Search results

The purpose of this paper is to assess the usability of two image‐based authentication methods when used in the web‐based environment. The evaluated approaches involve clicking secret points within a single image (click‐based) and remembering a set of images in the correct sequence (choice‐based).

A “one‐to‐one” usability study was conducted in which participants had to complete three main tasks; namely authentication tasks (register, confirm and login), spot the difference activity and provide feedback.

From analysing the results in terms of timing, number of attempts, user feedback, accuracy and predictability, it is found that the choice‐based approach is better in terms of usability, whereas the click‐based method performed better in terms of timing and is rated more secure against social engineering.

The majority of participants are from the academic sector (students, lecturers, etc.) and had up to seven years' IT experience. To obtain more statistically significant results, it is proposed that participants should be obtained from various sectors, having a more varied IT experience.

The results suggest that in order for image‐based authentication to be used in the web environment, more work is needed to increase the usability, while at the same time maintaining the security of both techniques.

This paper enables a direct comparison of the usability of two alternative image‐based techniques, with the studies using the same set of participants and the same set of environment settings.

The paper presents a comparative study of software‐based user authentication techniques, contrasting the use of traditional password and personal identifier numbers (PIN) against alternative methods involving question and answer responses and graphical representation. All methods share the common basis of some secret knowledge and rely upon the user’s ability to recall it in order to achieve authentication. An experimental trial is described, along with the results based upon 27 participants. The alternative methods are assessed in terms of practical effectiveness (in this context relating to the participant’s ability to authenticate themselves a significant time after initial use of the methods), as well as the perceived levels of user friendliness and security that they provide. The investigation concludes that while passwords and PIN approaches garner good ratings on the basis of their existing familiarity to the participants, other methods based upon image recall and cognitive questions also achieved sufficiently positive results to suggest them as viable alternatives in certain contexts.

The paper explains the background to experimental work that was conducted with the aim of measuring aspects of the WWW (specifically the average lifetime of a web link and the impact of the “Millennium Bug”), but which inadvertently caused two perceived security breaches on remote systems. The paper explains the nature of these incidents and considers why, when over 700,000 IP addresses were randomly sampled in the experimental study, only two sites considered the activity to be an attempt to breach their security. It is concluded that, while the appropriate protection of Internet‐based systems is undoubtedly of importance, the problems experienced during the experimental study suggest a lack of uniformity in what different organisations will class as a security breach.

The purpose of this paper was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile. Online security remains a challenge to ensure safe transacting on the Internet. User authentication, a human-centric process, is regarded as the basis of computer security and hence secure access to online banking services. The increased use of technology to enforce additional actions has the ability to improve the quality of authentication and hence online security, but often at the expense of usability. The objective of this study was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile.

A web-based survey was designed to determine online consumers’ competence resecure online behaviour, and this was used to quantify the online behaviour as more or less secure. The browsers used by consumers as well as their demographical data were correlated with the security profile of respondents to test for any significant variance in practice that could inform differentiated authentication.

A statistical difference between behaviours based on some of the dependant variables was evident from the analysis. Based on the results, a case could be made to have different authentication methods for online banking customers based on both their browser selected (before individual identification) as well as demographical data (after identification) to ensure a safer online environment.

The research can be used by the financial services sector to improve online security, where required, without necessarily reducing usability for more “security inclined” customers.

This research aims to build a system that will continuously. This paper is an extended version of SECPRE 2021 paper and presents a research on the development and validation of a behavioral biometrics continuous authentication (BBCA) system that is based on users keystroke dynamics and touch gestures on mobile devices. This paper aims to build a system that will continuously authenticate the user of a smartphone.

Session authentication schemes establish the identity of the user only at the beginning of the session, so they are vulnerable to attacks that tamper with communications after the establishment of the authenticated session. Moreover, smartphones themselves are used as authentication means, especially in two-factor authentication schemes, which are often required by several services. Whether the smartphone is in the hands of the legitimate user constitutes a great concern and correspondingly whether the legitimate user is the one who uses the services. In response to these concerns, BBCA technologies have been proposed on a large corpus of literature. This paper presents a research on the development and validation of a BBCA system (named BioPrivacy), which is based on the user’s keystroke dynamics and touch gestures, using a multi-layer perceptron (MLP). Also, this paper introduces a new BB collection tool and proposes a methodology for the selection of an appropriate set of BB.

The system achieved the best results for keystroke dynamics which are 97.18% accuracy, 0.02% equal error rate, 97.2% true acceptance rate and 0.02% false acceptance rate.

This paper develops a new BB collection tool, named BioPrivacy, by which behavioral data of users on mobile devices can be collected. This paper proposes a methodology for the selection of an appropriate set of BB. This paper presents the development of a BBCA system based on MLP.

Business‐to‐business international Internet marketing (B2B IIM) has emerged as one of the key drivers in sustaining an organisation’s competitive advantage. However, market entry and communication via the Internet have affected the dynamics and traditional process in B2B commerce. Difficulties resulting from these new trends have been cited in the literature. Research into identifying what are the critical success factors for global market entry is rare. This research presents a comprehensive review in this field. The study identified 21 critical success factors applicable to most of the B2B IIM. These factors were classified into five categories: marketing strategy, Web site, global, internal and external related factors. The significance, importance and implications for each category are discussed and then recommendations are made.

The purpose of this paper is to identify and develop a hierarchical model for the barriers affecting the growth of mobile commerce (M-commerce). Based on the model developed, the authors’ objective is to identify those variables that are of strategic nature and are the root cause of the issue.

Variables considered as barriers are identified, and utilizing the interpretive structural model approach, a relationship model is developed. Further, the impact matrix cross-reference multiplication applied to a classification approach is used to analyze the effect and dependence among these factors.

The research in the area of M-commerce in the Arab world and related to the strategic aspect is limited in the extant literature. The present study tries to fill this gap by investigating the variables that inhibit the growth of M-commerce in Qatar. The research shows that there exists a group of barriers having a high driving power and low dependence requiring maximum attention and of strategic importance, while another group consists of those variables that have high dependence and are the resultant actions.

There is a growing concern that although the numbers of mobile subscribers are increasing at a very fast pace in Qatar, actual M-commerce activities in the country remain low. The findings of this study can be used to understand the differences between the independent and dependent variables and their mutual relationships. The study would also help the policy makers to develop suitable strategies to facilitate growth of M-commerce in the country.

This research was the first attempt to investigate the relationships among the variables inhibiting the growth of M-commerce in a fast-growing economy in a Gulf Cooperation Council (GCC) region. Given that there is limited research on M-commerce in the GCC context, the study can be viewed as an investigation that provides a good understanding of the variables and their interrelationships affecting M-commerce proliferation.

Considers the requirement for information security within the domain of online distance learning. A generic module structure is presented which represents a high level abstraction of the different stages of the educational process. Discusses the main security issues that must be considered at each stage. These various requirements are being addressed in practice by the security framework being developed by the SDLearn research project, a collaborative initiative between higher academic establishments in the UK and Germany.

The purpose of this study is to focus on organisation’s cybersecurity strategy and propose a high-level programme for cybersecurity education and awareness to be used when targeting small- and medium-sized enterprises/businesses (SMEs/SMBs) at a city-level. An essential component of an organisation’s cybersecurity strategy is building awareness and education of online threats and how to protect corporate data and services. This programme is based on existing research and provides a unique insight into an ongoing city-based project with similar aims.

To structure this work, a scoping review was conducted of the literature in cybersecurity education and awareness, particularly for SMEs/SMBs. This theoretical analysis was complemented using a case study and reflecting on an ongoing, innovative programme that seeks to work with these businesses to significantly enhance their security posture. From these analyses, best practices and important lessons/recommendations to produce a high-level programme for cybersecurity education and awareness were recommended.

While the literature can be informative at guiding education and awareness programmes, it may not always reach real-world programmes. However, existing programmes, such as the one explored in this study, have great potential, but there can be room for improvement. Knowledge from each of these areas can, and should, be combined to the benefit of the academic and practitioner communities.

The study contributes to current research through the outline of a high-level programme for cybersecurity education and awareness targeting SMEs/SMBs. Through this research, literature in this space was examined and insights into the advances and challenges faced by an on-going programme were presented. These analyses allow us to craft a proposal for a core programme that can assist in improving the security education, awareness and training that targets SMEs/SMBs.

The dependence on human involvement and human behavior to protect information assets necessitates an information security awareness program to make people aware of their roles and responsibilities towards information security. The purpose of this paper is to examine the feasibility of an information security vocabulary test as an aid to assess awareness levels and to assist with the identification of suitable areas or topics to be included in an information security awareness program.

A questionnaire has been designed to test and illustrate the feasibility of a vocabulary test. The questionnaire consists of two sections – a first section to perform a vocabulary test and a second one to evaluate respondents' behavior. Two different class groups of students at a university were used as a sample.

The research findings confirmed that the use of a vocabulary test to assess security awareness levels will be beneficial. A significant relationship between knowledge of concepts (vocabulary) and behavior was observed.

The paper introduces a new approach to evaluate people's information security awareness levels by employing an information security vocabulary test. This new approach can assist management to plan and evaluate interventions and to facilitate best practice in information security. Aspects of cognitive psychology and language were taken into account in this research project, indicating the interaction and influence between apparently different disciplines.