A wireless multi-step attack pattern recognition method for WLAN

Intrusion detection and prevention technology has been broadly applied to wired networks as an important means to protect network security. However, few work in this area has been extended to the WLAN. In this paper, we propose a wireless multi-step attack pattern recognition method (WMAPRM) based on correlation analysis with the main attributes of the IEEE 802.11 frame. The method consists of six steps: clustering wireless intrusion alerts, constructing a global attack database, building candidate attack chains, filtering candidate attack chains, correlating multi-step attack behaviors and recognizing multi-step attack patterns. Experimental results in real world environment show that WMAPRM is capable of identifying highly correlated multi-step attack patterns such as WEP crack with ARP + Deauthentication Flood, WEP crack with wesside-ng, config file stealing attack and authentication session hijack attack etc. The method is expected to improve both wireless intrusion detection and prevention performance in practical WLAN security scenarios.     

Using bat-modelled sonar as a navigational tool in virtual environments

Bats are able to use active sonar as a mechanism for locating object in three dimensions and for generating spatial maps of their environments. Humans use passive sound cues to detect features of the space they occupy, as well as react to the spatial location of objects which generate sound. The system described in this paper allows free-ranging humans to locate a virtual sound location using active sonar. An emitted pulse, centred on the users head, serves as an intensity and time marker. The return pulse is rendered at the virtual target location and emitted after a time delay corresponding to the two-way path from sender to target and back again. The sonar system is modelled on those of bats, using ultrasonic frequency-modulated signals reflected from simple targets. The model uses the reflectivity characteristics of ultrasound, but the frequency and temporal structure used are scaled, with the speed of sound being set to 8.5 ms⁻¹ to bring the frequency range and temporal resolution within the capabilities of the human auditory system. Orientation with respect to the ensonified target is achieved by time-of-flight time delays to give target range, and binaural location information derived from interaural timing differences, interaural intensity differences, and head-related transfer functions. Subjects performed significantly better at a localization task when given temporal data based on echo delays with an outgoing reference pulse than without a reference pulse. Frequency-modulated signals sweeping from 1.5 kHz–100 Hz over 500 ms provide the best localization cues, and users found them significantly easier to locate than continuous sounds.     

Designing haptic icons to support collaborative turn-taking

This paper describes research exploring the use of haptics to support users collaborating remotely in a single-user shared application. Mediation of turn-taking during remote collaboration provides a context to explore haptic affordances for background communication as well as control negotiation in remote collaboration: existing turn-taking protocols are rudimentary, lacking many communication cues available in face-to-face collaboration. We therefore designed a custom turn-taking protocol that allows users to express different levels of urgency in their request for control from a collaborator; state of control and requests are communicated by touch, with the intent of offloading visual attention. To support it, we developed a set of haptic icons, tangible stimuli to which specific meanings have been assigned.Because we required an icon set which could be utilized with specified, varying levels of intrusiveness in real attentionally challenged situations, we used a perceptually guided procedure that consisted of four steps: initial icon set design, perceptual refinement, validation of learnability and effectiveness under workload, and deployment in an application simulation. We found that our haptic icons could be learned to a high degree of accuracy in under 3 min and remained identifiable even under significant cognitive workload. In an exploratory observational study comparing haptic, visual, and combined haptic and visual support for our protocol, participants overall preferred the combined multi-modal support, and in particular preferred the haptic support for control changes and the visual support for displaying state. In their control negotiation, users clearly utilized the option of requesting with graded urgency. The three major contributions in this paper are: (1) the introduction and first case study using a systematic process for refining and evaluating haptic icons for background communication in a primarily visual application; (2) the usability observed for a particular set of icons designed with that process; and (3) the introduction of an urgency-based turn-taking protocol and a comparison of haptic, visual and multi-modal support of our implementation of that protocol.     

The effects of source cues on online news perception

Among various interface cues, expertise, identity, and bandwagon cues have been consistently found to have significant effects on media users’ perceptions of online news content. To examine the effects of these three types of heuristic cues in the context of online news consumption, the current study involved a 2 (expertise cue: low vs. high) × 2 (identity cue: in-group vs. out-group) × 2 (bandwagon cue: low vs. high) online experiment. A total of 121 undergraduate students participated in the study. Significant two-way interaction effects between the expertise and bandwagon cues on perceived credibility suggested the positive combined effect of these two cues. Moreover, significant three-way interaction effects among expertise, identity and bandwagon cues indicated that the interaction effects between expertise and bandwagon cues tend to work as a function of the identity cue. While confirming the importance of the identity cue in users’ perceptions of online news, three-way interaction effects confirmed the co-occurrence of heuristic and systematic processing. The interaction effects also suggested that people process news systematically when the recommenders are out-group members, whereas they process news heuristically when the recommenders are in-group members. Theoretical as well as practical implications have also been discussed in this article.     

Accessible haptic user interface design approach for users with visual impairments

With the number of people with visual impairments (e.g., low vision and blind) continuing to increase, vision loss has become one of the most challenging disabilities. Today, haptic technology, using an alternative sense to vision, is deemed an important component for effectively accessing information systems. The most appropriately designed assistive technology is critical for those with visual impairments to adopt assistive technology and to access information, which will facilitate their tasks in personal and professional life. However, most of the existing design approaches are inapplicable and inappropriate to such design contexts as users with visual impairments interacting with non-graphical user interfaces (i.e., haptic technology). To resolve such design challenges, the present study modified a participatory design approach (i.e., PICTIVE, Plastic Interface for Collaborative Technology Initiatives Video Exploration) to be applicable to haptic technologies, by considering the brain plasticity theory. The sense of touch is integrated into the design activity of PICTIVE. Participants with visual impairments were able to effectively engage in designing non-visual interfaces (e.g., haptic interfaces) through non-visual communication methods (e.g., touch modality).     

The effect of media richness factors on representativeness for video skim

The study examines the effect of four important aspects of film skimming, including segmentation process, proportion of total skimmed length (TSL), multiple cues available, and genre/domain of the film. We design three experiments to explore their effects on representativeness for video skim. The results of Experiment 1 show that the skimmed video combined with 10% of total skimmed length and 5 or 10 s of skimmed segment (SS) is more efficient for representativeness. The results of Experiment 2 show that the skimmed video with mostly ending part and multiple cues can significantly improve representativeness. The results of Experiment 3 reveal that the representativeness of skimmed video with different types of movie is significantly different.In our experiments, the proportion of TSL is set to three levels, 5%, 10%, and 15%, while the size of SS is also set to three levels, 2.5, 5, and 10 s for the segmentation process. We observe that the skimmed video with the longer TSL and SS has the better representativeness of movie content, but the four combinations for 10% and 15% with 5 s and 10 s are insignificantly different. The finding is helpful for reducing the time cost of skimming video. Furthermore, we applied two important factors—personality focus of the medium and multiple cues, from media richness theory to our skimming method in order to raise the representativeness of video skim for different films. In the personality focus of the medium, we define a movie as having three parts—beginning, middle, and ending. In the multiple cues, the skimmed video with synchronized subtitle, audio, and video can assist our comprehension and reduce the uncertainty. We find that the skimmed video with mostly ending part and synchronized subtitle, audio, and video can raise the representativeness of movie content.     

防御蓝牙PIN码攻击的研究与实现

在详细分析链路密钥生成过程基础上,通过对PIN码攻击原理的剖析,提出并实现了一种通过对用户输入的PIN码进行增加复杂度的变换来防御PIN码攻击的解决方法。经过测试,该方案能够有效抵御PIN码的攻击,保证在用户输入较短PIN码的情况下蓝牙网络的安全。     

Identifying the effectiveness of using three different haptic devices for providing non-visual access to the web

Haptic technologies are often used to improve access to the structural content of graphical user interfaces, thereby augmenting the interaction process for blind users. While haptic design guidelines offer valuable assistance when developing non-visual interfaces, the recommendations presented are often tailored to the feedback produced via one particular haptic input/output device. A blind user is therefore restricted to interacting with a device which may be unfamiliar to him/her, rather than selecting from the range of commercially available products. This paper reviews devices available on the first and second-hand markets, and describes an exploratory study undertaken with 12 blindfolded sighted participants to determine the effectiveness of three devices for non-visual web interaction. The force-feedback devices chosen for the study, ranged in the number of translations and rotations that the user was able to perform when interacting with them. Results have indicated that the Novint Falcon could be used to target items faster in the first task presented, compared with the other devices. However, participants agreed that the force-feedback mouse was most comfortable to use when interacting with the interface. Findings have highlighted the benefits which low cost haptic input/output devices can offer to the non-visual browsing process, and any changes which may need to be made to accommodate their deficiencies. The study has also highlighted the need for web designers to integrate appropriate haptic feedback on their web sites to cater for the strengths and weaknesses of various devices, in order to provide universally accessible sites and online applications.     

A graphical-based password keystroke dynamic authentication system for touch screen handheld mobile devices

Since touch screen handheld mobile devices have become widely used, people are able to access various data and information anywhere and anytime. Most user authentication methods for these mobile devices use PIN-based (Personal Identification Number) authentication, since they do not employ a standard QWERTY keyboard for conveniently entering text-based passwords. However, PINs provide a small password space size, which is vulnerable to attacks. Many studies have employed the KDA (Keystroke Dynamic-based Authentication) system, which is based on keystroke time features to enhance the security of PIN-based authentication. Unfortunately, unlike the text-based password KDA systems in QWERTY keyboards, different keypad sizes or layouts of mobile devices affect the PIN-based KDA system utility. This paper proposes a new graphical-based password KDA system for touch screen handheld mobile devices. The graphical password enlarges the password space size and promotes the KDA utility in touch screen handheld mobile devices. In addition, this paper explores a pressure feature, which is easy to use in touch screen handheld mobile devices, and applies it in the proposed system. The experiment results show: (1) EER is 12.2% in the graphical-based password KDA proposed system. Compared with related schemes in mobile devices, this effectively promotes KDA system utility; (2) EER is reduced to 6.9% when the pressure feature is used in the proposed system. The accuracy of authenticating keystroke time and pressure features is not affected by inconsistent keypads since the graphical passwords are entered via an identical size (50 mm × 60 mm) human–computer interface for satisfying the lowest touch screen size and a GUI of this size is displayed on all mobile devices.     

新型增强3GPP认证密钥交换协议

3GPP认证密钥交换协议存在两大安全缺陷：（1）该协议假设在VLR和HLR间的通信信道必须是安全的,因而易遭受攻击者接入信道后的主动攻击;（2）该协议对于移动用户易遭受重定向攻击。该文提出了一种新型增强3GPP认证密钥交换协议,克服了原协议的安全缺陷,确保了在不安全的信道上实现安全的通信,同时很好地防止了对于用户的重定向攻击,并且该新型增强协议的实施无须改动3GPP的安全体系结构。     

Towards the Use of Brain–Computer Interface and Gestural Technologies as a Potential Alternative to PIN Authentication

This article describes an exploratory study which examined the use of Brain–Computer Interface (BCI) and gestural technologies generated from a BCI headset as a novel potential alternative to a 4-digit PIN code for authentication. Unlike other input modalities, many of these tokens (i.e., “push,” “lift,” “excitement”), can overcome some of the security vulnerabilities associated with PIN authentication (e.g., observations from third parties). Participants engaged in a controlled study where they performed five, 4-token authentication tasks on a simulated authentication screen. The percentage of completed BCI and gestural input tasks, as well as input time and accuracy, was compared to the 4-digit PIN task. The results showed that while authentication using a BCI headset is currently not as complete, fast, or accurate as that of a 4-digit PIN code, users felt that such a system would represent greater security over PIN-based authentication. In addition, mental commands, which might be perceived as the most secure from the standpoint of inconspicuous detection, were found to offer disappointing results both in terms of completion percentage and completion time.     

基于USB-Key的强口令认证方案设计与分析

针对OSPA强口令认证方案无法抵抗重放攻击、拒绝服务攻击的不足,提出了一种基于USB-Key的口令认证方案。该方案使用USB-Key进行用户口令的验证并存储认证的安全参数,能够有效地保护安全参数不被窃取。认证方案在认证过程中对用户的身份信息进行了保护,使用Hash运算计算认证参数,通过用户端和服务器端之间的认证参数的传递实现双向认证。方案的安全性分析表明,它能够防止口令猜测攻击、重放攻击、假冒攻击、拒绝服务攻击,方案系统开销小,适用于运算能力有限的终端用户。     

Haptic Cues for Image Disambiguation

Haptic interfaces represent a revolution in human computer interface technology since they make it possible for users to touch and manipulate virtual objects. In this work we describe a cross-model interaction experiment to study the effect of adding haptic cues to visual cues when vision is not enough to disambiguate the images. We relate the results to those obtained in experimental psychology as well as to more recent studies on the subject.     

Effects of visual and linguistic anthropomorphic cues on social perception,self-awareness,and information disclosure in a health website

Acknowledging the lack of studies examining both visual and linguistic anthropomorphic cues and the underlying mechanisms of their effects, we investigated how the different modalities of anthropomorphic cues in a health website influenced information disclosure. In a 2 (visual cues: human vs. non-human image) × 2 (linguistic cues: conversational vs. impersonal language) × 2 (question type: less vs. more sensitive questions) between-subjects experiment (N = 254), participants registered with a mock-up health website. We assessed a behavioral outcome of not disclosing personal information and psychological outcomes of social perception and self-awareness as potential mediators. Results revealed distinctive effects of the two modalities of the anthropomorphic cues. Anthropomorphic images, on one hand, increased public and private self-awareness, and public self-awareness in turn led to less information disclosure. Anthropomorphic language, on the other hand, heightened social perception and promoted information disclosure, but social perception did not predict the disclosure. These results indicate unique underlying mechanisms of the effects of anthropomorphism: priming effect of visual cues, and communicative effects of linguistic cues.     

Assisting Visually Impaired People to Acquire Targets on a Large Wall-Mounted Display

Large displays have become ubiquitous in our everyday lives, but these displays are designed for sighted people.This paper addresses the need for visually impaired people to access targets on large wall-mounted displays. We developed an assistive interface which exploits mid-air gesture input and haptic feedback, and examined its potential for pointing and steering tasks in human computer interaction（HCI）. In two experiments, blind and blindfolded users performed target acquisition tasks using mid-air gestures and two different kinds of feedback（i.e., haptic feedback and audio feedback）. Our results show that participants perform faster in Fitts＇ law pointing tasks using the haptic feedback interface rather than the audio feedback interface. Furthermore, a regression analysis between movement time（MT） and the index of difficulty（ID）demonstrates that the Fitts＇ law model and the steering law model are both effective for the evaluation of assistive interfaces for the blind. Our work and findings will serve as an initial step to assist visually impaired people to easily access required information on large public displays using haptic interfaces.     

基于震动语义提示的智能手表文本密码输入

当今社会智能手表的使用越来越广泛,其中存储了用户大量的个人信息,需要设计合适的方法对其进行保护.PIN是密码是使用广泛的一种方式,但存在抗泄露性不足的问题.提出了一种智能手表身份认证方案,基于传统的数字密码认证设计,通过震动语义提示输入的密码位数.开展了3个实验来研究这种方法的表现.首先研究了能否被用户快速并且准备判别的震动时长组合.结果显示400ms和100ms的组合使用效果最好.随后设计了一组震动提示方案,并建立了震动和密码第几位的映射关系,经由实验证实了该方案能够被有效地记忆与实践.最后测试了在模拟真实情况下的密码输入.结果表明,设置5位密码进行4位输入可以导致保证较快的输入速度和较高的准确度,同时,能够保证较高的密码抗泄露性.为智能手表的身份认证设计提供了新的思路.     

Knowledge sharing and social media: Altruism,perceived online attachment motivation,and perceived online relationship commitment

Social media, such as Facebook and Twitter, have become extremely popular. Facebook, for example, has more than a billion registered users and thousands of millions of units of information are shared every day, including short phrases, articles, photos, and audio and video clips. However, only a tiny proportion of these sharing units trigger any type of knowledge exchange that is ultimately beneficial to the users. This study draws on the theory of belonging and the intrinsic motivation of altruism to explore the factors contributing to knowledge sharing behavior. Using a survey of 299 high school students applying for university after the release of the public examination results, we find that perceived online attachment motivation (β = 0.31, p < 0.001) and perceived online relationship commitment (β = 0.49, p < 0.001) have positive, direct, and significant effects on online knowledge sharing (R² 0.568). Moreover, when introduced into the model, altruism has a direct and significant effect on online knowledge sharing (β = 0.46, p < 0.001) and the total variance explained by the extended model increases to 64.9%. The implications of the findings are discussed.     

Ultra high performance planar InGaAs PIN photodiodes for high speed optical fiber communication

This paper reports a front-illuminated planar InGaAs PIN photodiode with very low dark current, very low capacitance and very high responsivity on S-doped InP substrate. The presented device which has a thick absorption layer of 2.92 μm and a photosensitive area 73 μm in diameter exhibited the high performance of a very low capacitance of 0.47 pF, a very low dark current of 0.041 nA, a very high responsivity of 0.99 A/W (79% quantum efficiency) at λ = 1.55 μm, the 3 dB bandwidths of 6.89 GHz (−5 V), 7.48 GHz (−12 V) for bare chips and 4.48 GHz (−5 V), 5.02 GHz (−12 V) for the devices packaged in TO can, respectively. Furthermore, the developed PIN photodiodes possess high breakdown voltage of less than −25 V.     

基于口令的远程身份认证及密钥协商协议

基于口令的身份认证协议是研究的热点。分析了一个低开销的基于随机数的远程身份认证协议的安全性,指出了该协议的安全缺陷。构造了一个基于随机数和Hash函数、使用智能卡的远程身份认证和密钥协商协议：PUAKP协议。该协议使用随机数,避免了使用时戳带来的重放攻击的潜在风险。该协议允许用户自主选择和更改口令,实现了双向认证,有较小的计算开销;能够抵御中间人攻击;具有口令错误敏感性、口令的主机非透明性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。     

Cryptanalysis and improvement of a threshold proxy signature scheme

A (t, n) threshold proxy signature scheme allows any t or more proxy signers to cooperatively sign messages on behalf of an original signer, but t ? 1 or fewer proxy signers cannot. In a recent work [C.H. Yang, S.F. Tzeng, M.S. Hwang, On the efficiency of nonrepudiable threshold proxy signature scheme with known signers, Systems and Software 73(3) (2004) 507–514], C.H. Yang, S.F. Tzeng and M.S. Hwang proposed a new threshold proxy signature scheme (called as YTH scheme), which is more efficient in algorithm and communication than Hsu et al.'s scheme proposed in 2001. However, YTH scheme still has some security weaknesses. In this paper, we show that YTH scheme cannot resist frame attack and public-key substitute attack. A new improvement with high safety and efficiency is proposed. The new scheme remedies the weaknesses of YTH scheme, especially, it can resist public-key substitute attack successfully by Zero-Knowledge Proof. Furthermore, the system doesn't need a security channel and computational complexity can be lowered.