Yusuf Albayram

UW-HARQ: An underwater hybrid ARQ scheme: Design, implementation and initial test

In this paper, we investigate reliable end-to-end data transfer in Underwater Acoustic Networks. A hybrid ARQ scheme, named UW-HARQ is proposed, which combines FEC coding and ARQ. For the FEC coding, Random Binary Linear Coding is employed due to its low coding and decoding complexity. An adaptive coding ratio estimation scheme, which incorporates the PER information, is proposed to minimize the number of retransmissions between the source and the destination. For the ARQ, NACK packets are utilized to inform the source node how many and which packets to send out in a retransmission and ACK packets are used as indications of data packet recovery success. We implemented UW-HARQ on real UAN nodes by leveraging our hardware and software platform. Initial lab test results show that UW-HARQ achieves a larger throughput than TCP-like approaches with a comparable overhead.

Designing challenge questions for location‐based authentication systems: a real‐life study

Online service providers often use challenge questions (a.k.a. knowledge‐based authentication) to facilitate resetting of passwords or to provide an extra layer of security for authentication. While prior schemes explored both static and dynamic challenge questions to improve security, they do not systematically investigate the problem of designing challenge questions and its effect on user recall performance. Interestingly, as answering different styles of questions may require different amount of cognitive effort and evoke different reactions among users, we argue that the style of challenge questions itself can have a significant effect on user recall performance and usability of such systems. To address this void and investigate the effect of question types on user performance, this paper explores location‐based challenge question generation schemes where different types of questions are generated based on users’ locations tracked by smartphones and presented to users. For evaluation, we deployed our location tracking application on users’ smartphones and conducted two real‐life studies using four different kinds of challenge questions. Each study was approximately 30 days long and had 14 and 15 users respectively. Our findings suggest that the question type can have a significant effect on user performance. Finally, as individual users may vary in terms of performance and recall rate, we investigate and present a Bayesian classifier based authentication algorithm that can authenticate legitimate users with high accuracy by leveraging individual response patterns while reducing the success rate of adversaries.

A Study on Designing Video Tutorials for Promoting Security Features: A Case Study in the Context of Two-Factor Authentication (2FA)

ABSTRACT This article investigates the effectiveness of informational videos that are designed to provide an introduction to two-step verification (i.e., 2FA) and in turn seeks to improve the adoption rate of 2FA among users. Toward that, eight video tutorials based on three themes (e.g., Risk, Self-efficacy, and Contingency) were designed, and a three-way between-group study with 399 participants on Amazon’s MTurk was conducted. Furthermore, a follow-up study was run to see the changes in participants’ behavior (e.g., enabling of 2FA). The Self-efficacy and Risk themes were found to be the most effective in making the videos more interesting, informative, and useful. Willingness to try 2FA was found to be higher for participants who were exposed to both the Risk and Self-efficacy themes. Participants’ decisions regarding actually enabling 2FA was found to be significantly correlated with how interesting, informative, and useful the videos were. Implications of our findings in a broader context are discussed in the article.

An investigation into users' considerations towards using password managers

Password managers, though commonly recommended by security experts, are still not used by many users. Understanding why some choose to use password managers while others do not is important towards generally understanding why some users do what they do and, by extension, designing motivational tools such as video tutorials to help motivate more to use password managers. To investigate differences between those who do and do not use a password manager, for this paper, we distributed an online survey to a total of 137 users and 111 non-users of the tool that asked about their opinions/experiences with password managers. Furthermore, since emotion has been identified by work in psychology and communications as influential in other risk-laden decision-making (e.g., safe-sex behavior such as condom use), we asked participants who use a password manager to rate how they feel for 45 different emotions, or, as the case for those who do not use a password manager, to rate how they imagine they would feel the 45 emotions if they did use the tool. Our results show that “users” of password managers noted convenience and usefulness as the main reasons behind using the tool, rather than security gains, underscoring the fact that even a large portion of users of the tool are not considering security as the primary benefit while making the decision. On the other hand, “non-users” noted security concerns as the main reason for not using a password manager, highlighting the prevalence of suspicion arising from lack of understanding of the technology itself. Finally, analysis of the differences in emotions between “users” and “non-users” reveals that participants who never use a password manager are more likely to feel suspicious compared to “users,” which could be due to misunderstandings about the tool.

Evaluating smartphone-based dynamic security questions for fallback authentication: a field study

To address the limitations of static challenge question based fallback authentication mechanisms (e.g., easy predictability), recently, smartphone based autobiographical authentication mechanisms have been explored where challenge questions are not predetermined and are instead generated dynamically based on users’ day-to-day activities captured by smartphones. However, as answering different types and styles of questions is likely to require different amounts of cognitive effort and affect users’ performance, a thorough study is required to investigate the effect of type and style of challenge questions and answer selection mechanisms on users’ recall performance and usability of such systems. Towards that, this paper explores seven different types of challenge questions where different types of questions are generated based on users’ smartphone usage data. For evaluation, we conducted a field study for a period of 30 days with 24 participants who were recruited in pairs to simulate different kinds of adversaries (e.g., close friends, significant others). Our findings suggest that the question types do have a significant effect on user performance. Furthermore, to address the variations in users’ accuracy across multiple sessions and question types, we investigate and present a Bayesian classifier based authentication algorithm that can authenticate legitimate users with high accuracy by leveraging individual response patterns.

A method for improving mobile authentication using human spatio-temporal behavior

Integration of NFC radios into smartphones is expediting the adoption of mobile devices as the preferred method for accessing physical locations, bank accounts, and other valuable resources. The pervasive nature of authentication using these mobile devices, however, comes with increased security considerations stemming from the possibility of physical loss of the device. To minimize the risk caused by stolen devices, this paper introduces a method for confirming the identity of a devices user based on her recent macroscopic behavior over space and time. The users behavior is continuously recorded by a set of devices embedded in the environment (e.g., Wi-Fi Access Point) and used to train a probabilistic n-gram model. Subsequently, deviations caused by stolen devices can be detected by comparing the users recent behavior against the trained model. Our first evaluation results demonstrate the ability of the proposed approach to detect anomalies in the users behavior without generating a significant number of false alarms.

The Effects of Risk and Role on Users’ Anticipated Emotions in Safety-Critical Systems

Users of safety-critical systems often need to make risky decisions in real-time. However, current system designs do not sufficiently take users’ emotions into account. This lack of consideration may negatively influence a user’s decision-making and undermine the effectiveness of such a “human-computer collaboration.” In a two-way, 2 (role: operator/system administrator) \(\times \) 3 (risk level: high/medium/low) factorial study, we investigated the intensity of 44 emotions anticipated by 296 Mechanical Turk users who imagined being the (1) operator or (2) administrator of a drone system identifying (a) enemies on a battlefield, (b) illegal immigrants or (c) whale pods. Results indicated that risk level had a significant main effect on ratings of negative individualistic and negative prosocial emotions. Participants assigned to the high risk scenario anticipated more intense negative individualistic (e.g., nervous) and negative prosocial (e.g., resentful, lonely) emotions and less intense positive (e.g., happy, proud) emotions than participants assigned to the medium and low risk scenarios. We discuss the implications of our findings for the design of safety-critical systems.

Investigating the Effect of System Reliability, Risk, and Role on Users' Emotions and Attitudes toward a Safety-Critical Drone System

ABSTRACT In safety-critical systems, it is essential to communicate relevant information to facilitate decision-making, promote trust, and improve performance without overloading users. To explore the effect of system performance information on rational and emotional processing by users, we performed a between-subject experiment in which participants were asked to imagine themselves as a drone operator or system administrator in a high-, medium-, or low-risk scenario. Then, based on their imagined scenario and role, participants rated the relevance of four aspects of system reliability to decision-making with the system, as well as the expected intensity of the GREAT emotions. Results indicate that system performance information affected participants’ reasoning differently depending on risk level. Moreover, participants had different perspectives depending on their role in the system. Those in administrator roles indicated higher respect ratings for those with a similar role. These findings demonstrate that contextual risk and a user’s role can influence emotions and attitudes toward safety-critical computer systems.

Arion: A Model-Driven Middleware for Minimizing Data Loss in Stream Data Storage

In large-scale data stream management systems, sampling rate of different sensors can change quickly in response to changed execution environment. However, such changes can cause significant load imbalance on the back-end servers, leading towards performance degradation and data loss. To address this challenge, in this paper, we present a model-driven middleware service (i.e., Arion) that uses a two-step approach to minimize data loss. Specifically, Arion constructs models and algorithms for overload prediction for heterogeneous systems (where different streams can have different sampling rates and message sizes) leveraging limited execution traces from homogeneous systems (where each stream has the same sampling rate and message size). Subsequently, when an overload condition is predicted (or detected), Arion first leverages the a priori constructed models to identify the streams (if any) that can be split into multiple substreams to scale up the performance and minimize data loss without allocating additional servers. If the software based solution turns out to be inadequate, in the second stage, the system allocates additional servers and redirects streams to stabilize the system leveraging the models. Extensive evaluation on a 6 node cluster using Apache Cassandra for various scenarios shows that our approach can predict the potential overload condition with high accuracy (81.9%) while minimizing data loss and the number of additional servers significantly.