Expanding Continuous Authentication with Mobile Devices


In our personal lives, we use several senses to identify or “authenticate” others: sight, hearing, and touch all play a role in recognizing someone, and we’re flexible enough that if only some of our senses detect an individual’s familiar characteristics, we still feel confident about that person’s identity. Furthermore, we draw on several aspects of each sense. For example, on the phone, we often recognize not only language and tone, but also intonation, diction, and other audible aspects that make the person on the other end identifiable to us. Even if it’s been years since we last saw or spoke with someone, our senses usually help us recognize them. We can decide how certain we are of their identity—saying hello doesn’t require the samelevel of trust as providing our Facebook login information.
Unlike humans, today’s computer systems don’t have the ability to recognize people. In early computing, most security was through physical access control such as a locked door. Authentication’s initial purpose was to track who was being charged for storage and computing time. However, the security environment has changed. Most computer access today permits sophisticated access control to one or more systems transparently, often relying on strong user authentication at the beginning of the session. This is a static mode of authentication; it’s typically performed using a token such as a password, smart card, or bio-metric, or a combination of these methods to allow access to the information or services.
Although we have strong static authentication mechanisms,the interconnection of multiple systems makes the protection and management of data more important than ever. Strong authentication systems aren’t useful less access is vigilantly protected. One concern with access control is when a user leaves the computer interface without logging off, or user abandonment. Simple methods of detecting user abandonment can create almost as many problems for the user as they solve. More sophisticated methods of detecting user interaction are needed for better security and usability

 

ABANDONMENT ISSUES

Ideally, once a computer has authenticated a user, it becomes the user’s responsibility to protect access to the computer’s data. This is usually ensured by maintaining control over the user interface—no one else has access to that session. However, users can be forgetful or assume that no one else would use the computer while theyrun a quick errand. This problem is pervasive enough that system administrators usually enforce some form of user abandonment detection to prevent unauthorized access.
A common method of detecting user abandonment is to monitor the input devices. When there’s no user interaction after a preset time, the user is logged off either directly or through a screen saver. Although this method works well for many users, it can be frustrating if a user is reading, giving a presentation, or otherwise passively engaging with the computer. The prompt for the user to re-authenticate could distract the user (and others) or interfere with the user’s work. This method also carries the risk of the user’s authentication token being compromised if the authentication occurs in a public setting, such as a conference.
Unfortunately, monitoring for activity doesn’t determine whether a different user accesses the computer. Walking away for a moment leaves plenty of time for another user to take over the session. The new user has the same rights as the individual who logged in, including sending, deleting, and changing information. This is often easily accomplished without the original user’s knowledge.

Developing stronger methods of authentication and tighter policies doesn’t necessarily help the user maintain control. For example, smart card policies often require that an authenticated smart card remain in the card reader, tying the user to the system.

However, in practice, the user is apt to walk away and leave the smart card in the card reader. Because the smart card might also be used for building access, the user could leave the area and not realize the smart card is missing until trying to return, leaving the computer accessible to others in the area. Other policies could result in constraining the user to one device at a time. Although most office workers might not have a problem with this policy, those working in a lab environment often operate multiple machines simultaneously.

           Chamodhi Weerasooriya
CIS 2011/2012

1 comments :

Dark Side of the Big Data



Big Data?? 

Big data remains one of the fastest –growing segment of the all industries including IT Business.Big data is distinct from the internet, although web makes much easier to collect and share data. Big data refers to large volumes of data beyond the normal processing, storage and analysis capacity of typical database application tools. Basically this is the combination of data sets whose size, complexity and rate of growth make them difficult to captured,managed,processed or analyzed by conventional technologies.



Three ‘V’s of Big Data;


  • Volume:-  This refers to the size of the data sets from 30-50 tera bytes to multiple peta bytes as big data.More sources of data generation in the digital age combine to increase the volume of data to a potentially unmanageable level.



  • Velocity: -Another term is Real time growth. Data is streaming from sources such as social media sites at a virtually constant rate and processing servers are unable to cope with this flow and generate meaningful real-time analysis.


  • Variety:-Traditionally data was structured and in similar and consistent formats such as Excel spreadsheets and standard databases. Data can now be generated in an unstructured level and collected in a huge range of formats including rich text,web logs,RFID, sensor embedded devices and GPS devices among others.


  • Why is Big Data Important?

    When big data effectively and efficiently captured, processed and analyzed, companies able to gain more complete understanding of business, products, competitors. This lead to effective improvement like increased sales,lower costs,better customer service,improve brand image.
    Effective use of big data such as;
    ·         Improve IT troubleshooting and security breach detection, speed and future occurrence prevention.
    ·         Use social media content to better and quickly understand customer sentiments.
    ·         Fraud detection and prevention in any industry such as banking,shopping,investing etc.
    ·         Use financial market transaction information to more quickly assess risk and take corrective action.
    ·         Organizations sell their digital data that increase the value to another organization.Through this,company able to get profit from their data.





    The issues of big data


     Place to store the data-
          Even small and medium amounts of data can be difficult to manage, both technically in terms of how to store it and in terms of analyzing it.So, the more data, companies have the even more complex problems of managing it can become. Do you buy hardware? Do you store it in the cloud?How often will you need to access it? Can you deal with latency?
         Uploading data into cloud also generate lots of problems.Big data is about getting all the data in the business and linking it together to get the information.It could be terabytes of data, and uploading it to the cloud could take a while,and the data set could be changing rapidly.The rate of change of data makes big data hard to upload in real-time.
         Anyway,there are solutions like designing whole system to live in the cloud,rather than uploading data.So,the system not in the cloud,unable to get the information in and out fast enough.In the cloud,it has the connectivity to make data accessible to others.
    Identification of inactive data

        Top challenges in handling big data are the growth of data.Data is growing day by day.The enterprise which capable of handling data today may not be able to handle the data tomorrow.The most important thing about data is to identify active data.The ironic thing about data is that the most of the enterprise data are inactive and is no longer used by the end user.For example,typical access data for corporate data follows a pattern where data is used most often in the days after it created and then use less frequently thereafter.

    Security & privacy challenges-

          Use of No SQL databases and other large-scale,non relational data stores create issues due to lack of capabilities including real authentication, encryption for data at rest or in transit, data tagging and classification. Organizations need to consider    use of middleware layers to enforce authentication and data integrity.All passwords must be encrypted.Especially,companies need to defend against unauthorized access continuity and availability.Also,big data implementation leads to data leakage and exposure.When numerous end points may submit data for processing and storage,leads to false or malicious data submitted.
       Lack of skills triangle-
          All this requires people with specialist skills and an understanding of the business.The key challenge is in getting people with “the triangle of skills”. This means the right combination of business,computer science and statistics.Computer scientists and statisticians can go wild summarizing data.But,it’s not fully completed.Company wants to get insights out of the data as well.That extra insight requires an understanding of the business.People with backgrounds in statistics,data mining,predictive modeling,natural language processing,content analysis,social network analysis are all in demand.These people work with structured and unstructured data to deliver new insights and intelligence to the business.Platform management professionals needed to implement Hadoop clusters,secure and optimize them.

      Risks associate with big data technologies-

          Big data implementations typically include open source code,with the potential for unrecognized back doors and default credentials.The attack surface nodes in a cluster may not have been reviewed and servers adequately hardened.User authentication and access to data from multiple locations may not be sufficiently controlled.Regulatory requirements may not be fulfilled,with access to logs and audit trails problematic.This creates opportunity for malicious data input and inadequate data validation.Company has to use technology options such as SaaS, cloud,Virtualization,mobile etc.Organizations need to be ready to invest in big data specific training programs and to develop the Big Data test automation solutions.

      Understanding the data-

          For Big data testing to be effective,testers need to continuously monitor and validate the 3Vs.Understanding the data and its impact on the business is the real challenge faced by any big data tester.It is not easy to measure the testing efforts and strategy without proper knowledge of the nature of available data.Testers need to understand business rules and the relationship between different subsets of data.They also have to understand statistical correlation between different data sets and their benefits for business users.

    Dealing with sentiments and emotions-

          In big data system, unstructured data shown from sources such as tweets,text documents.The biggest challenge faced by testers while dealing with unstructured data is the sentiment attached to it.For example,customer tweet and discuss about a new product launched in the market.Testers need to capture their sentiments and transform them into insights for decision making and further business analysis.


    Dinakshee Saarangaa
    Viduni2@gmail.com 
                            CIS 2011/2012 


1 comments :

Next Evolution of the Internet



What is IoT?


  • Internet of things (IoT) is the network of physical objects or “things” embedded with electronics, software, sensors and connectivity to enable it to achieve greater value and service by exchanging data with the manufacturer, operator and/or other connected devices .

  • Internet of things (IoT) sometimes referred to as the Internet of Objects, will change everything-including ourselves, consider the impact the Internet already has had on education, communication, business, science, government and humanity. Clearly the Internet is one of the most important and powerful creations in all of human history.      

IoT Today


  • IoT is simply the point in time when more “things or objects” were connected to the internet than people.


  • During 2008  the number of things connected to the internet exceeded the number of people on the earth.




We evolve because we Communicate 


  • Human evolve because they communicate - This  principle of sharing information and building can best be understood by   examine how humans process data

  • It is also important to note there is a direct correlation between the input (data) and output(wisdom). The more data that is created, the more knowledge & wisdom people can obtain.


  • IoT dramatically increase the amount of data available for us to process. This, coupled with the Internet’s ability to communicate this data, will enable people to advance even further.



IoT The Tapping Point


  • Mobile, Cloud, Big Data and Social are converting to enable countless application of IoT in the future and of all the disruption in play today, IoT could very well be the biggest.

- With IoT, object use Tiny devices to  to make them identifiable by their own unique IP address. These devices can then autonomously communicate with one another.
-  Smart products
- Smart Optimisation
- Smart automation
- Smart decision

Big Data and IoT




  • These are roughly three distinct stages for IoT   
-   First, data is collected using sensors.
- At the next step, this data is analysed help of complex algorithms that were embedded into the IoT device or cloud base data processing.
- This is followed by decision - making and transmission of data to the decision making server.

  • If the Information collection is quit large and complex that it become difficult to analyse  using traditional data - processing techniques, we call it Big data. Results made from this analysis are then transmitted to the actual system, where the decision implemented.



The Internet of Everything(IoE)




  • People
- Connection People with more relevant valuable ways.


  • Data
- Leveraging data into more useful information for decision making.


  • Process
- Delivering the right information to the right person(or machine) at right time.


  • Tings
- Physical devices and object connected to the internet and each other for intelligent decision making.


IoT Applications


  • From building and home automation to wearable, the IoT touches every facet of our lives.




Challenging in IoT

  • Sending complex environment
- Innovative ways to sense and deliver information from the physical world to the cloud.

  • Connectivity
- Variety of wired and wireless connectivity standard area required enable different application needs.

  • Power
- Many IoT applications need to run for years over batteries and reduce the overall energy consumption

  • Security is vital
- Protecting user's privacy and manufacture's IP directing and blocking malicious activity.

  • IoT is complex
- IoT Applications development needs to be easy for all developers, not just to experts.

  • Cloud is Important
- IoT applications require end-to-end solutions including cloud services.


Conclusion


  • Just the internet has transforms businesses and lifetime in last twenty years, IoT will disrupt one's organisation's relationship with stockholders.

  • while it is complex, and poses risks and still involving,many pioneers have started adopting this technology. A technology agnostic platform that enables device management, application management, and spencer data management with analytics will jumpstart your engagement with cyber physical systems.
- This can help you innovate new processes and initiatives to increase your organisation's business performance, and create customer delight with new products and services.




Rasitha Ariyarathne
CIS 2012/2013

0 comments :