the HAT authentication process is realised in two stages. First, the generic authentication procedures of registration and verification are automated within a prototype implementation. Second, a HAT demonstrator is used to evaluate the authentication process through a series of experimental trials involving a representative user community. The results from the trials confirm that multiple HAT samples from the same user exhibit a high degree of correlation, yet samples between users exhibit a high degree of discrepancy. Statistical analysis of the prototype performance realised system error rates of 6% False Non-Match Rate (FNMR) and 0.025% False Match Rate (FMR).

Strategies for Content Migration on the World Wide Web.

The World Wide Web has experienced explosive growth as a content delivery mechanism, delivering hypertext files and static media content in a standardised way. However, this content has been unable to interact with other content, making the Web a distribution system rather than a distributed system. This is changing, however, as distributed component architectures are being adapted to work with the Web’s architecture. This paper tracks the development of the Web as a distributed platform, and highlights the potential to employ an often neglected feature of distributed computing: migration. Argues that all content on the Web, be it static images or distributed components, should be free to migrate according to either the policy of the server, or the content itself. The requirements of such a content migration mechanism are described, and an overview of a new migration mechanism, currently being developed by the authors, is presented.

A vision of the Internet in 2010

This paper presents a vision of the Internet eight years from now (i.e. in the year 2010). The study underpinning this vision was performed in two steps: the definition of requirements and drivers together with an extrapolation of technology developments. The vision is a direct result of the author’s extensive experience with working with the development of the Internet including his technical leadership of the Mobile Wireless Internet Forum and as a contributor to the Internet Engineering Task Force.