Search results

The purpose of this paper is to present the identification-verification-confirmation of identity (IVCid) model that can be used to retroactively analyze the existing customer identification programs and devise new ones that can be used in face-to-face or non-face-to-face environment.

This paper outlines the main elements of the customer due diligence (CDD) process and identifies those which may present a barrier to the customers. It then outlines the IVCid model. The model is used to analyze existing CDD approaches in physical presence, using reliable databases, biometrics and electronic signatures.

The IVCid model suggests that any customer identification program contains three elements: identification (collection of information), verification (checking the veracity of information) and confirmation of identity (linking the information to the individual). The accuracy of this model is confirmed by the analysis of the existing CDD procedures in some countries.

This paper looks at a limited number of practical cases of CDD implementation. Further research might be needed to assess the strengths and weaknesses of biometric-based or e-signature-based solutions. Research might be needed to establish links between the IVCid model and financial inclusion.

The IVCid model allows for “modular” approach for the CDD procedures. It also underlines some risks associated with current CDD models.

The IVCid model can be used to devise the CDD procedures that more effectively contribute to financial inclusion.

This paper proposes the first universal model for the CDD procedures that works for both face-to-face and remote scenarios while also being technology- and business-neutral.

There is a hierarchically related set of fundamental security technologies that have been used (sometimes without need for the hierarchy) in the late 1970s and 80s to protect information. The critical assumptions which provided the rationale for protection of information in those times are now challenged by the networked information resource environment of the 1990s. The weakest link in most information security systems is the reliance upon inappropriate methods of identifying and authenticating authorized users to the exclusion of all others. Proposes token based, two‐factor identity authenticator as a solution which reconciles the security hierarchy with the typical 1990s distributed information environment.

Phishing is essentially a social engineering crime on the Web, whose rampant occurrences and technique advancements are posing big challenges for researchers in both academia and the industry. The purpose of this study is to examine the available phishing literatures and phishing countermeasures, to determine how research has evolved and advanced in terms of quantity, content and publication outlets. In addition to that, this paper aims to identify the important trends in phishing and its countermeasures and provides a view of the research gap that is still prevailing in this field of study.

This paper is a comprehensive literature review prepared after analysing 16 doctoral theses and 358 papers in this field of research. The papers were analyzed based on their research focus, empirical basis on phishing and proposed countermeasures.

The findings reveal that the current anti‐phishing approaches that have seen significant deployments over the internet can be classified into eight categories. Also, the different approaches proposed so far are all preventive in nature. A Phisher will mainly target the innocent consumers who happen to be the weakest link in the security chain and it was found through various usability studies that neither server‐side security indicators nor client‐side toolbars and warnings are successful in preventing vulnerable users from being deceived.

Educating the internet users about phishing, as well as the implementation and proper application of anti‐phishing measures, are critical steps in protecting the identities of online consumers against phishing attacks. Further research is required to evaluate the effectiveness of the available countermeasures against fresh phishing attacks. Also there is the need to find out the factors which influence internet user's ability to correctly identify phishing websites.

The purpose of this paper is to reveal the lived experiences of dyslexics in engaging with all kinds of alphanumeric authentication mechanisms.

A significant proportion of the world’s population experiences some degree of dyslexia, which can lead to spelling, processing, sequencing and retention difficulties. Passwords, being essentially sequences of alphanumeric characters, make it likely that dyslexics will struggle with these, even more so than the rest of the population. Here, this study explores the difficulties people with dyslexia face, their general experiences with passwords, the coping strategies they use and the advice they can provide to developers and others who struggle with passwords. This paper collects empirical data through semi-structured interviews with 13 participants. Thematic analysis was used to provide an in-depth view of each participant’s experience.

The main contribution of this paper is to provide evidence related to the inaccessibility dimensions of passwords as an authentication mechanism, especially for dyslexics and to recommend a solution direction.

There is a possible volunteer bias, as this study is dealing with self-reported data including historical and reflective elements and this paper is seeking information only from those with self-declared or diagnosed dyslexia. Furthermore, many expressed interest or curiosity in the relationship between dyslexia and password difficulties, for some a motivation for their participation. Finally, given that the participants told us that dyslexics might hide, it is possible that the experiences of those who do hide are different from those who chose to speak to us and thus were not hiding.

A few authors have written about the difficulties dyslexics face when it comes to passwords, but no one has asked dyslexics to tell them about their experiences. This paper fills that gap.

In modern cloud services, resource provisioning and allocation are significant for assigning the available resources in efficient way. Resource management in cloud becomes challenging due to high energy consumption at data center (DC), virtual machine (VM) migration, high operational cost and overhead on DC.

In this paper, the authors proposed software-defined networking (SDN)-enabled cloud for resource management to reduce energy consumption in DC. SDN-cloud comprises four phases: (1) user authentication, (2) service-level agreement (SLA) constraints, (3) cloud interceder and (4) SDN-controller.

Resource management is significant for reducing power consumption in CDs that is based on scheduling, VM placement, with Quality of Service (QoS) requirements.

The main goal is to utilize the resources energy effectively for reducing power consumption in cloud environment. This method effectively increases the user service rate and reduces the unnecessary migration process.

As a result, the authors show a significant reduction in energy consumption by 20 KWh as well as over 60% power consumption in the presence of 500 VMs. In future, the authors have planned to concentrate the issues on resource failure and also SLA violation rate with respect to number of resources will be decreased.

Two-factor authentication is being implemented more broadly to improve security against phishing, shoulder surfing, keyloggers and password guessing attacks. Although passwords serve as the first authentication factor, a common approach to implementing the second factor is sending a one-time code, either via e-mail or text message. The prevalence of smartphones, however, creates security risks in which a stolen phone leads to user’s accounts being accessed. Physical tokens such as RSA’s SecurID create extra burdens for users and cannot be used on many accounts at once. This study aims to improve the usability and security for two-factor online authentication.

The authors propose a novel second authentication factor that, similar to passwords, is also based on something the user knows but operates similarly to a one-time code for security purposes. The authors design this component to provide higher security guarantee with minimal memory burden and does not require any additional communication channels or hardware. Motivated by psychology research, the authors leverage users’ autobiographical memory in a novel way to create a secure and memorable component for two-factor authentication.

In a multi-session lab study, all of the participants were able to log in successfully on the first attempt after a one-week delay from registration and reported satisfaction on the usability of the scheme.

The results indicate that the proposed approach to leverage autobiographical memory is a promising direction for further research on second authentication factor based on something the user knows.

The rapid expansion of internet usage and device connectivity has underscored the importance of understanding the public’s cyber behavior and knowledge. Despite this, there is little research that examines the public’s objective knowledge of secure information security practices. The purpose of this study is to examine how objective cyber awareness is distributed throughout society.

This study draws on a large national survey of adults to examine the relationship between individual factors – such as demographic attributes and socioeconomic resources – and information security awareness. The study estimates several statistical models using weighted logistic regression to model objective information security awareness.

The results indicate that socioeconomic resources such as income and education have a significant effect on individuals’ information security awareness with richer and more highly educated individuals exhibiting greater awareness of important security practices and tools. Additionally, age and gender represent consistent and clear informational gaps in society as older individuals and females are significantly less knowledgeable about an array of information security practices than younger individuals and males, respectively.

The findings have important implications for our understanding of information security behavior and user vulnerability in an increasingly digital and connected society. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks. While digital technology will continue to permeate many aspects of daily life – from financial transactions to health services to social interactions – the findings here indicate that some users may be far more exposed and vulnerable to attack than others.

This study contributes to our understanding of general user information security awareness using a large survey and statistical models to generalize about the public’s information security awareness across multiple domains and stimulates future research on public knowledge of information security. The findings indicate that some users may be far more exposed and vulnerable to attack than others. Despite the growing importance of cybersecurity for all individuals in nearly all domains of daily life, there is substantial inequality in awareness about secure cyber practices and the tools and techniques used to protect one’s self from attacks.

For decades, literature has reported on the perceived conflict between usability and security. This mutual trade-off needs to be considered and addressed whenever security products are developed. Achieving well-balanced levels of both is a precondition for sufficient security as users tend to reject unusable solutions. To assess it correctly, usability should be evaluated in the context of security. This paper aims to identify and describe universally applicable and solution-independent factors that affect the perceived usability of security mechanisms.

The selected methodology was a systematic literature review during which multiple database resources were queried. Application of predefined selection criteria led to the creation of a bibliography before backward snowballing was applied to minimize the risk of missing material of importance. All 70 included publications were then analyzed through thematic analysis.

The study resulted in the identification of 14 themes and 30 associated subthemes representing aspects with reported influence on perceived usability in the context of security. While some of them were only mentioned sparsely, the most prominent and thus presumably most significant ones were: simplicity, information and support, task completion time, error rates and error management.

The identified novel themes can increase knowledge about factors that influence usability. This can be useful for different groups: end users may be empowered to choose appropriate solutions more consciously, developers may be able to avoid common usability pitfalls when designing new products and system administrators may benefit from a better understanding of how to configure solutions and how to educate users efficiently.

The SOUL System aims to provide a low‐cost secure online two‐factor authentication system that involves both a password and a security token in the form of an ordinary electronic container. Its main goal is to design and build a system that can easily be integrated to existing websites to make the login and registration processes more secure.

The three main parts of the system are the website, the ordinary hardware device, and trusted third party. The website must first be integrated with the web API provided and then registered to the trusted third party website to allow two‐factor authentication. It must be registered to the trusted third party so that it can be used to register and login to SOUL System integrated websites.

The design and implementation of the proposed two‐factor authentication system makes use of the hybrid cryptosystem, one‐time passwords, hash functions, trusted third parties, steganographic techniques, signed java applets and cross‐language cryptographic libraries. It protects users from well known attacks such as brute‐force attacks, collision attacks, dictionary attacks, keylogger attacks, man‐in‐the‐middle attacks, and even replay attacks. Currently, the system can be integrated to websites built in PHP, Python, and Java.

The SOUL System is the first two‐factor authentication system that uses both cryptography and steganography to provide secure online authentication with an ordinary USB flash drive. It is designed to work in major operating systems such as Windows, Mac OS X, and Linux with very minimal installation.

In this study, the authors seek to understand factors that naturally influence users to adopt two-factor authentication (2FA) without even trying to intervene by investigating factors within individuals that may influence their decision to adopt 2FA by themselves.

A total of 1,852 individuals from all 34 provinces in Indonesia participated in this study by filling out online questionnaires. The authors discussed the results from statistical analysis further through the lens of the loss aversion theory.

The authors found that loss aversion, represented by higher income that translates to greater potential pain caused by losing things to be the most significant demographic factor behind 2FA adoption. On the contrary, those with a low-income background, even if they have some college degree, are more likely to skip 2FA despite their awareness of this technology. The authors also found that the older generation, particularly females, to be among the most vulnerable groups when it comes to authentication-based cyber threats as they are much less likely to adopt 2FA, or even to be aware of its existence in the first place.

Authentication is one of the most important topics in cybersecurity that is related to human-computer interaction. While 2FA increases the security level of authentication methods, it also requires extra efforts that can translate to some level of inconvenience on the user's end. By identifying the associated factors from the user's ends, a necessary intervention can be made so that more users are willing to jump on the 2FA adopters' train.