Search results for "todentaminen"
showing 10 items of 14 documents
Family Matters : Abusing Family Refresh Tokens to Gain Unauthorised Access to Microsoft Cloud Services Exploratory Study of Azure Active Directory Fa…
2022
Azure Active Directory (Azure AD) is an identity and access management service used by Microsoft 365 and Azure services and thousands of third-party service providers. Azure AD uses OIDC and OAuth protocols for authentication and authorisation, respectively. OAuth authorisation involves four parties: client, resource owner, resource server, and authorisation server. The resource owner can access the resource server using the specific client after the authorisation server has authorised the access. The authorisation is presented using a cryptographically signed Access Token, which includes the identity of the resource owner, client, and resource. During the authorisation, Azure AD assigns Ac…
Exploring Azure Active Directory Attack Surface: Enumerating Authentication Methods with Open-Source Intelligence Tools
2022
Azure Active Directory (Azure AD) is Microsoft’s identity and access management service used globally by 90 per cent of Fortune 500 companies and many other organisations. Recent attacks by nation-state adversaries have targeted these organisations by exploiting known attack vectors. In this paper, open-source intelligence (OSINT) is gathered from organisations using Azure AD to explore the current attack surface. OSINT is collected from Fortune 500 companies and top 2000 universities globally. The collected OSINT includes authentication methods used by the organisation and the full name and phone number of the primary technical contact. The findings reveal that most organisations are using…
Too many passwords? : How understanding our memory can increase password memorability
2018
Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users’ memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related to memory…
Dog blogs as ventriloquism: Authentication of the human voice
2015
This paper looks at personal blogging by dog owners in an international, English language blogsite in which dog owners from around the world report and reflect upon their dogs and their lives with dogs, and do so by using the dog׳s voice. It approaches dog blogs as an example of the strategic use of pervasive but contentious anthropomorphic western discourses about animals and discusses how dog bloggers use anthropomorphism as a discursive means for crafting and collectively ratifying authenticity in a translocal, interest-driven and informal social media context in which traditional territorial and demographic parameters of authenticity are not easily available or relevant. More specifical…
Too many passwords? How understanding our memory can increase password memorability
2018
Abstract Passwords are the most common authentication mechanism, that are only increasing with time. Previous research suggests that users cannot remember multiple passwords. Therefore, users adopt insecure password practices, such as password reuse in response to their perceived memory limitations. The critical question not currently examined is whether users’ memory capabilities for password recall are actually related to having a poor memory. This issue is imperative: if insecure password practices result from having a poor memory, then future password research and practice should focus on increasing the memorability of passwords. If, on the other hand, the problem is not solely related …
An Efficient and Privacy-Preserving Blockchain-Based Authentication Scheme for Low Earth Orbit Satellite Assisted Internet of Things
2022
Recently, integrating satellite networks (e.g. Low-earth-orbit satellite constellation) into the Internet of Things (IoT) ecosystem has emerged as a potential paradigm to provide more reliable, ubiquitous and seamless network services. The LEO satellite networks serves as a key enabler to transform the connectivity across industries and geographical border. Despite the convenience brought from the LEO satellite networks, it arises security concerns, in which the essential one is to secure the communication between the IoT devices and the LEO satellite network. However, some challenges inheriting from the LEO satellite networks need to be considered : 1) the dynamic topology; 2) the resource…
The Light Side of Passwords : Turning Motivation from the Extrinsic to the Intrinsic
2019
There are many good and bad aspects to password authentication. They are mostly without cost, securing many accounts and systems, and allowing users access from anywhere in the world. However, passwords can elicit dark side phenomena, including security technostress; with many users feeling negatively towards them, as they struggle to cope with the sheer numbers required in their everyday lives. Much research has attempted to understand users’ interactions with passwords, examining the trade-off between security, memorability, user convenience, and suggesting techniques to manage them better. However, users continue to struggle. Many studies have shown that users are more concerned with goa…
Pedagogical approaches for e-assessment with authentication and authorship verification in Higher Education
2019
Checking the identity of students and authorship of their online submissions is a major concern in Higher Education due to the increasing amount of plagiarism and cheating using the Internet. The literature on the effects of e-authentication systems for teaching staff is very limited because it is a novel procedure for them. A considerable gap is to understand teaching staff' views regarding the use of e-authentication instruments and how they impact trust in e-assessment. This mixed-method study examines the concerns and practices of 108 teaching staff who used the TeSLA—Adaptive Trust-based e-Assessment System in six countries: the UK, Spain, the Netherlands, Bulgaria, Finland and Turkey.…
Enhancing the user authentication process with colour memory cues
2022
The authentication process is the first line of defence against potential impostors, and therefore is an important concern when protecting personal and organisational data. Although there are many options to authenticate digital users, passwords remain the most common authentication mechanism. However, with password numbers increasing, many users struggle with remembering multiple passwords, which affects their security behaviour. Previous researchers and practitioners have attempted to suggest ways to improve password memorability and security simultaneously. We introduce novel approach that utilises colour as a memory cue to increase password memorability and security. A longitudinal stud…
Anomaly detection approach to keystroke dynamics based user authentication
2017
Keystroke dynamics is one of the authentication mechanisms which uses natural typing pattern of a user for identification. In this work, we introduced Dependence Clustering based approach to user authentication using keystroke dynamics. In addition, we applied a k-NN-based approach that demonstrated strong results. Most of the existing approaches use only genuine users data for training and validation. We designed a cross validation procedure with artificially generated impostor samples that improves the learning process yet allows fair comparison to previous works. We evaluated the methods using the CMU keystroke dynamics benchmark dataset. Both proposed approaches outperformed the previou…