• Anonymity networks and the fragile cyber ecosystem

      Haughey, Hamish; Epiphaniou, Gregory; al-Khateeb, Haider; University of Northumbria; University of Bedfordshire (Elsevier, 2016-03)
      It is well known that government agencies have had the capability to eavesdrop on public switched telephone networks for many decades.1 However, with the growing use of the Internet and the increasing technical capabilities of agencies to conduct mass surveillance, an individual's right to privacy is of far greater concern in recent years. The ethical issues surrounding privacy, anonymity and mass-surveillance are complicated, with compelling arguments for and against, due in part to the fact that privacy and anonymity are desired by criminals and terrorists, not just individuals who care about their privacy.
    • CCBS – a method to maintain memorability, accuracy of password submission and the effective password space in click-based visual passwords

      al-Khateeb, Haider; Maple, Carsten; University of Bedfordshire (IADIS, 2011-07)
      Text passwords are vulnerable to many security attacks due to a number of reasons such as the insecure practices of end users who select weak passwords to maintain their long term memory. As such, visual password (VP) solutions were developed to maintain the security and usability of user authentication in collaborative systems. This paper focuses on the challenges facing click-based visual password systems and proposes a novel method in response to them. For instance, Hotspots reveal a serious vulnerability. They occur because users are attracted to specific parts of an image and neglect other areas. Undertaking image analysis to identify these high probability areas can assist dictionary attacks. Another concern is that click-based systems do not guide users towards the correct click-point they are aiming to select. For instance, users might recall the correct spot or area but still fail to include their click within the tolerance distance around the original click-point which results in more incorrect password submissions. Nevertheless, the Passpoints study by Wiedenbeck et al., 2005 inspected the retention of their VP in comparison with text passwords over the long term. Despite being cued-recall the successful rate of their VP submission was not superior to text passwords as it decreased from 85% (the instant retention on the day of registration) to 55% after 2 weeks. This result was identical to that of the text password in the same experiment. The successful submission rates after 6 weeks were also 55% for both VP and text passwords. This paper addresses these issues, and then presents a novel method (CCBS) as a usable solution supported by an empirical proof. A user study is conducted and the results are evaluated against a comparative study.
    • Enhancing usability and security in click-based visual password systems

      al-Khateeb, Haider; Maple, Carsten; Conrad, Marc; University of Bedfordshire (IADIS, 2010)
      Security and usability are key elements in system design. A bad design might result in unnecessary inverse proportion between the two, while a good design must find a balance to achieve usable security. In this paper we present and discuss the results of a user study to show how good application of click-based systems can produce a system people can easily use while maintaining security. In this study, participants were asked to do trials using 5 different prototypes of the system. A comparison between them helped to find the best criteria where there is an acceptable balance between security and usability. For instance, using a relatively small tolerance distance enhances security by increasing the password space, the comparison helps to find how small the distance can be while maintaining usability. Another objective of this study was to distinguish between two types of images; the results revealed that using cartoon images have positive impact on usability. Nevertheless, hotspots occurred and that makes particular images more vulnerable to dictionary attacks. Experiments also show that, if they can chose, users select images more vulnerable to hotspots.
    • How technology can mitigate and counteract cyber-stalking and online grooming

      al-Khateeb, Haider; Epiphaniou, Gregory; National Centre for Cyberstalking Research (Elsevier, 2016-01)
      With the virtual world becoming part of the social lives of adults and minors alike, new attack vectors emerged to increase the severity of human-related attacks to a level the community have not experience before. This article investigates and shares an outline on how technology could emerge further to counteract and mitigate the damage caused by online perpetrators. The review encourages approaching online harassment, stalking, bullying, grooming and their likes with an Incident Response methodology in mind. This includes a detection phase utilising automated methods to identify and classify such attacks, conduct digital forensic investigations to analyse the nature of the offence and reserve evidence, taking preventive measures as part of the reaction towards the problem such as filtering unwanted communications and finally looking at how we can rely on applicable computing to support and educate the victims.
    • Hybrid pass: authentication mechanism for web applications – both secure and user-friendly

      al-Khateeb, Haider; Maple, Carsten; Conrad, Marc; University of Bedfordshire (IADIS, 2009)
      A variety of visual passwords approaches were proposed that aim to replace conventional text passwords. The main advantage of both systems is that unlike biometrics and tokens they do not require special hardware. However they still fail to provide a satisfying solution to the usability problems of today’s authentication systems. Both text and visual passwords have limitations. We show how those limitations can be minimized by combining the two systems together to provide an integrated login mechanism suitable for web applications. The design is user friendly and makes use of the human factor to enhance security and usability. Due to the hybrid nature of our approach, it includes an anti-phishing technique.
    • Responsibility and non-repudiation in resource-constrained Internet of Things scenarios

      Oriwoh, Edewede; al-Khateeb, Haider; Conrad, Marc; University of Bedfordshire (International Conference on Computing and Technology Innovation (CTI 2015), 2016)
      The proliferation and popularity of smart autonomous systems necessitates the development of methods and models for ensuring the effective identification of their owners and controllers. The aim of this paper is to critically discuss the responsibility of Things and their impact on human affairs. This starts with an in-depth analysis of IoT Characteristics such as Autonomy, Ubiquity and Pervasiveness. We argue that Things governed by a controller should have an identifiable relationship between the two parties and that authentication and non-repudiation are essential characteristics in all IoT scenarios which require trustworthy communications. However, resources can be a problem, for instance, many Things are designed to perform in low-powered hardware. Hence, we also propose a protocol to demonstrate how we can achieve the authenticity of participating Things in a connectionless and resource-constrained environment.
    • Web browser artefacts in private and portable modes: a forensic investigation

      Flowers, Cassandra; Mansour, Ali; al-Khateeb, Haider; Babraham Research Campus; University of Bedfordshire (Inderscience, 2016-04)
      Web browsers are essential tools for accessing the internet. Extra complexities are added to forensic investigations when recovering browsing artefacts as portable and private browsing are now common and available in popular web browsers. Browsers claim that whilst operating in private mode, no data is stored on the system. This paper investigates whether the claims of web browsers discretion are true by analysing the remnants of browsing left by the latest versions of Internet Explorer, Chrome, Firefox, and Opera when used in a private browsing session, as a portable browser, and when the former is running in private mode. Some of our key findings show how forensic analysis of the file system recovers evidence from IE while running in private mode whereas other browsers seem to maintain better user privacy. We analyse volatile memory and demonstrate how physical memory by means of dump files, hibernate and page files are the key areas where evidence from all browsers will still be recoverable despite their mode or location they run from.