Phoney protection for passwords

Corporate data breaches seem to be on the rise, rarely a week passes without a company revealing that its database has been hacked and regrettably usernames, passwords, credit card details and its customers’ personal information has been leaked on to the open internet. A new protection, nicknamed Phoney, is reported in the International Journal of Embedded Systems.

Rong Wang, Hao Chen and Jianhua of Sun College of Computer Science and Electronic Engineering, Hunan University, Changsha, China, explain that once password files have been stolen, attackers can quickly crack large numbers of passwords. With their “Phoney” system which employs a threshold cryptosystem to encrypt the password hashes in the password file and honeywords to confuse attackers, even if the hackers have comprised a database, the phoney, honeywords, obfuscate and camouflage the genuine passwords. Moreover, if those honeywords are de-hashed and used in a login attempt, the hacked system will know to immediately block the fake user and lock down the account they tried to break into.

Until a secure and safe alternative is found, passwords will remain the simplest and most effective way to login to online systems, such as shopping, banking and social media sites. Passwords lists stored by the providers can be salted and hashed to make it harder for hackers to decrypt them and users can help themselves by using long, sophisticated passwords. However, the hash used to mask a password database can itself be cracked and breaches happen and data is inevitably compromised. For example, recently 6.5 million logins from a major social networking site were stolen and within a week almost two-thirds of those passwords had been cracked making a large proportion of the user base vulnerable to further exploitation and compromise of their personal data.

The team explains that, “Phoney is helpful to existing password authentication systems and easy to deploy. It requires no modifications to the client, and just changes how the password is stored on the server, which is invisible to the client.” They have carried out tests and show that the time and storage costs are acceptable. “Of course, it is impossible for Phoney to guarantee no password leak absolutely in all possible scenarios,” they say. But the so-called cracking ‘search space’, in other words the amount of effort a hacker needs to breach the data is increased significantly.

 

Wang, R., Chen, H. and Sun, J. (2016) ‘Phoney: protecting password hashes with threshold cryptology and honeywords‘, Int. J. Embedded Systems, Vol. 8, Nos. 2/3, pp.146-154.

Research Picks – May 2016

Unemployment – keep it out of the family

Italian research suggests that “weak” jobseekers – who are defined as migrants, women, and young people – are less likely to find employment if they have strong family ties. A multivariate analysis of a trainee’s individual social networks – family, friends and acquaintance – affects subsequent employment outcome, the team found. They suggest that public employment and training agencies could improve employability of “weak” groups by strengthening connections between different hubs so that job referrals and reputation come to the fore.

Lamonica, V., Ragazzi, E., Santanera, E. and Sella, L. (2016) ‘The role of personal networks in the labour insertion of weak jobseekers’, Int. J. Computational Economics and Econometrics, Vol. 6, No. 3, pp.315–335.

Biological mining

Biology and medicine and their overlapping discipline, biomedical science, generate vast amounts of data on a daily basis, not least in the form of papers and reviews in the scientific literature. A powerful new literature mining tool, BioTopic, has now been developed and shown to have a search performance of 86% which is higher than conventional data mining techniques at retrieving pertinent information. Fine-grained pre-processing, topic modelling, and shallow parsing allow the tool to work quickly and accurately to find relevant papers. Mining of three topics “neuron”, “signalling pathway” and “apoptotic cell death” demonstrated proof of principle and highlight ways in which the system might be improved still further by generating a background word list and creating automated filtering rules.

Wang, X., Zhu, P., Liu, T. and Xu, K. (2016) ‘BioTopic: a topic-driven biological literature mining system’, Int. J. Data Mining and Bioinformatics, Vol. 14, No. 4, pp.373–386.

Go by rail

Rail travel is on the increase and associated with such an increase is the risk of accidents given conditions remaining unchanged or issues left unresolved. One particularly vulnerable component of rail infrastructure is the tunnels. A new safety model shows what measures must be adopted to preclude critical situations arising that can lead to serious accidents, including preventative maintenance and corrective measures to reduce risk. Of course, risk can never be reduced to zero in any activity, but as rail travel grows, the statistics must be countered to minimise it.

De Felice, F., Petrillo, A. and Zomparelli, F. (2015) ‘Railway tunnels safety: analysis of critical reliability aspects’, Int. J. Decision Sciences, Risk and Management, Vol. 6, No. 2, pp.103–127

Why the rich get richer

It’s a perennial concern of the poverty stricken – why is it that the rich get richer. Researchers in China suggest that this fact of life is down to mathematics, with wealth accumulation following a power law and thus generating asymmetries in society that lead to income and wealth distribution towards the haves and away from the have-nots. They found that wealth is more unequally distributed than income and that from a dynamical perspective revenues from financial investments are the key factor to sustaining wealth accumulation. “In other words, wealth-dependent asymmetries among agents lead to a rising inequality of income and wealth as the time goes on,” the researchers suggest.

Desiderio, S. and Chen, S. (2016) ‘Why the rich become richer: insights from an agent-based model’, Int. J. Computational Economics and Econometrics, Vol. 6, No. 3, pp.258–275.

Let internet crowd review design your next product

The internet has given almost everyone a very public voice and a chance to offer their opinion on almost every subject in a way that was not possible before. Research published in the International Journal of Knowledge and Web Intelligence demonstrates how consumer product reviews published on the internet could be analyzed through data mining techniques and allow designers to find ways to improve a given product or even add features that had not occurred to the manufacturer.

Ismail Art Yagci and Sanchoy Das of the Department of Mechanical and Industrial Engineering, at New Jersey Institute of Technology, in Newark, USA, explain how web reviews are a readily available source of product intelligence and suggest that such reviews might contain significant pointers regarding the pros and cons of a design or features that are redundant, unwanted or missing. In light of this, the team introduces a design-feature-opinion-cause relationship (DFOC) method that can extract design intelligence from unstructured web reviews.

Product development managers are constantly challenged to learn about the consumer’s experience with their product and to uncover the specifics of how well or how badly a product is performing in the hands of those consumers. Conventional market research, which might involve prototype testing, field tests and independent assessment are costly, time consuming and limited in the amount of data they can return. The advent of the internet and in particular the idea of interactive web 2.0 sites, online social media and networking and a boom in our all-round need to share our opinions has opened up an entirely new approach to such testing based around what one might called “crowd review”.

The researchers explain how their DFOC method first builds a sentence-based web review database and then mines that database to identify design features that are of interest to both designers and users. Next it extracts and estimates the significance and polarity of customer opinion and identifies the underlying factors that may have given rise to a particular opinion. The DFOC system used an association rule-based opinion mining procedure for capturing and extracting noun-adjective and noun-verb relationships.

Opinion mining is not entirely new, but the team has demonstrated a strong proof of principle with their DFOC method on car design on characteristics such as engine power, fuel economy, safety, comfort, exhaust, sound system, interior design etc. The DFOC approach identified 42 features of interest many of which are not commonly specified in car design and yet are of interest or concern to drivers. “This implies that a DFOC type analysis expands the design feature analysis set, and hence makes the intelligence is even more valuable,” the team says. They have also demonstrated how it can overcome several of the problems inherent to earlier techniques.

They point out that their DFOC method could enhance creative efficiency by identifying negative opinions in the early stages of the design process, and so help channel effort to areas where designers can have the greatest impact on consumer opinion of future products. The approach could also improve competitiveness by shortening the lead-time for the introduction of new products or services, lowering design costs, and improving quality and reliability of products and services.

Yagci, I.A. and Das, S. (2015) ‘Design feature opinion cause analysis: a method for extracting design intelligence from web reviews’, Int. J. Knowledge and Web Intelligence, Vol. 5, No. 2, pp.127–145.