Search results
1 – 10 of 971Ebenhaeser Otto Janse van Rensburg, Reinhardt A. Botha and Rossouw von Solms
Authenticating an individual through voice can prove convenient as nothing needs to be stored and cannot easily be stolen. However, if an individual is authenticating under…
Abstract
Purpose
Authenticating an individual through voice can prove convenient as nothing needs to be stored and cannot easily be stolen. However, if an individual is authenticating under duress, the coerced attempt must be acknowledged and appropriate warnings issued. Furthermore, as duress may entail multiple combinations of emotions, the current f-score evaluation does not accommodate that multiple selected samples possess similar levels of importance. Thus, this study aims to demonstrate an approach to identifying duress within a voice-based authentication system.
Design/methodology/approach
Measuring the value that a classifier presents is often done using an f-score. However, the f-score does not effectively portray the proposed value when multiple classes could be grouped as one. The f-score also does not provide any information when numerous classes are often incorrectly identified as the other. Therefore, the proposed approach uses the confusion matrix, aggregates the select classes into another matrix and calculates a more precise representation of the selected classifier’s value. The utility of the proposed approach is demonstrated through multiple tests and is conducted as follows. The initial tests’ value is presented by an f-score, which does not value the individual emotions. The lack of value is then remedied with further tests, which include a confusion matrix. Final tests are then conducted that aggregate selected emotions within the confusion matrix to present a more precise utility value.
Findings
Two tests within the set of experiments achieved an f-score difference of 1%, indicating, Mel frequency cepstral coefficient, emotion detection, confusion matrix, multi-layer perceptron, Ryerson audio-visual database of emotional speech and song (RAVDESS), voice authentication that the two tests provided similar value. The confusion matrix used to calculate the f-score indicated that some emotions are often confused, which could all be considered closely related. Although the f-score can represent an accuracy value, these tests’ value is not accurately portrayed when not considering often confused emotions. Deciding which approach to take based on the f-score did not prove beneficial as it did not address the confused emotions. When aggregating the confusion matrix of these two tests based on selected emotions, the newly calculated utility value demonstrated a difference of 4%, indicating that the two tests may not provide a similar value as previously indicated.
Research limitations/implications
This approach’s performance is dependent on the data presented to it. If the classifier is presented with incomplete or degraded data, the results obtained from the classifier will reflect that. Additionally, the grouping of emotions is not based on psychological evidence, and this was purely done to demonstrate the implementation of an aggregated confusion matrix.
Originality/value
The f-score offers a value that represents the classifiers’ ability to classify a class correctly. This paper demonstrates that aggregating a confusion matrix could provide more value than a single f-score in the context of classifying an emotion that could consist of a combination of emotions. This approach can similarly be applied to different combinations of classifiers for the desired effect of extracting a more accurate performance value that a selected classifier presents.
Details
Keywords
The purpose of this paper was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk…
Abstract
Purpose
The purpose of this paper was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile. Online security remains a challenge to ensure safe transacting on the Internet. User authentication, a human-centric process, is regarded as the basis of computer security and hence secure access to online banking services. The increased use of technology to enforce additional actions has the ability to improve the quality of authentication and hence online security, but often at the expense of usability. The objective of this study was to determine factors that could be used to create different authentication requirements for diverse online banking customers based on their risk profile.
Design/methodology/approach
A web-based survey was designed to determine online consumers’ competence resecure online behaviour, and this was used to quantify the online behaviour as more or less secure. The browsers used by consumers as well as their demographical data were correlated with the security profile of respondents to test for any significant variance in practice that could inform differentiated authentication.
Findings
A statistical difference between behaviours based on some of the dependant variables was evident from the analysis. Based on the results, a case could be made to have different authentication methods for online banking customers based on both their browser selected (before individual identification) as well as demographical data (after identification) to ensure a safer online environment.
Originality/value
The research can be used by the financial services sector to improve online security, where required, without necessarily reducing usability for more “security inclined” customers.
Details
Keywords
Mariah Strella P. Indrinal, Ranyel Bryan L. Maliwanag and Marynyriene I. Silvestre
The purpose of this paper is to introduce VoxGrid, a mobile voice verification system intended for improving the security of the username‐password authentication scheme.
Abstract
Purpose
The purpose of this paper is to introduce VoxGrid, a mobile voice verification system intended for improving the security of the username‐password authentication scheme.
Design/methodology/approach
The system incorporates text‐dependant speaker verification via mobile devices that provides for a three‐factor authentication scheme for granting authorised access to certain websites or applications. The same speech recognition engine used by Google Voice Search is utilised to provide voice‐to‐text feature. All verification tasks are performed on a centralised server to minimise computing requirements on mobile platforms where feature extractions is executed using Mel Frequency Cepstral Coefficients. The resulting features are transmitted to the server instead of raw voice data to reduce network load. Actual voice verification takes place in the central server using Vector Quantisation.
Findings
The initial results have indicated that VoxGrid is capable of providing an additional level of security on user authentications at a low cost and without using extra security tokens other than one's voice with a good enough performance given the limited resources available during testing.
Originality/value
Past speaker verification experiments have been conducted but we see that this is the first time it is done on mobile devices with a client‐server architecture using K‐Means Clustering and Vector Quantisation. Future improvements on performance and testing could result in a more secure mobile computing environment.
Details
Keywords
Sajaad Ahmed Lone and Ajaz Hussain Mir
Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy…
Abstract
Purpose
Because of the continued use of mobile, cloud and the internet of things, the possibility of data breaches is on the increase. A secure authentication and authorization strategy is a must for many of today’s applications. Authentication schemes based on knowledge and tokens, although widely used, lead to most security breaches. While providing various advantages, biometrics are also subject to security threats. Using multiple factors together for authentication provides more certainty about a user’s identity; thus, leading to a more reliable, effective and more difficult for an adversary to intrude. This study aims to propose a novel, secure and highly stable multi-factor one-time password (OTP) authentication solution for mobile environments, which uses all three authentication factors for user authentication.
Design/methodology/approach
The proposed authentication scheme is implemented as a challenge-response authentication where three factors (username, device number and fingerprint) are used as a secret key between the client and the server. The current scheme adopts application-based authentication and guarantees data confidentiality and improved security because of the integration of biometrics with other factors and each time new challenge value by the server to client for OTP generation.
Findings
The proposed authentication scheme is implemented on real android-based mobile devices, tested on real users; experimental results show that the proposed authentication scheme attains improved performance. Furthermore, usability evaluation proves that proposed authentication is effective, efficient and convenient for users in mobile environments.
Originality/value
The proposed authentication scheme can be adapted as an effective authentication scheme to accessing critical information using android smartphones.
Details
Keywords
Austin Jay Harris and David C. Yen
In this paper biometric technology will be defined and then discussed as to how it will help the business world protect its information. Background will be given to show how…
Abstract
In this paper biometric technology will be defined and then discussed as to how it will help the business world protect its information. Background will be given to show how identification and authentication have developed throughout the years and why another form of authorization needs to come to the forefront. There are reasons for higher security and biometric authentication will be shown to be the solution to answer this call. Biometric is a powerful way of deciding who can gain access to our most valuable systems in this volatile world. Factors will be uncovered about what can and will affect an identification system, which will lead us to the feasibility of implementing a biometric system. As one will see, biometric will not be the best choice for everyone. Already, parts of the Department of Defense community rely on this technology in order to maintain the integrity of their own systems. For the business world, it is critical that biometric be grasped now in order to do the same.
Details
Keywords
Abstract
Details
Keywords
Abstract
Details
Keywords
Marcia Combs, Casey Hazelwood and Randall Joyce
Digital voice assistants use wake word engines (WWEs) to monitor surrounding audio for detection of the voice assistant's name. There are two failed conditions for a WWE, false…
Abstract
Purpose
Digital voice assistants use wake word engines (WWEs) to monitor surrounding audio for detection of the voice assistant's name. There are two failed conditions for a WWE, false negative and false positive. Wake word false positives threaten a loss of personal privacy because, upon activation, the digital assistant records audio to the voice cloud service for processing.
Design/methodology/approach
This observational study attempted to identify which Amazon Alexa wake word and Amazon Echo smart speaker resulted in the fewest number of human voice false positives. During an eight-week period, false-positive data were collected from four different Amazon Echo smart speakers located in a small apartment with three female roommates.
Findings
Results from this study suggest the number of human voice false positives are related to wake word selection and Amazon Echo hardware. Results from this observational study determined that the wake word Alexa resulted in the fewest number of false positives.
Originality/value
This study suggests Amazon Alexa users can better protect their privacy by selecting Alexa as their wake word and selecting smart speakers with the highest number of microphones in the far-field array with 360-degree geometry.
Details
Keywords
Theodore Tryfonas, Iain Sutherland and Ioannis Pompogiatzis
The purpose of this paper is to discuss and amalgamate information security principles, and legal and ethical concerns that surround security testing and components of generic…
Abstract
Purpose
The purpose of this paper is to discuss and amalgamate information security principles, and legal and ethical concerns that surround security testing and components of generic security testing methodologies that can be applied to Voice over Internet Protocol (VoIP), in order to form an audit methodology that specifically addresses the needs of this technology.
Design/methodology/approach
Information security principles, legal and ethical concerns are amalgamated that surround security testing and components of generic security testing methodologies that can be applied to VoIP. A simple model is created of a business infrastructure (core network) for the delivery of enterprise VoIP services and the selected tests are applied through a methodically structured action plan.
Findings
The main output of this paper is a, documented in detail, testing plan (audit programme) for the security review of a core VoIP enterprise network infrastructure. Also, a list of recommendations for good testing practice based on the testing experience and derived through the phase of the methodology evaluation stage.
Research limitations/implications
The methodology in the paper does not extend at the moment to the testing of the business operation issues of VoIP telephony, such as revenue assurance or toll fraud detection.
Practical implications
This approach facilitates the conduct or security reviews and auditing in a VoIP infrastructure.
Originality/value
VoIP requires appropriate security testing before its deployment in a commercial environment. A key factor is the security of the underlying data network. If the business value of adopting VoIP is considered then the potential impact of a related security incident becomes clear. This highlights the need for a coherent security framework that includes means for security reviews, risk assessments, and influencing design and deployment. In this respect, this approach can meet this requirement.
Details
Keywords
Abstract
Details