Current keystroke dynamics applications have tackled the problem of traditional knowledge-based static password verification, but the problem of spontaneous password verification persists. The intent of this study was to examine the predictive strength of typing patterns for spontaneous passwords. The typing patterns of an individual typing at a DELL

Ever since introduction of automated fingerprint recognition in law enforcement in the 1970s it has been utilized in applications ranging from personal authentication to civilian border control. The increasing use of automated fingerprint recognition puts on it a challenge of processing a diverse range of fingerprints. The quality control module is important to this process because it supports consistent fingerprint detail extraction which helps in identification / verification. Inherent feature issues, such as poor ridge flow, and interaction issues, such as inconsistent finger placement, have an impact on captured fingerprint quality, which eventually affects overall system performance. Aging results in loss of collagen; compared to younger skin, aging skin is loose and dry. Decreased skin firmness directly affects the quality of fingerprints acquired by sensors. Medical conditions such as arthritis may affect the user

Policy-based management for federated healthcare systems have recently gained increasing attention due to strict privacy and disclosure rules. While the work on privacy languages and enforcement mechanisms, such as Hippocratic databases, has advanced our understanding of designing privacy-preserving policies for healthcare databases, the need to integrate these policies in practical healthcare framework is becoming acute. Additionally, while most work in this area has been organization-oriented, dealing with exchange of information between healthcare organizations (such as referrals), the requirements for the emerging area of personal healthcare information management have so far not been adequately addressed. These shortcomings arise from the lack of a sophisticated policy specification language and enforcement architecture that can capture the requirement for (i) integration of privacy and disclosure policies with well-known healthcare standards used in the industry in order to specify the precise requirements of a practical healthcare system, and (ii) provision of ubiquitous healthcare services to patients using the same infrastructure that enables federated healthcare management for organizations. In this paper, we have designed a policy-based system to mitigate these concerns. One, we have designed our disclosure and privacy policies using a requirements specification based on a set of use cases for the Clinical Document Architecture (CDA) standard proposed by the community. Two, we present a context-aware policy specification language which allows encoding of CDA-based requirements use-cases into privacy and disclosure policy rules. We have shown that our policy specification language is effective in terms of handling a variety of expressive constraints on CDA-encoded document contents. Our language enables specification of privacy-aware access control for federated healthcare information across organizational boundaries, while the use of contextual constraints allows the incorporation of user and environment context in the access control mechanism for personal healthcare information management. Moreover, the declarative syntax of the policy rules makes the policy adaptable to changes in privacy regulations or patient preferences. We also present an enforcement architecture for the federated healthcare framework proposed in this paper.

Position-based routing protocols make routing de-  cisions based on the geographical position of the destination of a packet. Such protocols scale well since they do not require nodes to maintain explicit routes. Instead each node must know only its own position, the position of its neighbors, and the position of the destination. Thus, a critical component of position-based routing protocols is the position service that allows nodes to obtain the position of a destination node.  In this paper we analyze the security vulnerabilities of position-  based routing protocols and virtual home region (VHR)-based distributed position service systems. We propose methods to protect the position information from both external and internal attackers. We then discuss and propose several mitigation mech-  anisms against position abuse by internal attackers that exploit the position service to trace their targets. Finally, we propose a position verification mechanism that allows the position service to verify that the positions reported by nodes are correct.

Scalability and energy management issues are crucial for sensor network databases. In this paper, we introduce the Sharing and PArtitioning of Stream Spectrum (SPASS) pro-  tocol as a new approach to provide scalability with re-  spect to the number of sensors and to manage the power consumption efficiently. The spectrum of a sensor is the range/distribution of values read by that sensor. Close-by sensors tend to give similar readings and, consequently, ex-  hibit similar spectra. We propose to combine similar spectra into one global spectrum that is shared by all contributing sensors. Then, the global spectrum is partitioned among the sensors such that each sensor carries out the responsibility of managing a partition of the spectrum. Spectrum sharing and partitioning require continuous coordination to balance the load over the sensors. Experimental results show that the SPASS protocol relieves a sensor database system from the burden of data acquisition in large-scale sensor networks and reduces the per-sensor power consumption.

Survivable routing protocols are able to provide service in the presence of attacks and failures. The strongest attacks that protocols can experience are attacks where adversaries have full control of a number of authenticated nodes that behave arbitrarily to disrupt the network, also referred to as Byzantine attacks. This work examines the survivability of ad hoc wireless routing protocols in the presence of sev-  eral Byzantine attacks: black holes, flood rushing, worm-  holes and overlay network wormholes. Traditional secure routing protocols that assume authenticated nodes can al-  ways be trusted, fail to defend against such attacks. Our protocol, ODSBR, is an on-demand wireless routing proto-  col able to provide correct service in the presence of failures and Byzantine attacks. We demonstrate through simulations its effectiveness in mitigating such attacks. Our analysis of the impact of these attacks versus the adversary

Hybrid networks are a promising architecture that builds ad hoc, wireless networks around the existing cellular tele-  phony infrastructure and supporting massive deployment for ad hoc networking. In this paper we present a rout-  ing protocol, DST, for hybrid networks that maintains a close to optimal spanning tree of the network by using dis-  tributed topology trees. DST is fully dynamic and generates only O(log n) messages per update operation. We demon-  strate experimentally that the performance of DST scales well with the network size and activity, making it ideal for the metropolitan environment hybrid networks are expected to operate in.

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and potentially creates additional vulnerabilities. The objective of this research is to present and evaluate a Genetic Algorithm (GA)-  based approach enabling organizations to choose the minimal-cost security profile providing the maximal vulnerability coverage. This approach is compared to an enumerative approach for a given test set. The GA-based approach provides favorable results, eventually leading to improved tools for supporting information security investment decisions.

Business-to-business (B2B) exchanges are expected to bring about lower prices for buyers through reverse auctions.  Analysis of such settings for seller pricing behavior often points to mixed-strategy equilibria. In real life, it is plausible that managers learn this complex ideal behavior over time. We modeled the two-seller game in a synthetic environment, where two agents use a reinforcement learning (RL) algorithm to change their pricing strategy over time. We find that the agents do indeed converge towards the theoretical Nash equilibrium. The results are promising enough to consider the use of artificial learning mechanisms in electronic marketplace transactions.

Multi-domain application environments where distributed domains interoperate with each other are becoming a reality in internet-based and web-services based enterprise applications. The secure interoperation in a multidomain environment is a challenging problem. In this paper, we propose a distributed secure interoperability protocol that ensures secure interoperation of the multiple collaborating do mains without compromisingthesecurityof collaborating domains. We introduce the idea of access paths and access paths constraints. Furthermore, we device a path discovery algorithm that is capable of querying interoperating domains for the set of secure access paths between different domains.