The document proposes an intelligent model to automatically select the login authentication method in a multi-modal authentication system based on user behavior profiling. It analyzes user behavior data from login sessions to minimize real-time processing and prevent untrusted attempts, while facilitating a frictionless user experience. The system determines the user, retrieves their behavioral historical data, matches the user profile based on data retrieval, and selects the authentication method based on evaluating the user profile and environmental parameters. It then updates the user profile with new successful login session data for future evaluations.
ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM csandit
This document presents the results of a case study on an adaptive authentication system. The study analyzed over 171,000 login records from over 1,200 users collected over 254 days. It found that most logins occurred during standard working hours and from within the organization's internal network. When analyzing attribute factors like location, time, browser and operating system, it found most logins originated from Kuala Lumpur, Malaysia, and the most used browser and operating system combination was Chrome on Windows 7. The study aims to evaluate the adaptive authentication system's ability to determine risk levels based on normal user behavior profiles.
This document presents a technique to enhance password-username authentication by addressing SQL injection and online password guessing attacks. The technique combines cryptographic hashing of passwords, recognition-based graphical passwords, and parameterized queries. Users register with a username, password, and graphical password. The password is hashed with a salt during registration. Login allows two attempts with the username and password before requiring the graphical password. IPs are blocked after one failed graphical attempt to prevent brute force attacks while still allowing legitimate users access. Security testing showed the technique prevented SQL injection and online password guessing attacks.
Continuous User Identity Verification through Secure Login SessionIRJET Journal
This document proposes a system for continuous user identity verification through secure login sessions using multi-modal biometrics. The system uses biometrics like fingerprints, facial recognition, and keyboard dynamics along with one-time passwords and random security questions to authenticate users. During login sessions, one-time passwords are sent to the user's email and random questions are asked every 5-10 minutes to continuously verify the user's identity. This prevents unauthorized access if the user leaves their device unattended during a session. The proposed system detects misuse of resources and prevents malicious activities through continuous multi-modal biometric authentication. Biometric and user data are stored on smartphones and web services.
Token-based Single Sign-on with JWT as Information System Dashboard for Gover...TELKOMNIKA JOURNAL
Various web-based information systems are developed by Indonesian government to improve quality of services for their society. It encourages users, generally civil servants, to perform different authentications on used information systems and have to remember credentials. Account management of the users poses another challenge for administrators. Single Sign-On (SSO) can be the solution by providing a service of centralized authentication and user account management. This study applies a token-based SSO architecture and uses Json Web Token (JWT) to grant permission authorities, since JWT can provide a claim process between 2 parties. Additionally, the built-in dashboard lists associated information systems to facilitate accessing for the authenticated users. This study will discuss JWT implementation on the dashboard of government information systems that implements SSO, which will generate the permission authorities securely for connected information systems on SSO.
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
Current password authentication system was proven not secure enough to protect the information from intruders. However, various research has been done and the results show the value of FRR still low and the value of FAR still high. Thus, one of the methods suggests, is enhancing the current system using keystroke dynamics. Keystroke dynamics is a type of biometric authentication that does not require any special hardware, easy to use as the same routine as normal password authentication. Therefore, this research proposed an authentication system using keystroke dynamics to prevent the system from intruders. A system is developed that consist of two parts which are enrolment and verification. Then, a prototype is developed for testing process that consists of 3 main modules, namely Enrolment, Client/Server Connection
and, Verification and Retraining. Based on the testing, the system proved that the keystroke dynamic authentication system was able to implement in client/server environment and shows the value of EER is low that indicates it provide a better system authentication. In future, the system can be improved by enhancing the security, performance, and user interface.
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
The document proposes an adaptive algorithm to prevent SQL injection attacks. It first surveys different SQL injection methods like tautology attacks, piggybacked queries, union queries, and illegal queries. It then analyzes existing techniques like parse tree validation and code conversion. The proposed method combines these techniques by parsing user input, checking for vulnerabilities, and applying code conversion if needed. The algorithm is implemented in PHP and MySQL and results show it can sanitize input securely without performance overhead. The adaptive approach provides stronger security than existing individual techniques.
ADAPTIVE AUTHENTICATION: A CASE STUDY FOR UNIFIED AUTHENTICATION PLATFORM csandit
This document presents the results of a case study on an adaptive authentication system. The study analyzed over 171,000 login records from over 1,200 users collected over 254 days. It found that most logins occurred during standard working hours and from within the organization's internal network. When analyzing attribute factors like location, time, browser and operating system, it found most logins originated from Kuala Lumpur, Malaysia, and the most used browser and operating system combination was Chrome on Windows 7. The study aims to evaluate the adaptive authentication system's ability to determine risk levels based on normal user behavior profiles.
This document presents a technique to enhance password-username authentication by addressing SQL injection and online password guessing attacks. The technique combines cryptographic hashing of passwords, recognition-based graphical passwords, and parameterized queries. Users register with a username, password, and graphical password. The password is hashed with a salt during registration. Login allows two attempts with the username and password before requiring the graphical password. IPs are blocked after one failed graphical attempt to prevent brute force attacks while still allowing legitimate users access. Security testing showed the technique prevented SQL injection and online password guessing attacks.
Continuous User Identity Verification through Secure Login SessionIRJET Journal
This document proposes a system for continuous user identity verification through secure login sessions using multi-modal biometrics. The system uses biometrics like fingerprints, facial recognition, and keyboard dynamics along with one-time passwords and random security questions to authenticate users. During login sessions, one-time passwords are sent to the user's email and random questions are asked every 5-10 minutes to continuously verify the user's identity. This prevents unauthorized access if the user leaves their device unattended during a session. The proposed system detects misuse of resources and prevents malicious activities through continuous multi-modal biometric authentication. Biometric and user data are stored on smartphones and web services.
Token-based Single Sign-on with JWT as Information System Dashboard for Gover...TELKOMNIKA JOURNAL
Various web-based information systems are developed by Indonesian government to improve quality of services for their society. It encourages users, generally civil servants, to perform different authentications on used information systems and have to remember credentials. Account management of the users poses another challenge for administrators. Single Sign-On (SSO) can be the solution by providing a service of centralized authentication and user account management. This study applies a token-based SSO architecture and uses Json Web Token (JWT) to grant permission authorities, since JWT can provide a claim process between 2 parties. Additionally, the built-in dashboard lists associated information systems to facilitate accessing for the authenticated users. This study will discuss JWT implementation on the dashboard of government information systems that implements SSO, which will generate the permission authorities securely for connected information systems on SSO.
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICSIJNSA Journal
Current password authentication system was proven not secure enough to protect the information from intruders. However, various research has been done and the results show the value of FRR still low and the value of FAR still high. Thus, one of the methods suggests, is enhancing the current system using keystroke dynamics. Keystroke dynamics is a type of biometric authentication that does not require any special hardware, easy to use as the same routine as normal password authentication. Therefore, this research proposed an authentication system using keystroke dynamics to prevent the system from intruders. A system is developed that consist of two parts which are enrolment and verification. Then, a prototype is developed for testing process that consists of 3 main modules, namely Enrolment, Client/Server Connection
and, Verification and Retraining. Based on the testing, the system proved that the keystroke dynamic authentication system was able to implement in client/server environment and shows the value of EER is low that indicates it provide a better system authentication. In future, the system can be improved by enhancing the security, performance, and user interface.
A Survey on Authorization Systems for Web Applicationsiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
The document proposes an adaptive algorithm to prevent SQL injection attacks. It first surveys different SQL injection methods like tautology attacks, piggybacked queries, union queries, and illegal queries. It then analyzes existing techniques like parse tree validation and code conversion. The proposed method combines these techniques by parsing user input, checking for vulnerabilities, and applying code conversion if needed. The algorithm is implemented in PHP and MySQL and results show it can sanitize input securely without performance overhead. The adaptive approach provides stronger security than existing individual techniques.
Website vulnerability to session fixation attacksAlexander Decker
This document summarizes a study that analyzed 125 Indonesian websites for vulnerability to session fixation attacks. The study found that 48% of websites were vulnerable, most due to reusing the same session IDs. The study provides recommendations for programmers to prevent session fixation, including regenerating session IDs and checking the HTTP referer header. It also recommends future research on predicting regenerated session IDs and designing efficient defenses against session fixation attacks.
The document provides a guide for CIS 349 final exams with questions on various topics related to information security, including business drivers, laws, authorization, security assessments, logical access controls, and domains such as LAN, WAN, remote access, and system/application. It also includes two practice exams with additional questions.
CIS 349 RANK Lessons in Excellence--cis349rank.comRoelofMerwe139
The document provides a guide for CIS 349 final exam questions covering various topics related to information security domains. It includes questions about business drivers, laws like FERPA, authentication methods, availability, authorization, security assessments, logical and physical access controls, penetration testing steps, network security domains, encryption techniques, application security best practices, disaster recovery plans, and audit certifications. The guide is intended to help students prepare for the CIS 349 final exam by reviewing common concepts that may be tested.
The document provides a guide for CIS 349 final exam questions and assignments related to designing technical safeguards to comply with FERPA in a small college registrar's office. It also includes questions about various IT security domains and controls. The assistant is asked to analyze physical access controls, audit controls, and logical access methods for the registrar's office to restrict unauthorized access to student records. Transmission security techniques are also to be identified. Additionally, the assistant is to evaluate access control methods and recommend the best approach for a federal contractor based on mandatory access control, discretionary access control and role-based access control. Finally, hardware and software controls are to be proposed and diagrammed for a financial firm's LAN-to-
This document provides study materials for the CIS 349 final exam, including guides with questions and answers on various topics related to information security. It covers concepts like business drivers, compliance laws, authentication methods, availability, logical access controls, penetration testing steps, network security testing, controls for different network domains (LAN, WAN, remote access, system/application), and audit certifications. The materials are organized into multiple sets that could be used to prepare for the exam. Key topics assessed include technical and administrative controls for different network environments, compliance requirements, security assessments, and access control methods.
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
An emerging approach to the problem of identity theft is represented by
the adoption of biometric authentication systems. Such systems however present
several challenges, related to privacy, reliability and security of the biometric data.
Inter-operability is also required among the devices used for authentication. Moreover,
very often biometric authentication in itself is not sufficient as a conclusive
proof of identity and has to be complemented with multiple other proofs of identity
such as passwords, SSN, or other user identifiers. Multi-factor authentication mechanisms
are thus required to enforce strong authentication based on the biometric
and identifiers of other nature.
In this paper we propose a two-phase authentication mechanism for federated
identity management systems. The first phase consists of a two-factor biometric
authentication based on zero knowledge proofs. We employ techniques from the
vector-space model to generate cryptographic biometric keys. These keys are kept
secret, thus preserving the confidentiality of the biometric data, and at the same
time exploit the advantages of biometric authentication. The second phase combines
several authentication factors in conjunction with the biometric to provide a
strong authentication. A key advantage of our approach is that any unanticipated
combination of factors can be used. Such authentication system leverages the information
of the user that are available from the federated identity management
system.
CIS 349 Imagine Your Future/newtonhelp.com bellflower46
For more course tutorials visit
www.newtonhelp.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
Secure Code Generation for Multi-level Mutual AuthenticationTELKOMNIKA JOURNAL
Any secured system requires one or more logging policies to make that system safe. Static
passwords alone cannot be furthermore enough for securing systems, even with strong passwords illegal
intrusions occur or it suffers the risk of forgotten. Authentication using many levels (factors) might
complicate the steps when intruders try to reach system resources. Any person to be authorized for
logging-in a secured system must provide some predefined data or present some entities that identify
his/her authority. Predefined information between the client and the system help to get more secure level
of logging-in. In this paper, the user that aims to log-in to a secured system must provide a recognized
RFID card with a mobile number, which is available in the secured systems database, then the secured
system with a simple algorithm generates a One-time Password that is sent via GSM Arduino compatible
shield to the user announcing him/her as an authorized person.
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
This document proposes an adaptive authentication method that determines login penalties based on multiple input sources. It describes adding an IP address checker module to the existing Trust Engine component of the Mi-UAP authentication platform. The IP address checker would identify the source type of the user's IP address and apply the appropriate penalty, such as requiring additional authentication methods or blocking the user, depending on factors like whether the IP is on a blacklist database. The document outlines the process and provides examples of how penalties would be applied based on the identified source type.
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
This document proposes an adaptive authentication solution that determines login penalties based on multiple input sources. It describes adding an IP address checker module to the existing Trust Engine component of the Mi-UAP authentication platform. The IP address checker would identify the source type of a user's IP address and apply the appropriate penalty, such as requiring additional authentication methods or blocking the user, depending on factors like whether the IP is on a blacklist database. The document outlines the process flow and provides examples of how penalties would be applied based on the identified source type.
Cross cloud single sign on (sso) using tokenseSAT Journals
Abstract
The cloud computing service provider ensures the security of their services by username/password schemes. Such type of scheme may be suitable for small personalized services but not for the large scale organizations where employees may require to login for more than one application related to various clouds. This paper identifies the issues of multiple logins and presents how multiple applications of various clouds are accessed by single login process securely. Single Sign-On is the mechanism where a user only need to authenticate him/her self once, then has the ability to access other protected resources without having to re-authenticate. Our objective is to design the single sign on architecture for more than one cloud’s applications. Due to that client log in only one time at time and automatically user login in remaining cloud applications and assess successful same process is for log out only user logout once then user logout properly from the all of the cloud applications. The login audits are done for the security purpose and its controlling by admin panel. Cloud service providers also neither need to support redundant registration process for new accounts of applications nor dealing with enormous databases for same user of multiple applications and managing multiple authentication credentials is annoying for users and as well as for authentication system. In other words, Single sign-on (SSO) is the mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Continuous and Transparent User Identity Verification for Secure Internet Ser...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
This document describes a software design approach for developing secure data management applications using model-driven development. It involves modeling an application's conceptual model, security model, and graphical user interface model. A model transformation lifts security policies from the security model to the GUI model. The models are validated for correctness before code generation. The approach was implemented in a tool called Sculpture, which was used to develop three secure web applications: a volunteer management app, electronic health record app, and meal service management app. The approach aims to improve on previous work by providing more expressive modeling languages, validation of models, and automated generation of secure multi-tier applications.
Website vulnerability to session fixation attacksAlexander Decker
This document summarizes a study that analyzed 125 Indonesian websites for vulnerability to session fixation attacks. The study found that 48% of websites were vulnerable, most due to reusing the same session IDs. The study provides recommendations for programmers to prevent session fixation, including regenerating session IDs and checking the HTTP referer header. It also recommends future research on predicting regenerated session IDs and designing efficient defenses against session fixation attacks.
The document provides a guide for CIS 349 final exams with questions on various topics related to information security, including business drivers, laws, authorization, security assessments, logical access controls, and domains such as LAN, WAN, remote access, and system/application. It also includes two practice exams with additional questions.
CIS 349 RANK Lessons in Excellence--cis349rank.comRoelofMerwe139
The document provides a guide for CIS 349 final exam questions covering various topics related to information security domains. It includes questions about business drivers, laws like FERPA, authentication methods, availability, authorization, security assessments, logical and physical access controls, penetration testing steps, network security domains, encryption techniques, application security best practices, disaster recovery plans, and audit certifications. The guide is intended to help students prepare for the CIS 349 final exam by reviewing common concepts that may be tested.
The document provides a guide for CIS 349 final exam questions and assignments related to designing technical safeguards to comply with FERPA in a small college registrar's office. It also includes questions about various IT security domains and controls. The assistant is asked to analyze physical access controls, audit controls, and logical access methods for the registrar's office to restrict unauthorized access to student records. Transmission security techniques are also to be identified. Additionally, the assistant is to evaluate access control methods and recommend the best approach for a federal contractor based on mandatory access control, discretionary access control and role-based access control. Finally, hardware and software controls are to be proposed and diagrammed for a financial firm's LAN-to-
This document provides study materials for the CIS 349 final exam, including guides with questions and answers on various topics related to information security. It covers concepts like business drivers, compliance laws, authentication methods, availability, logical access controls, penetration testing steps, network security testing, controls for different network domains (LAN, WAN, remote access, system/application), and audit certifications. The materials are organized into multiple sets that could be used to prepare for the exam. Key topics assessed include technical and administrative controls for different network environments, compliance requirements, security assessments, and access control methods.
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more course tutorials visit
www.tutorialrank.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
2) The first step in the implementation of separation of duties is to use access controls to prevent unauthorized data access. The ultimate goal is to define access control where each user has the permissions to carry out assigned tasks and nothing else. This is known
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
For more classes visit
www.snaptutorial.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
An emerging approach to the problem of identity theft is represented by
the adoption of biometric authentication systems. Such systems however present
several challenges, related to privacy, reliability and security of the biometric data.
Inter-operability is also required among the devices used for authentication. Moreover,
very often biometric authentication in itself is not sufficient as a conclusive
proof of identity and has to be complemented with multiple other proofs of identity
such as passwords, SSN, or other user identifiers. Multi-factor authentication mechanisms
are thus required to enforce strong authentication based on the biometric
and identifiers of other nature.
In this paper we propose a two-phase authentication mechanism for federated
identity management systems. The first phase consists of a two-factor biometric
authentication based on zero knowledge proofs. We employ techniques from the
vector-space model to generate cryptographic biometric keys. These keys are kept
secret, thus preserving the confidentiality of the biometric data, and at the same
time exploit the advantages of biometric authentication. The second phase combines
several authentication factors in conjunction with the biometric to provide a
strong authentication. A key advantage of our approach is that any unanticipated
combination of factors can be used. Such authentication system leverages the information
of the user that are available from the federated identity management
system.
CIS 349 Imagine Your Future/newtonhelp.com bellflower46
For more course tutorials visit
www.newtonhelp.com
CIS 349 Final Exam Guide Set 1
1) ___________ are the components, including people, information, and conditions, that support business objectives.
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
The usage of sensitive online services and applications such as online banking, e-commerce etc is increasing day by day. These technologies have tremendously improved making our daily life easier. However, these developments have been accompanied by E-piracy where attackers try to get access to services illegally. As sensitive information flow through Internet, they need support for security properties such as authentication, authorization, data confidentiality. Perhaps static password (User ID & password) is the most common and widely accepted authentication method. Online applications need strong password such as a combination of alphanumeric with special characters. In general, having one password for a single service may be easy to remember, but controlling many passwords for different services poses a tedious task on users online applications . Usually users try to use same password for different services or make slight changes in the password which can be easy for attacker to guess adding increased security threat. In order to overcome this, stronger authentication solutions need to be suggested and adapted for services based network.
Secure Code Generation for Multi-level Mutual AuthenticationTELKOMNIKA JOURNAL
Any secured system requires one or more logging policies to make that system safe. Static
passwords alone cannot be furthermore enough for securing systems, even with strong passwords illegal
intrusions occur or it suffers the risk of forgotten. Authentication using many levels (factors) might
complicate the steps when intruders try to reach system resources. Any person to be authorized for
logging-in a secured system must provide some predefined data or present some entities that identify
his/her authority. Predefined information between the client and the system help to get more secure level
of logging-in. In this paper, the user that aims to log-in to a secured system must provide a recognized
RFID card with a mobile number, which is available in the secured systems database, then the secured
system with a simple algorithm generates a One-time Password that is sent via GSM Arduino compatible
shield to the user announcing him/her as an authorized person.
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
This document proposes an adaptive authentication method that determines login penalties based on multiple input sources. It describes adding an IP address checker module to the existing Trust Engine component of the Mi-UAP authentication platform. The IP address checker would identify the source type of the user's IP address and apply the appropriate penalty, such as requiring additional authentication methods or blocking the user, depending on factors like whether the IP is on a blacklist database. The document outlines the process and provides examples of how penalties would be applied based on the identified source type.
Adaptive authentication to determine login attempt penalty from multiple inpu...Conference Papers
This document proposes an adaptive authentication solution that determines login penalties based on multiple input sources. It describes adding an IP address checker module to the existing Trust Engine component of the Mi-UAP authentication platform. The IP address checker would identify the source type of a user's IP address and apply the appropriate penalty, such as requiring additional authentication methods or blocking the user, depending on factors like whether the IP is on a blacklist database. The document outlines the process flow and provides examples of how penalties would be applied based on the identified source type.
Cross cloud single sign on (sso) using tokenseSAT Journals
Abstract
The cloud computing service provider ensures the security of their services by username/password schemes. Such type of scheme may be suitable for small personalized services but not for the large scale organizations where employees may require to login for more than one application related to various clouds. This paper identifies the issues of multiple logins and presents how multiple applications of various clouds are accessed by single login process securely. Single Sign-On is the mechanism where a user only need to authenticate him/her self once, then has the ability to access other protected resources without having to re-authenticate. Our objective is to design the single sign on architecture for more than one cloud’s applications. Due to that client log in only one time at time and automatically user login in remaining cloud applications and assess successful same process is for log out only user logout once then user logout properly from the all of the cloud applications. The login audits are done for the security purpose and its controlling by admin panel. Cloud service providers also neither need to support redundant registration process for new accounts of applications nor dealing with enormous databases for same user of multiple applications and managing multiple authentication credentials is annoying for users and as well as for authentication system. In other words, Single sign-on (SSO) is the mechanism whereby a single action of user authentication and authorization can permit a user to access all computers and systems where that user has access permission, without the need to enter multiple passwords.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Continuous and Transparent User Identity Verification for Secure Internet Ser...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
This document describes a software design approach for developing secure data management applications using model-driven development. It involves modeling an application's conceptual model, security model, and graphical user interface model. A model transformation lifts security policies from the security model to the GUI model. The models are validated for correctness before code generation. The approach was implemented in a tool called Sculpture, which was used to develop three secure web applications: a volunteer management app, electronic health record app, and meal service management app. The approach aims to improve on previous work by providing more expressive modeling languages, validation of models, and automated generation of secure multi-tier applications.
Abstraction and Automation: A Software Design Approach for Developing Secure ...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
A CRYPTOGRAPHIC MUTUAL AUTHENTICATION SCHEME FOR WEB APPLICATIONSIJNSA Journal
The majority of current web authentication is built on username/password. Unfortunately, password replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose a new mutual authentication scheme called StrongAuth which preserves most password authentication advantages and simultaneously improves security using cryptographic primitives. Our scheme not only offers webmasters a clear framework which to build secure user authentication, but it also provides almost the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PREMISESIRJET Journal
The document discusses a machine learning based security system for office premises that uses four steps for authentication: 1) credentials for login, 2) facial recognition using Haar cascade, 3) one-time password generation, and 4) auto-logout. This approach aims to provide strong security by restricting unauthorized access and automatically logging users out. It also ensures data integrity and confidentiality. The system is meant to authenticate users in an office setting and maintain individual work privacy.
This document proposes and evaluates a statistical approach to classify user login attempts as normal or suspicious based on multiple parameters. It aims to strengthen password-based authentication without changing user behavior. The key points are:
(1) It develops a statistical framework to identify suspicious login attempts based on features like source IP, location, browser, and time. This allows imposing additional verification steps only on suspicious attempts.
(2) It prototypes the system and evaluates it on real login data, finding it can prevent the majority of attacks while imposing additional friction on a small fraction of users.
(3) It considers potential attacks against the classifier and evaluates the system's resistance through experiments simulating attacks.
A cryptographic mutual authentication scheme for web applicationsIJNSA Journal
The majority of current web authentication is built
on username/password. Unfortunately, password
replacement offers more security, but it is difficult to use and expensive to deploy. In this paper, we propose
a new mutual authentication scheme called StrongAuth which preserves most password authentication
advantages and simultaneously improves security using cryptographic primitives. Our scheme not only
offers webmasters a clear framework which to build
secure user authentication, but it also provides almost
the same conventional user experience. Security analysis shows that the proposed scheme fulfills the required user authentication security benefits, and can resist various possible attacks.
An Efficient User VErification System via Mouse MovementsOuzza Brahim
This document presents a new user verification system based on mouse movement biometrics. The system uses fine-grained angle-based metrics to characterize users' mouse movements. It then employs support vector machines to accurately and quickly verify users based on these mouse movement patterns. Experiments on over 1,000 users showed the system can verify a user within a few mouse clicks with high accuracy, making it suitable for online user verification. The key innovation is the use of angle-based metrics capturing the point-by-point direction and curvature of mouse movements.
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET Journal
This document discusses an approach for continuous and transparent user identification for secure web services using biometrics. It proposes a framework called CASHMA (Context-Aware Security by Hierarchical Multilevel Architecture) that uses multi-modal biometrics for continuous authentication. CASHMA authenticates users using biometric traits instead of usernames and passwords, and periodically re-authenticates users during a session to ensure security. The document describes how CASHMA works, including how it issues authentication certificates to validate user identity on an ongoing basis and adaptively sets session timeouts. It concludes that CASHMA enhances security and usability for user sessions through continuous multi-modal biometric authentication and verification.
IMPLEMENTATION PAPER ON MACHINE LEARNING BASED SECURITY SYSTEM FOR OFFICE PRE...IRJET Journal
1. The document discusses the implementation of a machine learning-based security system for office premises using user authentication.
2. The proposed system uses four-step security including login credentials, one-time passwords, and face recognition to authenticate users and restrict unauthorized access, while also featuring auto-saving of data to servers and automatic logouts.
3. The system aims to provide strong security, integrity, and confidentiality of data by making unauthorized access more difficult through multi-factor authentication barriers.
Online dating system management project report.pdfKamal Acharya
The objective of our project is to develop an application that offers online dating services where individuals or users can find and contact each other over the internet to arrange a date usually with the objective of developing a romantic, personal and sexual relationship.
Users of an online dating service would currently provide personal information, to enable them to search the service provider's database for other individuals. Members use grade other members set, such as age range, gender and location.
Information security plays an important role in
governments. Its realm has been increased nowadays, especially
with resent viruses’ attacks in different governmental
organizations. The authentication is aspect of information
security, its current scheme used nowadays in the systems is
depend on the login by user name and password in addition to
one-time password or traditional secret questions, which in turn
is usually easy to predicate. This paper proposes enhanced
knowledge based authentication solution which ensures and
provides more security and usability levels for governmental
organizations.
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
This document summarizes a research paper about developing an authentication system for banking using implicit passwords. The proposed system uses randomly generated security questions to authenticate users, with answers provided as clickable points on an image instead of text. If the user correctly identifies the points associated with the security question, they are authenticated. The system aims to improve security over traditional username/password schemes while maintaining usability on mobile devices. Key modules described include user profile creation, generation of random authentication questions, comparing login profiles to verify identity, and allowing transactions and balance checks via SMS.
ENHANCING CYBER SECURITY OF ONLINE ACCOUNTS VIA A NOVEL PROTOCOL AND NEW TECH...IJNSA Journal
The financial world has gotten more sophisticated. People need to make informed financial decisions, so
they seek out efficient tools to help them manage their finances. Traditionally, money management software
has been available for individuals to use in their homes on their personal computers. These tools were a
local install, often expensive, and required a learning curve to use them effectively. With a paradigm shift
to cloud computing and storage, users are looking for inexpensive alternatives that are accessible at home
or on their mobile devices. As a result, third-party companies have been forming over the last few years to
meet this need. However, to access the functionality of these online resources, users are required to divulge
their personal financial account login credentials. While third-party companies claim that subscribers’
private information is safely stored on their servers, one cannot ignore the fact that hackers may be able to
break into their system to steal users’ information. Once hackers manage to compromise users’ login
credentials, they have complete control over their accounts. Therefore, there is a need to have a holistic
approach that incorporates security elements to protect users’ accounts from hackers.
We present a novel, holistic model with a new handshake protocol and online account access control,
which authenticate account access and form a sandbox around third-party access to users’ accounts. When
utilizing these novel techniques, users’ login credentials can remain private, providing safeguards against
unauthorized transactions on their accounts.
The document describes a proposed system for proactive moderation and personalized fraud product detection on e-commerce websites. The system aims to (1) improve customer-seller relationships and engagement by providing trustworthy product recommendations, (2) increase website productivity and sales by simplifying access to trusted product information, and (3) make users aware of product trustworthiness through analysis of user feedback and fraud detection rules. The system collects product rating and complaint data, analyzes it using rule-based and machine learning techniques, and provides recommendations to flag untrusted products and sellers. It includes modules for customers, sellers, admins, complaint filing and fraud detection.
ANALYSIS OF SECURITY REQUIREMENTS OF FUTURISTIC MOBILE APPLICATIONSijistjournal
Advent of smart phones has brought with it revolution in mobile applications that are available for everyday functions. In this paper we review security requirements for apps from different domains that are communicating sensitive information over insecure network. Some of these apps are already available and some are expected to be introduced in future. We find that there are many parameters that affect security of apps but some are prominent compared to others based on domain of the app. Based on analysis of security requirements we determine the application domain most suitable for implementation of our proposed protocol.
Similar to Automated login method selection in a multi modal authentication - login method selection based on user behavior (20)
The document describes an AI-driven Occupational Skills Generator (AIOSG) that aims to automate the process of creating occupational skills reference documents. The AIOSG utilizes an intelligent web crawler, natural language processing, neural networks, and a blockchain to gather data on occupational skills from various sources, analyze the data, and generate standardized skills reference documents. It is meant to make the document creation process more efficient, data-driven, and able to incorporate rapidly changing skills demands compared to the traditional manual process. The system architecture and key components of data collection, analysis, skills ontology construction, and reference document generation are outlined.
Advanced resource allocation and service level monitoring for container orche...Conference Papers
This document proposes an architecture for advanced resource allocation and service level monitoring for container orchestration platforms. It begins with background on containerization and different container orchestration platforms like Docker Swarm, Kubernetes, and Mesos. It then discusses the need for resource-aware container placement and SLA-based monitoring to minimize container migration and ensure performance. The proposed architecture consists of different components like a request manager, information collector, policy manager, and resource manager to enable advanced scheduling and monitoring of containers on Kubernetes. The proposed solution aims to analyze future resource utilization to improve placement decisions and reduce issues after deployment.
Absorption spectrum analysis of dentine sialophosphoprotein (dspp) in orthodo...Conference Papers
- The document analyzes the absorption spectrum of dentine sialophosphoprotein (DSPP) in gingival crevicular fluid (GCF) samples from orthodontic patients to develop a model for detecting orthodontic-induced inflammatory root resorption (OIIRR).
- GCF samples were collected from orthodontic patients at different treatment periods (3, 6, 12 months) and from non-orthodontic patients. Absorption spectroscopy found DSPP absorbance spectra increased with longer treatment duration, indicating more DSPP released due to more OIIRR.
- A qualitative model using SIMCA analysis accurately classified GCF samples into orthodontic and non-orthodont
A deployment scenario a taxonomy mapping and keyword searching for the appl...Conference Papers
This document discusses developing a taxonomy to map relationships between applications, virtual machines, hosts, and clients when performing upgrades and patches. It proposes creating a taxonomy based on analyzing errors that occur during application execution to understand dependencies. The methodology involves backing up configurations, testing connectivity between virtual networks and clusters before and after upgrades, and analyzing issues that arise. The goal is to establish structures for troubleshooting by classifying relationships between applications, libraries, operating systems, and browsers involved. This may improve determining the root cause of errors during upgrades involving virtualization.
Automated snomed ct mapping of clinical discharge summary data for cardiology...Conference Papers
The document discusses an approach to automatically map clinical terms in clinical discharge summary data from Malaysian hospitals to SNOMED CT terminology in order to improve the accuracy of queries for cardiology-related cases. Natural language processing techniques are used to preprocess the free-text discharge notes by removing formatting tags and identifying clinical terms, which are then mapped to SNOMED CT concepts using techniques like synonym matching, subsumption relationships, and identifying and excluding negative statements. The goal is to enrich the query results by standardizing the clinical terms to SNOMED CT and taking relationships like synonyms, subsumption, and negation into account to provide more accurate analytic results for monitoring and planning related to heart disease in Malaysia.
Automated login method selection in a multi modal authentication - login meth...Conference Papers
The document proposes an intelligent model to automatically select the login authentication method in a multi-modal authentication system based on user behavior profiling. It analyzes user behavior data from login sessions to minimize real-time processing and prevent untrusted attempts, while facilitating a frictionless user experience. The system determines the user, retrieves their behavioral historical data, matches the user profile based on data retrieval, and selects the authentication method based on evaluating the user profile and environmental parameters. It then updates the user profile with new successful login session data for future evaluations.
Atomization of reduced graphene oxide ultra thin film for transparent electro...Conference Papers
This document summarizes research on using an atomization process to deposit reduced graphene oxide (rGO) thin films for use as transparent conductive electrodes. Key points:
- Graphene oxide was spray coated onto silicon wafers and glass slides using an ultrasonic atomizer. Thermal reduction processes were then used to make the films electrically conductive while maintaining optical transparency.
- Thinner films with 1-2 spray coats had higher transparency (>90%) but higher resistivity, while thicker 3-4 coat films had lower transparency (77.1%) but lower resistivity (5.3 kΩ/sq).
- Rapid thermal processing was more effective than plasma processing at reducing resistivity. Sheet resistance decreased
An enhanced wireless presentation system for large scale content distribution Conference Papers
An enhanced wireless presentation system (eWPS) was developed to distribute presentation content to larger audiences over WiFi networks. The eWPS uses multiple access points connected via a high-speed Ethernet switch to provide WiFi coverage to audiences. It captures screenshots of presentations and stores them on an external web server for access by audience devices through a web browser. Testing showed the eWPS could serve over 125 audience devices with an average delay of 1.74ms per page load. System resources on the web server remained mostly idle, indicating it could potentially serve a much larger audience size.
An analysis of a large scale wireless image distribution system deploymentConference Papers
This document describes two setups of a wireless image distribution system:
1. A setup using commercial network equipment like access points and an access controller, which supported over 125 connected devices and provided sufficient bandwidth for the system load in an auditorium with 159 seats.
2. A setup using a wireless mesh network of three NerveNet nodes, which provided a quick and easy setup without wired connections but needs further performance improvements. Results from tests of both setups were analyzed to evaluate the network technologies for smart community applications.
Validation of early testing method for e government projects by requirement ...Conference Papers
The document describes a validation study of an Early Requirement Testing Method (ERTM) for e-government projects. Test engineers used the ERTM, which involves reviewing requirements documents and providing feedback, on six e-government projects. The number of defects found before and after applying the ERTM and providing interventions was compared using a statistical test. The results showed that overall, there was a statistically significant reduction in the number of defects found after applying the ERTM, suggesting it is useful for improving requirements documentation. However, one project saw an increase in defects due to additional requirements added later in the project.
The design and implementation of trade finance application based on hyperledg...Conference Papers
This document describes the design and implementation of a trade finance application built on the Hyperledger Fabric permissioned blockchain platform. It discusses the architecture of blockchain-based applications in general and this trade finance application specifically. Key aspects covered include identifying different types of software connectors (linkage, arbitrator, event, adaptor) that are important building blocks in the architecture. The trade finance application uses connectors like the blockchain facade connector and block/transaction event connector to interface between layers and handle asynchronous event propagation. Overall the document aims to provide insights into architectural considerations and best practices for developing blockchain-based applications.
Unified theory of acceptance and use of technology of e government services i...Conference Papers
This document describes a study that developed and validated a survey instrument to understand technology acceptance of an e-Government system called MYGOVSVC among Malaysian government employees. A literature review was conducted on previous studies applying the Unified Theory of Acceptance and Use of Technology (UTAUT) model to e-Government systems. A 21-item survey was developed containing questions on performance expectancy, effort expectancy, hedonic motivation, and facilitating conditions. The survey was translated to Malay and validated with stakeholders. It was administered to 419 government employees and results found the survey to be reliable in measuring acceptance of the MYGOVSVC system. The validated survey can be used to help improve e-Government services for Malaysian citizens.
Towards predictive maintenance for marine sector in malaysiaConference Papers
This research uses machine learning on sensor data from ships to predict failures of components and their remaining useful life. Interviews with marine experts identified significant maintenance items to prioritize for ship supply chains. The results were analyzed to provide recommendations to a government company on implementing predictive analytics and supply chain strategies for ship maintenance in Malaysia.
The new leaed (ii) ion selective electrode on free plasticizer film of pthfa ...Conference Papers
This document describes the development of a lead ion-selective electrode (Pb2+-ISE) sensor based on a poly-tetrahydrofurfuryl acrylate (pTHFA) membrane without plasticizers using photo-polymerization. The sensor demonstrated a linear range of 0.1-10-5 M, Nernstian slope of 26.5-29.8 mV/decade, limit of detection of 3.24-3.98 x 10-6 M, and good selectivity against interfering ions. Sensor characterization showed comparable results to measurements using atomic absorption spectroscopy on artificial and real samples. Optimization of the lipophilic salt potassium tetrakis(4-chlorophenyl)borate and lead ionophore
This document summarizes security definitions for searchable symmetric encryption (SSE) schemes. It reviews the indistinguishability and semantic security game definitions, noting that attacks have succeeded against published schemes. It then proposes a new security game definition against distribution-based query recovery attacks, to better capture practical adversary capabilities. The goal is to define security in a way that implies the current indistinguishability and semantic security definitions.
This document discusses the implementation challenges of autonomous things and proposes a high-level architecture for a cloud robotics infrastructure to address these challenges. It explores existing platforms for autonomous things and identifies three main areas of complexity: development, execution, and operation. A proposed architecture is presented using the TOGAF framework, with core services for integrated development/testing/simulation and operation/monitoring/maintenance, and application services and technologies to realize these, including cloud, edge and robotics computing with virtualization and ROS. The architecture aims to ease autonomous things implementation through a super-converged system.
Study on performance of capacitor less ldo with different types of resistorConference Papers
The document summarizes a study on the performance of a capacitor-less low dropout (LDO) voltage regulator using different types of resistors. A 1.8V LDO voltage regulator was designed and simulated using five different resistor types in Cadence. The performance metrics compared included output voltage accuracy, phase margin, unity gain bandwidth, and power supply rejection ratio. Simulation results showed differences in LDO performance depending on the resistor type. The LDO with hpoly resistor had the best stability performance, while the LDO with pdiffb resistor produced the highest power supply rejection ratio. In conclusion, the type of resistor used can significantly impact key performance characteristics of a capacitor-less LDO regulator.
Stil test pattern generation enhancement in mixed signal designConference Papers
This document describes a process for generating STIL test patterns from mixed signal design simulations in order to test digital blocks on an SoC. It involves simulating the mixed signal design, sampling the waveforms to generate test vectors, and converting those vectors into an ATPG-compliant STIL format using an automation program. This was implemented successfully at MIMOS Berhad, generating STIL test patterns that passed 100% of stuck-at tests.
The document discusses the implementation of an on-premise AI platform at MIMOS Berhad, a Malaysian research institute. The platform makes use of existing on-premise services such as a private cloud, distributed storage, and authentication platform. It provides an AI training facility using containers on VMs, with distributed training and GPU/CPU support. A version management system stores AI models and applications in Docker images. Deployment is supported on the private cloud and edge devices using containers. The goal is to enable internal development and hosting of AI projects in a secure, customizable manner.
Review of big data analytics (bda) architecture trends and analysis Conference Papers
This document reviews big data analytics (BDA) architecture trends and analysis. It discusses the evolution of data analytics from ancient times to modern technologies like Hadoop and Spark. It describes key features of BDA like flexibility, scalability, and fault tolerance. Common BDA architectures like lambda and kappa architectures are summarized. The lambda architecture uses batch, speed, and serving layers to handle both real-time and batch processing. The kappa architecture simplifies this by removing the batch layer and handling all processing through streaming. Overall, the document provides a high-level overview of BDA architectures and technologies.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxSitimaJohn
Ocean Lotus cyber threat actors represent a sophisticated, persistent, and politically motivated group that poses a significant risk to organizations and individuals in the Southeast Asian region. Their continuous evolution and adaptability underscore the need for robust cybersecurity measures and international cooperation to identify and mitigate the threats posed by such advanced persistent threat groups.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
5th LF Energy Power Grid Model Meet-up SlidesDanBrown980551
5th Power Grid Model Meet-up
It is with great pleasure that we extend to you an invitation to the 5th Power Grid Model Meet-up, scheduled for 6th June 2024. This event will adopt a hybrid format, allowing participants to join us either through an online Mircosoft Teams session or in person at TU/e located at Den Dolech 2, Eindhoven, Netherlands. The meet-up will be hosted by Eindhoven University of Technology (TU/e), a research university specializing in engineering science & technology.
Power Grid Model
The global energy transition is placing new and unprecedented demands on Distribution System Operators (DSOs). Alongside upgrades to grid capacity, processes such as digitization, capacity optimization, and congestion management are becoming vital for delivering reliable services.
Power Grid Model is an open source project from Linux Foundation Energy and provides a calculation engine that is increasingly essential for DSOs. It offers a standards-based foundation enabling real-time power systems analysis, simulations of electrical power grids, and sophisticated what-if analysis. In addition, it enables in-depth studies and analysis of the electrical power grid’s behavior and performance. This comprehensive model incorporates essential factors such as power generation capacity, electrical losses, voltage levels, power flows, and system stability.
Power Grid Model is currently being applied in a wide variety of use cases, including grid planning, expansion, reliability, and congestion studies. It can also help in analyzing the impact of renewable energy integration, assessing the effects of disturbances or faults, and developing strategies for grid control and optimization.
What to expect
For the upcoming meetup we are organizing, we have an exciting lineup of activities planned:
-Insightful presentations covering two practical applications of the Power Grid Model.
-An update on the latest advancements in Power Grid -Model technology during the first and second quarters of 2024.
-An interactive brainstorming session to discuss and propose new feature requests.
-An opportunity to connect with fellow Power Grid Model enthusiasts and users.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
2. well as the analysis results based on collected historical
data. In Section V, we include the major findings relate to
the analysis we have done. Finally, we describe the
benefits and limitations of the proposed protocol, also the
future work in the conclusion section.
II. BACKGROUND
A. Platform Architecture
The organization Information System Security
research lab has developed a multi-modal authentication
platform named Mi-UAP to provide a convenient and
user-friendly service for both organizations and individual
users [6]. Mi-UAP provides an infrastructure which able
deliver authentication services to applications with the
authentication mechanism decoupled from application
implementation. This is a self-managed system which
incurs zero administrative effort [3]. Besides, a user has
an option to use any login method based on user’s
preference as six authentication login options is available
for users to select.
The authentication method implemented in our
platform depicted in Figure 1 includes four common
authentication methods used today which is password,
certificate, One Time Password (OTP) token and OTP
SMS; and other two proprietary authentication methods
was introduce and developed by the authors which is
Time-Constrained Key (TCK) and 2DBarcode. The
development and production spanned for eight years. The
authentication methods are progressively added, case by
case basis, either as new project requirements or to solve
problems raised from previous authentication method [4].
)LJ0L8$33ODWIRUP$UFKLWHFWXUH
The benefits of the authentication platform utilizes
Single Sign-On (SSO) for a seamless environment
operation and adaptive authentication with threat response
without modifying existing applications [6]. Mi-UAP also
able support two factors authentication, which following a
successful first authentication, a second single
authentication method is displayed to challenge user in the
new single web page. The goal of two factor
authentication is to create a layered defense and make it
more difficult for an unauthorized person to access a
target
B. Problem Statements
While providing flexibility to the users, multi-modal
authentication can lead to some adverse effects:
1. Confusion and annoyance as unregistered
authentication methods are shown in front of user.
2. Undesirable friction in user experience which need
to perform an additional step to choose the
authentication method as others common
authentication system doesn’t behave the same.
)LJ/RJLQ2SWLRQVLQ0L8$3
Refer to Figure 2, the multi-modal authentication
system shows a list of login methods when user tries to
login their application. There have been pass experiences
where user forget the methods they registered on the
particular gateway. Hence, user has to spend some times
for the login process to recall their registered login
method and credential.
Accordingly, it would be desirable and convenient to
provide a system that can automatically select a login
method for a user based on the behavior characteristics of
a current session when compared to the user’s historical
profile.
III. RELATED WORK
A. The Environment
For the authentication platform system, it is supported
by a physical host with 8 mandatory Virtual Machines
(VM) with different functionality as shown in Figure 1.
For the physical host, it is using a 24-core CPU, 96B
RAM and 1.1TB disk storage. All the Virtual Machines
(VM) are deployed Ubuntu version 16.04LTS as the
operating system.
B. Collected Data Based on User Behavior
This paper is an industry case study of the development
on multiple authentication methods as an authentication
service for 16638 registered users. This case study is
unique because the data is extracted from a live
production system with registered users inside multiple
system logs. Since this paper emphasizes on user behavior
for multi-modal authentication, related analytic is
measured based on scenario of users performing
authentication to access the production secure portal. The
authentication system log contained the information such
as process time, authentication method selected,
application which to access, geolocation and user agent.
The log duration is 3 months, which is from July 2018 to
Sept 2018. As review purpose in this paper, 1 user who
named as User C is selected for the user behavior
analytics based on 100 successful access from
authentication logs last 3 months.
121
3. 7DEOH8VHU3UHIHUHQFH0HWKRGEDVHGRQ%URZVHU
User Agent Selected Authentication Method
Password TCK OTP Token Certificate
Firefox 12 5 8 28
Internet Explorer 5 0 0 0
Chrome 31 9 2 0
Based on Table 1, User C prefers to use Firefox as default
browser with Certificate login method. Secondly is
Chrome, while prefer login method is password. It might
because the user certificate is stored under Firefox.
7DEOH8VHU3UHIHUHQFH0HWKRGEDVHGRQ$SSOLFDWLRQ
Application Selected Authentication Method
Password TCK OTP Token Certificate
Myprofile 27 0 0 3
MyEss 11 14 10 25
IDPAA 10 0 0 0
Table 2 shows that User C used to access MyEss
application most of the time with certificate login method.
Whereas, password is the prefer method of User C when
go to others application.
7DEOH8VHU3UHIHUHQFH0HWKRGEDVHGRQ/RFDWLRQ
Location Selected Authentication Method
Password TCK OTP Token Certificate
Geolocation 1 44 10 10 27
Geolocation 2 1 1 0 0
Geolocation 3 1 3 0 3
Geolocaion 1: Kuala Lumpur Geolocation 2: Petaling
Jaya
Geolocation 3: Seri Kembangan
Table 3 shows that User C normally access from
Geolocation 1 by using both favorite login method which
is password and certificate.
7DEOH8VHU3UHIHUHQFH0HWKRGEDVHGRQ7LPHVWDPS
Timestamp Selected Authentication Method
Password TCK OTP Token Certificate
Timestamp 1 23 7 4 19
Timestamp 2 17 4 6 8
Timestamp 3 3 3 0 6
Timestamp 4 0 0 0 0
Timestamp 1: 6am – 12pm Timestamp 2: 12pm – 6pm
Timestamp 3: 6pm – 12am Timestamp 4: 12am – 6am
Table 4 indicates that User C access application mostly on
Timestamp 1 with password login method follow by
certificate login method.
IV. SOLUTION
Figure 3 is a full diagram illustrating a representative
environment in which an automated method selection in a
multi-modal authentication system may be implemented.
)LJ3URSRVHG)UDPHZRUN'LDJUDPV
The paper’s idea discloses a computer-implemented
method to automatically select an authentication method
for a user based on a plurality of historical profiles
corresponding to user identifier in a multi-modal
authentication system. In another aspect, a protocol that
comparing behavioral characteristics of the user during
current session with the user behavioral profile that
previously developed based on prior usage patterns of the
user through the historical login session. User behavior
profile included device location, usual login timestamp,
internet service provider and application.
)LJ2YHUDOO3URFHVV)ORZ
Figure 4 is the overall process flow of the proposed
protocol in this paper. First, user comes to an
authentication gateway to login for an application. The
authentication system will ask the user to enter her/his
username first instead of show a list of login method to let
user select. After user enters their username, the system
only will start the enable the automated method selection
flow if the username is verified by the system. The
authentication system automatically selects a login method
for the user based on a plurality of historical profiles
related to his/her username inside the database. If the user
continues and completed login with the selected method,
the successful login attempt is added to the historical
profiles.
Alternatively, user may wish to skip the selected
method, at that moment, the automation authentication
system will evaluate the profile of user again by exclude
the skipped method as show in Figure 5.
122
4. )LJ3URFHVV)ORZZKHQXVHUVNLSSHGVHOHFWHGPHWKRG
In some scenarios, two or more methods may have the
same plurality of historical profiles; hence, the system will
pick the last used method from most recent login based on
the timestamp table which will explain more in the
following session.
Basically, the proposed process flow shows in Figure 3
depends on 2 modules as following:
1. 3URILOLQJ 0RGXOH, wherein processing the
behavioral data includes the user’s login sessions,
geolocation, and type of browser used to generate
a user profile
2. (YDOXDWLRQ0RGXOH, wherein evaluating the user’s
profile by factoring in environmental parameters
of the user terminal to select an authentication
method.
A. Profiling Module.
Profiling process extracts the data that is received,
stored and transmitted by authentication server after user is
verified. Successful login data are profiled based on the
environmental parameters, e.g. access application,
browser, and geolocation.
Table 5 shows the normalized distribution implemented
on a profile based on user agent from User C from Table 1.
Normalized distribution equation are obtained from below
based on password method in Firefox browser.
=
= 0.226
7DEOH1RUPDOL]HG'LVWULEXWLRQRI8VHUEDVHGRQEURZVHU
User Agent Selected Authentication Method
Password TCK OTP Token Certificate
Firefox 0.226 0.094 0.152 0.528
Internet Explorer 1 0 0 0
Chrome 0.738 0.214 0.048 0
On the other hand, the profiling module also stores the
timestamp table of each method for every successful login
attempt as illustrated in the table 6 below. It is stored to use
when system obtain more than one favorite method for
user after the evaluation module.
7DEOH/DVW6XFFHVVIXO/RJLQ7LPHVWDPSRIHDFKPHWKRG
3DVVZRUG 7. 2737RNHQ HUWLILFDWH
30/9/2018 12/9/2018 31/8/2018 29/9/2018
1.39pm 4.50pm 9.15am 10.02am
B. Evaluation Module
Automated authentication system based on user
behavior profile then the system analysis an overall
distribution for the current session user. After analysis the
highest normalized distribution, one of login method
appear which is based on user-defined preference
regarding their respective apparatus activities. For example
A, if User C in Seri Kembangan and wish to access
application MyEss by using Chrome browser on 1pm, the
overall distribution of each method, is calculated as
example equation below and tabulated in Table 8.
Overall distribution on Password Method
= 0.738x0.183x0.484x0.486 = 0.0318
7DEOH2YHUDOO'LVWULEXWLRQRIHDFK0HWKRGLQ([DPSOH$
Environmental
Parameters
Authentication Methods
Password TCK OTP Token Certificate
Chrome 0.738 0.214 0.048 0
MyEss 0.183 0.233 0.167 0.416
Geolocation 1 0.484 0.11 0.11 0.3
Timestamp 2 0.486 0.114 0.171 0.229
Overall
Distribution
0.0318 0.0006 0.0002 0
Based on table 7, Password method is selected for user
C to login as it has the highest normalized distribution
(HND) when user C having situation in Example A.
)LJ(YDOXDWLRQ3URFHVV)ORZZKHQVHOHFWHGPHWKRGLVVNLSSHG
Alternatively, for some scenario as shown in Figure 6,
if more than one method having same highest normalized
distribution (HND), the automated authentication system
will select the recent last use method based on the
timestamp table which stored during every successful login
attempt of the user in profiling module as shown in Table 6
and the overall distribution cannot equal to zero.
Otherwise, system will directly show the HND login
method only.
However, user is allowed to skip the selected method.
If user skips the selected method but the user only having
one login method, then system will show related error to
user. While if user has activated more than one login
method previously, the system will exclude the skipped
method and do evaluation again to select another login
method for user. Hence, if user do not skip the selected
method and continue login, the related environment data
will stored by the authentication server to keep as profiling
module.
As in Example A. if user C skipped the Password
Method, automated authentication system will select TCK
as next login method for User C as TCK method having
the latest login, while Password method is excluded and
overall distribution of certificate method is equal to zero.
Normalized Distribution of
Password login in Firefox
123
5. V. DISCUSSION
The aim of this paper is to attempt an intelligent
method which allows user the flexibility to select its own
preferable login method when access a restricted web
service [7].
From the finding in Table 1 to 4 shares that every
user have their own behavior when they access the
authentication system in different authentication factor
such as location, timing, application to access, user agent
and etc. These end-user behavior is credible data analytic
to mature one of the important research content for our
paper. The findings from Table 5 to 6 which involve the
normalized distribution formula indicate user C favorite
methods are password and certificate while depends on
which browser is using. For example, the system will
prompt user C certificate login method when user C
access service with Firefox browser. The results clearly
show that the automated authentication system able to
select user prefer login method in different scenarios
based on the two module which is profiling and evaluation
as shown in session IV.
VI. CONCLUSION
Clearly, the requirement for reliable techniques for user
authentication has enhanced within the wake of
heightened considerations regarding security and fast
advancements in communication, quality and networking
[8]. A large kind of applications need reliable verification
schemes to verify the identity of a person requesting their
service.
Current proposed protocol is to provide user login
method automatically based on user’s historical profile to
facilitate the multi-modal authentication process of a user.
At the same time, it able to proliferate the security level
which based on user historical behavior data. Firstly, the
authentication system automatically selects a login method
for the user based on a plurality of historical profiles
related to his/her username inside the database. If the user
continues and completed login with the selected method,
the successful login attempt is added to the historical
profiles.
As summary of the results we discussion in session V, it
indicates that the proposed approach is able to select login
method for user automatically based on their historical
behavior, it positively facilitates the undesirable friction in
user experience. The results also show that confusion and
annoyance will not occurred as unregistered authentication
methods are shown.
However, the automated authentication system do have
limitation especially for new user. It is because no
behavior data able to collect since the user is newly
registered. Hence, the automated authentication system
cannot proceed to evaluation module. Furthermore, the
current proposed protocol is based on the user historical
behavior from first day register, so it may not precise for
users that change their recent behavior which possible
caused by many environment factor such as change laptop,
work relocation and etc.
For future work, we are planning to deploy the proposed
protocol in this paper, along with its implementation and
experimentation in real testbeds. Correspondingly, the
team will study to design a better approach for increasing
the design complexity and overcome the limitations but at
the same time, remains improving the end-user experience.
Conclusively, when this application is fully deployed,
the intelligent protocol will be able to prompt user favor
login method based on their historical behavior. This will
save time for user while still able provide positive
identification, also, the multi-modal authentication system
will serve as a data repository for evaluating the user
historical behavior.
ACKNOWLEDGMENT
We acknowledge the support provided by Dr Cheong
Hoon Sin for providing the advice on the idea and
framework related of this paper. Also, Mr. Wong Hon
Loon to provide the authentication logs from the
production platform as reference on user behavior analytics
to accomplish this paper.
REFERENCES
[1] Chengyuan Zhang, Haishui Xu, “Research on user behavior
authentication model based on stochastic Petri nets”, Proceeding of
the American Institute of Physics
[2] Garg, Suneet vig Savita gupta, Renu, “Multimodal
Authentication System: An Overview”, International Journal of
Control Theory and Applications, Vol 10, Page 111 to 119, 2017
https://www.researchgate.net/publication/319292208_Multimodal_
Authentication_System_An_Overview
[3] Sea Chong Seak, Ng Kang Siong, Wong Hon Loon, Galoh
Rashidah Haron, “A Centralized Multimodal Unified
Authentication Platform for Web-based Application”, WCECS
2014, Proceedings of the World Congress on Engineering and
Computer Science
[4] Galoh Rashidah Haron, Dharmadharshni Maniam, Latifah Mat
Nen, Nor Izyani Daud, “User Behaviour and Interactions for
Multimodal Authentication”, PST2016, published by IEEE.
[5] Margaret Rouse, “Multifactor authentication (MFA)”, March 2015,
https://searchsecurity.techtarget.com/definition/multifactor-
authentication-MFA
[6] Sea ChongSeak, Chang PeiShan, Wong HonLoon, Dahlia Din,
“Research Institution Software Development Process Improvement
to Produce High Quality Research Software Assessment on
Technical Software Package Installation”, ISAI2018, published by
IOP
[7] Anusiuba Ifeanyi, Anigbogu S.O., Onyesolu Moses, Okonkwo,
“Multimodal Authentication Techniques For Staff Identification
And Tracking”, December 2014, proceeding of West African
Journal of Industrial Academic Research.
[8] Stacy Lyn Stubblefield, “System and method for utilizing
behavioral characteristics in authentication and fraud prevention”,
15 March 2013, US9275211 B2
[9] David M. Grigg, Peter John Bertanzetti, Michael E. Toth, Carrie
Anne Hanson, “User authentication based on historical user
behavior”, 7 Feb 2014, US9185101 B2
[10] Zhengyou Zhang, David W.Williams, Yuan Kong, Zicheng Liu,
David Kurlander, Mike Sinclair, “Multimodal authentication”, 29
June 2005, US8079079B
124