Search Results (99)

This study introduces AffectiVR, a dataset designed for periocular biometric authentication and emotion evaluation in virtual reality (VR) environments. To maximize immersion in VR environments, interactions must be seamless and natural, with unobtrusive authentication and emotion recognition technologies playing a crucial role. This study proposes a method for user authentication by utilizing periocular images captured by a camera attached to a VR headset. Existing datasets have lacked periocular images acquired in VR environments, limiting their practical application. To address this, periocular images were collected from 100 participants using the HTC Vive Pro and Pupil Labs infrared cameras in a VR environment. Participants also watched seven emotion-inducing videos, and emotional evaluations for each video were conducted. The final dataset comprises 1988 monocular videos and corresponding self-assessment manikin (SAM) evaluations for each experimental video. This study also presents a baseline study to evaluate the performance of biometric authentication using the collected dataset. A deep learning model was used to analyze the performance of biometric authentication based on periocular data collected in a VR environment, confirming the potential for implicit and continuous authentication. The high-resolution periocular images collected in this study provide valuable data not only for user authentication but also for emotion evaluation research. The dataset developed in this study can be used to enhance user immersion in VR environments and as a foundational resource for advancing emotion recognition and authentication technologies in fields such as education, therapy, and entertainment. This dataset offers new research opportunities for non-invasive continuous authentication and emotion recognition in VR environments, and it is expected to significantly contribute to the future development of related technologies. Full article

Financial institutions are currently undergoing a significant shift from traditional robo-advisors to more advanced generative artificial intelligence (GenAI) technologies. This transformation has motivated us to investigate the factors influencing consumer responses to GenAI-driven financial advice. Despite extensive research on the adoption of robo-advisors, there is a gap in our understanding of the specific contributors to, and differences in, consumer attitudes and reactions to GenAI-based financial guidance. This study aims to address this gap by analyzing the impact of personalized investment suggestions, human-like empathy, and the continuous improvement of GenAI-provided financial advice on its authenticity as perceived by consumers, their utilitarian attitude toward the use of GenAI for financial advice, and their reactions to GenAI-generated financial suggestions. A comprehensive research model was developed based on service-dominant logic (SDL) and Artificial Intelligence Device Use Acceptance (AIDUA) frameworks. The model was subsequently employed in a structural equation modeling (SEM) analysis of survey data from 822 mobile banking users. The findings indicate that personalized investment suggestions, human-like empathy, and the continuous improvement of GenAI’s recommendations positively influence consumers’ perception of its authenticity. Moreover, we discovered a positive correlation between utilitarian attitudes and perceived authenticity, which ultimately influences consumers’ responses to GenAI’s financial advisory solutions. This is manifested as either a willingness to engage or resistance to communication. This study contributes to the research on GenAI-powered financial services and underscores the significance of integrating GenAI financial guidance into the routine operations of financial institutions. Our work builds upon previous research on robo-advisors, offering practical insights for financial institutions seeking to leverage GenAI-driven technologies to enhance their services and customer experiences. Full article

In response to the increasing complexity and sophistication of cyber threats, particularly those enhanced by advancements in artificial intelligence, traditional security methods are proving insufficient. This paper provides an overview of the zero-trust cybersecurity framework, which operates on the principle of “never trust, always verify” to mitigate vulnerabilities within organizations. Specifically, this paper examines the applicability of zero-trust principles in environments where large volumes of information are exchanged, such as schools and libraries, highlighting the importance of continuous authentication (proving who users are within the network), least privilege access (providing only access to what users specifically need), and breach assumption (assuming a breach has or will occur and thus operating to limit the spread through the use of multiple checkpoints throughout the network). The analysis highlights avenues for future research that may help preserve the security of vulnerable organizations. Full article

The aim of this study is to reveal in an interpretive way how computer-mediated communication, the Internet, and social media can be grasped by authority models and how these new types of authority influence religious communities that are (also) present on online platforms. In some cases, computer-mediated communication weakened and made traditional church authorities porous, but in other cases, it specifically helped and strengthened them. In other words, the impact of digital media is not uniform or unidirectional in this respect. Although there is no doubt that the Internet has multiplied it, made it optional, and personalized it from the user’s point of view, it has made religious authority customizable. The power of choice means that, in the digital sphere, the user decides when, what form of network authority they will submit to, for how long, and why they do so. In the classics of the sociology of religion, the concept of authority appears in a hierarchical representation under the concepts of (social) order and rationality. In other words, it cannot be thought of in a way that is contrary to rationality and contrary to social order. In network communication, the concept of authority is subordinated to technology, or as Castells puts it, power can only be interpreted with the logic of the network. Of course, the technological network and its contents are under external (legal) control, but it is precisely the power of the symbolic struggles taking place here that shows how important this issue is in the 21st century. The concept of authority classified under technology will no longer be linked to order or rationality, but to the processes of control, datafication, and attention management on the part of the owners of the platforms, while from the users’ side to concepts such as identity, authenticity, choice, and voluntariness. Its boundaries will be malleable, and the phenomenon itself will multiply. In summary, we cannot talk about one single online religious authority but more types of religious authorities, which are continuously and discursively formed, change, and occasionally hybridize. Full article

We present an active attack that targets Ateniese et al.’s authenticated group key agreement, which, as a particular case, includes the well-known multiparty key exchange protocol CLIQUES that allows a group of users to build a common secret using some private values in a collaborative and distributed way, naturally extending the foundational key exchange introduced by Diffie and Hellman between two communicating parties that motivated the birth of public key cryptography. Ateniese et al.’s protocol adds some authentication information, allowing the parties to trust the exchanged information, but we show that it is possible to surpass this as well. The attack allows a malicious party to agree on a secret with the rest of the legal members of the group without their knowledge, so all the distributed information can be accessed using this secret. In addition, this is shown under a well-known cryptographic model that, in principle, requires absolute control of group communications, but, in fact, it only requires malicious control of the communications of a single arbitrary user and only for the duration of the key exchange. This means that after the attack, the malicious party does not have to take any other actions that could reveal a clue that an attack occurred and that the distributed information is being illegally accessed, contrary to a typical man-in-the-middle attack where the attacker has to continue the activity, meaning this could be detected at some point. Full article

As the Internet of Things (IoT) continues to revolutionize the way we interact with our living spaces, the concept of smart homes has become increasingly prevalent. However, along with the convenience and connectivity offered by IoT-enabled devices in smart homes comes a range of security challenges. This paper explores the landscape of smart-home security. In contrast to similar surveys, this study also examines the particularities of popular categories of smart devices, like home assistants, TVs, AR/VR, locks, sensors, etc. It examines various security threats and vulnerabilities inherent in smart-home ecosystems, including unauthorized access, data breaches, and device tampering. Additionally, the paper discusses existing security mechanisms and protocols designed to mitigate these risks, such as encryption, authentication, and intrusion-detection systems. Furthermore, it highlights the importance of user awareness and education in maintaining the security of smart-home environments. Finally, the paper proposes future research directions and recommendations for enhancing smart-home security with IoT, including the development of robust security best practices and standards, improved device authentication methods, and more effective intrusion-detection techniques. By addressing these challenges, the potential of IoT-enabled smart homes to enhance convenience and efficiency while ensuring privacy, security, and cyber-resilience can be realized. Full article

Managing access between large numbers of distributed medical devices has become a crucial aspect of modern healthcare systems, enabling the establishment of smart hospitals and telehealth infrastructure. However, as telehealth technology continues to evolve and Internet of Things (IoT) devices become more widely used, they are also increasingly exposed to various types of vulnerabilities and medical errors. In healthcare information systems, about 90% of vulnerabilities emerge from medical error and human error. As a result, there is a need for additional research and development of security tools to prevent such attacks. This article proposes a zero-trust-based context-aware framework for managing access to the main components of the cloud ecosystem, including users, devices, and output data. The main goal and benefit of the proposed framework is to build a scoring system to prevent or alleviate medical errors while using distributed medical devices in cloud-based healthcare information systems. The framework has two main scoring criteria to maintain the chain of trust. First, it proposes a critical trust score based on cloud-native microservices for authentication, encryption, logging, and authorizations. Second, a bond trust scoring system is created to assess the real-time semantic and syntactic analysis of attributes stored in a healthcare information system. The analysis is based on a pre-trained machine learning model that generates the semantic and syntactic scores. The framework also takes into account regulatory compliance and user consent in the creation of the scoring system. The advantage of this method is that it applies to any language and adapts to all attributes, as it relies on a language model, not just a set of predefined and limited attributes. The results show a high F1 score of 93.5%, which proves that it is valid for detecting medical errors. Full article

With the continuous advancement of information technology, a growing number of works, including articles, paintings, and music, are being digitized. Digital content can be swiftly shared and disseminated via the Internet. However, it is also vulnerable to malicious plagiarism, which can seriously infringe upon the rights of creators and dampen their enthusiasm. To protect creators’ rights and interests, a sophisticated method is necessary to authenticate digital intellectual property rights. Traditional authentication methods rely on centralized, trustworthy organizations that are susceptible to single points of failure. Additionally, these methods are prone to network attacks that can lead to data loss, tampering, or leakage. Moreover, the circulation of copyright information often lacks transparency and traceability in traditional systems, which leads to information asymmetry and prevents creators from controlling the use and protection of their personal information during the authentication process. Blockchain technology, with its decentralized, tamper-proof, and traceable attributes, addresses these issues perfectly. In blockchain technology, each node is a peer, ensuring the symmetry of information. However, the transparent feature of blockchains can lead to the leakage of user privacy data. Therefore, this study designs and implements an Ethereum blockchain-based intellectual property authentication scheme with privacy protection. Firstly, we propose a method that combines elliptic curve cryptography (ECC) encryption with digital signatures to achieve selective encryption of user personal information. Subsequently, an authentication algorithm based on Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) is adopted to complete the authentication of intellectual property ownership while encrypting personal privacy data. Finally, we adopt the InterPlanetary File System (IPFS) to store large files, solving the problem of blockchain storage space limitations. Full article

This research article delves into the development of a reinforcement learning (RL)-based continuous authentication system utilizing behavioral biometrics for user identification on computing devices. Keystroke dynamics are employed to capture unique behavioral biometric signatures, while a reward-driven RL model is deployed to authenticate users throughout their sessions. The proposed system augments conventional authentication mechanisms, fortifying them with an additional layer of security to create a robust continuous authentication framework compatible with static authentication systems. The methodology entails training an RL model to discern atypical user typing patterns and identify potentially suspicious activities. Each user’s historical data are utilized to train an agent, which undergoes preprocessing to generate episodes for learning purposes. The environment involves the retrieval of observations, which are intentionally perturbed to facilitate learning of nonlinear behaviors. The observation vector encompasses both ongoing and summarized features. A binary and minimalist reward function is employed, with principal component analysis (PCA) utilized for encoding ongoing features, and the double deep Q-network (DDQN) algorithm implemented through a fully connected neural network serving as the policy net. Evaluation results showcase training accuracy and equal error rate (EER) ranging from 94.7% to 100% and 0 to 0.0126, respectively, while test accuracy and EER fall within the range of approximately 81.06% to 93.5% and 0.0323 to 0.11, respectively, for all users as encoder features increase in number. These outcomes are achieved through RL’s iterative refinement of rewards via trial and error, leading to enhanced accuracy over time as more data are processed and incorporated into the system. Full article

With the rapid popularization of current Internet of Things (IoT) technology and 5G networks, as well as the continuous updating of new service lifestyles and businesses, the era of big data processing for the IoT has arrived. However, centralizing all data for processing in the cloud can lead to issues such as communication latency and privacy breaches. To solve these problems, edge computing, as a new network architecture close to terminal data sources and supporting low latency services, has gradually emerged. In this context, cloud edge collaborative computing has become an important network architecture. With the changing security requirements and communication methods of cloud edge collaborative network architecture, traditional authentication key agreement protocols are no longer applicable. Therefore, a new IoT authentication and key agreement protocol needs to be designed to solve this problem. This study proposes an IoT accessible solution for cloud edge collaboration. This scheme adopts a chaotic mapping algorithm to achieve efficient authentication. It ensures the anonymity and untraceability of users. Following this, we conducted strict security verification using BAN logic and Scyther tools. Through experimental comparative analysis, the research results show that the protocol performs better than other schemes while ensuring security. This indicates that the protocol can achieve efficient authentication and key negotiation in cloud edge collaborative network architecture, providing a secure and reliable solution for the accessibility of the IoT. Full article

The future of the internet is moving toward decentralization, with decentralized networks and blockchain technology playing essential roles in different sectors. Decentralized networks offer equality, accessibility, and security at a societal level, while blockchain technology guarantees security, authentication, and openness. Integrating blockchain technology with decentralized characteristics has become increasingly significant in finance; we call this “decentralized finance” (DeFi). As of January 2023, the DeFi crypto market capitalized USD 46.21 billion and served over 6.6 million users. As DeFi continues to outperform traditional finance (TradFi), it provides reduced fees, increased inclusivity, faster transactions, enhanced security, and improved accessibility, transparency, and programmability; it also eliminates intermediaries. For end users, DeFi presents asset custody options, peer-to-peer transactions, programmable control features, and innovative financial solutions. Despite its rapid growth in recent years, there is limited comprehensive research on mapping DeFi’s benefits and risks alongside its role as an enabling technology within the financial services sector. This research addresses these gaps by developing a DeFi classification system, organizing information, and clarifying connections among its various aspects. The research goal is to improve the understanding of DeFi in both academic and industrial circles to promote comprehension of DeFi taxonomy. This well-organized DeFi taxonomy aids experts, regulators, and decision-makers in making informed and strategic decisions, thereby fostering responsible integration into TradFi for effective risk management. This study enhances DeFi security by providing users with clear guidance on existing mechanisms and risks in DeFi, reducing susceptibility to misinformation, and promoting secure participation. Additionally, it offers an overview of DeFi’s role in shaping the future of the internet. Full article

Artificial intelligence-generated content (AIGC) technology has had disruptive results in AI, representing a new trend in research and application and promoting a new era of AI. The potential benefits of this technology are both profound and diverse. However, the benefits of generative tools are accompanied by a series of significant challenges, the most critical of which is that it may cause AI information pollution on social media and mislead the public. Traditional network security models have shown their limitations in dealing with today’s complex network threats, so ensuring that generated content published on social media accurately reflects the true intentions of content creators has become particularly important. This paper proposes a security framework called “secToken”. The framework adopts multi-level security and privacy protection measures. It combines deep learning and network security technology to ensure users’ data integrity and confidentiality while ensuring credibility of the published content. In addition, the framework introduces the concept of zero trust security, integrates OAuth2.0 ideas, and provides advanced identity authentication, fine-grained access control, continuous identity verification, and other functions, to comprehensively guarantee the published content’s reliability on social media. This paper considers the main issues of generative content management in social media and offers some feasible solutions. Applying the security framework proposed in this paper, the credibility of generated content published on social media can be effectively ensured and can help detect and audit published content on social media. At the operational level, when extracting key information summaries from user-generated multimodal artificial intelligence-generated content and binding them to user identity information as a new token to identify user uniqueness, it can effectively associate user identity information with the current network status and the generated content to be published on the platform. This method significantly enhances system security and effectively prevents information pollution caused by generative artificial intelligence on social media platforms. This innovative method provides a powerful solution for addressing social and ethical challenges and network security issues. Full article

Recently, as the non-face-to-face society persists due to the coronavirus (COVID-19), the Internet usage rate continues to increase, and input devices, such as keyboards and mice, are mainly used to authenticate users in non-face-to-face environments. Due to the nature of the non-face-to-face environment, important personal data are processed, and since these personal data include authentication information, it is very important to protect them. As such, personal information, including authentication information, is entered mainly from the keyboard, and attackers use attack tools, such as keyloggers, to steal keyboard data in order to grab sensitive user information. Therefore, to prevent disclosure of sensitive keyboard input, various image-based user authentication technologies have emerged that allow sensitive information, such as authentication information, to be entered via mouse. To address mouse data stealing vulnerabilities via GetCursorPos() function or WM_INPUT message, which are representative mouse data attack techniques, a mouse data defense technique has emerged that prevents attackers from classifying real mouse data and fake mouse data by the defender generating fake mouse data. In this paper, we propose a mouse data attack technique using machine learning against a mouse data defense technique using the WM_INPUT message. The proposed technique uses machine learning models to classify fake mouse data and real mouse data in a scenario where the mouse data defense technique, utilizing the WM_INPUT message in image-based user authentication, is deployed. This approach is verified through experiments designed to assess its effectiveness in preventing the theft of real mouse data, which constitute the user’s authentication information. For verification purposes, a mouse data attack system was configured, and datasets for machine learning were established by collecting mouse data from the configured attack system. To enhance the performance of machine learning classification, evaluations were conducted based on data organized according to various machine learning models, datasets, features, and generation cycles. The results, highlighting the highest performance in terms of features and datasets were derived. If the mouse data attack technique proposed in this paper is used, attackers can potentially steal the user’s authentication information from various websites or services, including software, systems, and servers that rely on authentication information. It is anticipated that attackers may exploit the stolen authentication information for additional damages, such as voice phishing. In the future, we plan to conduct research on defense techniques aimed at securely protecting mouse data, even if the mouse data attack technique proposed in this paper is attempted. Full article

A device’s intrinsic security fingerprint, representing its physical characteristics, serves as a unique identifier for user devices and is highly regarded in the realms of device security and identity recognition. However, fluctuations in the environmental noise can introduce variations in the physical features of the device. To address this issue, this paper proposes an innovative method to enable the device’s intrinsic security fingerprint to adapt to environmental changes, aiming to improve the accuracy of the device’s intrinsic security fingerprint recognition in real-world physical environments. This paper initiates continuous data collection of device features in authentic noisy environments, recording the temporal changes in the device’s physical characteristics. The problem of unstable physical features is framed as a restricted statistical learning problem with a localized information structure. This paper employs an aggregated hypergraph neural network architecture to process the temporally changing physical features. This allows the system to acquire aggregated local state information from the interactive influences of adjacent sequential signals, forming an adaptive environment-enhanced device intrinsic security fingerprint recognition model. The proposed method enhances the accuracy and reliability of device intrinsic security fingerprint recognition in outdoor environments, thereby strengthening the overall security of terminal devices. Experimental results indicate that the method achieves a recognition accuracy of 98% in continuously changing environmental conditions, representing a crucial step in reinforcing the security of Internet of Things (IoT) devices when confronted with real-world challenges. Full article

Continuous authentication enhances security by re-verifying a user’s validity during the active session. It utilizes data about users’ behavioral actions and contextual information to authenticate them continuously. Such data contain information about user-sensitive attributes such as gender, age, contextual information, and may also provide information about the user’s emotional states. The collection and processing of sensitive data cause privacy concerns. In this paper, we propose two efficient protocols that enable privacy-preserving continuous authentication. The contribution is to prevent the disclosure of user-sensitive attributes using partial homomorphic cryptographic primitives and reveal only the aggregated result without the explicit use of decryption. The protocols complete an authentication decision in a single unidirectional transmission and have very low communication and computation costs with no degradation in biometric performance. Full article