- Waleed Albattah
1. To improve a humanoid robot which can express emotions like a human being; 2. To give proper response to the user that will really make more effective HRI; 3. Since a human being can communicate to each other by showing only his facial expression, a robot can understand the mood of the user by observing his face and reacting as well.
Research Item (12)
- Mar 2017
- 2017 2nd International Conference on Anti-Cyber Crimes (ICACC)
CAPTCHAs are applied on websites to differentiate between human users and automated programs, which indulge in spamming and other fraudulent activities. Since there are many websites that provide services in Arabic language, Arabic CAPTCHAs have been proposed by a number of studies. These CAPTCHAs rely on the distortion of text images rendering them unrecognizable to essentially pattern recognition techniques. However, the segmentation resistance evaluation against the proposed Arabic CAPTCHA schemes has not yet been done. Thus, this paper evaluates the robustness of the state of the art Arabic CAPTCHAs. Specifically, we showed that a number of proposed Arabic CAPTCHAs could be broken with an acceptable success rate. Moreover, a set of recommendation is derived in order to guide the design of robust Arabic CAPTCHAs.
- Nov 2016
- 2016 4th Saudi International Conference on Information Technology (Big Data Analysis) (KACSTIT)
- Nov 2016
- 2016 12th International Conference on Innovations in Information Technology (IIT)
Online services play an increasingly important role in executing tasks in many aspects of our lives. These services depend greatly on authentication mechanisms in order to give sufficient protection to the provided data. Since the traditional username and password scheme suffers from various security and usability drawbacks, this paper investigates a free-text keystroke dynamic authentication approach which provides security with high level of usability. In particular, this study extends previous studies in which the Arabic language is incorporated by investigating the utilization of different timing features, as well as applying Euclidean distance classification method. Based on a controlled experiment, the False Accept Rates (FAR) was 0.2, while the False Reject Rates (FRR) was 0.0. The results showed that the system performance is enhanced compared to other studies.
- Oct 2016
- 2016 15th International Conference on Frontiers in Handwriting Recognition (ICFHR)
A CAPTCHA is a test that can, automatically, tell human and computer programs apart. It is a mechanism widely used nowadays for protecting web applications, interfaces, and services from malicious users and automated spammers. Usability and robustness are two fundamental aspects with CAPTCHA, where the usability aspect is the ease with which humans pass its challenges, while the robustness is the strength of its segmentation-resistance mechanism. The collapsing mechanism, which is removing the space between characters to prevent segmentation, has been shown to be reasonably resistant to known attacks. On the other hand, this mechanism drops considerably the human-solvability of text-based CAPTCHAs. Accordingly, an optimizer has previously been proposed that automatically enhances the usability of a CAPTCHA generation without sacrificing its robustness level. However, this optimizer has not yet been evaluated in terms of improving the usability. This paper, therefore, evaluates the usability of this optimizer by conducting an experimental study. The results of this evaluation showed that a statistically significant enhancement is found in the usability of text-based CAPTCHA generation. - See more at: http://thesai.org/Publications/ViewPaper?Volume=7&Issue=8&Code=IJACSA&SerialNo=23#sthash.KjvMuJsu.dpuf
An automated public Turing test to distinguish between computers and humans known as CAPTCHA is a widely used technique on many websites to protect their online services from malicious users. Two fundamental aspects of captcha considered in various studies in the literature are robustness and usability. A widely accepted standard benchmark, to guide the text-based captcha developers is not yet available. So this paper proposes a benchmark for designing usable-secure text-based captchas based on a community driven evaluation of the usability and security aspects. Based on this benchmark, we develop four new textbased captcha schemes, and conduct two separate experiments to evaluate both the security and usability perspectives of the developed schemes. The result of this evaluation indicates that the proposed benchmark provides a basis for designing usable-secure text-based captchas.
Authentication in phones as well as in public spaces or even in shared spaces such as digital tabletops is inherently vulnerable to attacks and has the weakness of being susceptible to shoulder surfing attack. Shoulder surfing attack is a type of attack that uses direct observation techniques such as looking over someone’s shoulder to get information. This paper introduces a novel way of using the simple PIN (Personal Identification Number) entry technique to conceal the actual password within contingent randomly selected entries. In particular, the traditional password concept where what you input is what you get is redefined. That is, the distinction between the actual password and the act of entering a password is achieved using two master keys. The proposed approach allows the entry of very long passwords and thus prevents unwanted access even with exact copying of the entered password. Furthermore, it allows also to the entry of very short password. The prototype of the proposed approach is implemented. A user study has been conducted to evaluate both security and usability perspectives of this technique. The results showed that proposed approach is strength against observing the password and usable for participants to have a good control over the different parts of the entry
- Dec 2015
- 2015 IEEE International Conference on Data Science and Data Intensive Systems (DSDIS)
- Suliman Alsuhibany
- Waleed Albattah
A defensive mechanism, which encompasses a variety of services and protections, has been proposed by several researchers for many organizations to protect system resources from misuse. In the practical use of defensive mechanisms such as CAPTCHAs and spam filters, attackers and defenders exchange 'victories,' each celebrating (temporary) success in breaking and defending. In this paper, since most of these defensive mechanisms depend on a single algorithm as a defence mechanism, we present a confusion matrix that helps to understand how a defensive mechanism performs a correct/incorrect classification. Specifically, the expected results, of a defensive mechanism from the confusion matrix, lead to categorising defensive mechanisms into two main categories: Assertive and Predictive defensive mechanisms. Moreover, the predicted results of a predictive defensive mechanism can be divided into two types: Interactive and non-Interactive defensive mechanisms. The result of this categorization scheme is useful to interested parties such as researchers, defensive mechanism designers and developers, as a tool to classify a defensive mechanism. Also, the view of interactive defensive mechanisms (IDMs) is important and useful, since it provides a consistent and clear understanding of the problem of IDMs in a system. Having such a view enables various interested parties, such as researchers, defensive mechanism design and defensive mechanism developers, to work from the same reference point, which is as unambiguous as possible.
- Oct 2013
- 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS)
- International Conference on Risks and Security of Internet and Systems
An intrusion and attack detection system usually focuses on classifying a record as either normal or abnormal. In some cases such as insider attacks, attackers rely on feedback from the attacked system, which enables them to gradually manipulate their attempts in order to avoid detection. This paper proposes the notion of accumulative manipulation that can be observed through a number of attempts accomplished by the attacker, which forms the basis of the Attacker Learning Curve (ALC). Based on a controlled experiment, we first show that the ALC for three different attack strategies are consistent between two different groups of subjects. We then define a strategy detection mechanism, which is experimentally shown to be accurate more than 70% of the time.
In the practical use of security mechanisms such as CAPTCHAs and spam filters, attackers and defenders exchange ‘victories,’ each celebrating (temporary) success in breaking and defending. While most of security mechanisms rely on a single algorithm as a defense mechanism, we propose an approach based on a set of algorithms as a defense mechanism. When studying sets of algorithms various issues arise about how to construct the algorithms and in which order or in which combination to release them. In this paper, we consider the question of whether the order in which a set of defensive algorithms is released has a significant impact on the time taken by attackers to break the combined set of algorithms. The rationale behind our approach is that attackers learn from their attempts, and that the release schedule of defensive mechanisms can be adjusted so as to impair that learning process. This paper introduces this problem. We show that our hypothesis holds for an experiment using several simplified but representative spam filter algorithms—that is, the order in which spam filters are released has a statistically significant impact on the time attackers take to break all algorithms.
- Sep 2013
- Availability, Reliability and Security (ARES), 2013 Eighth International Conference on
While security algorithms are utilized to protect system resources from misuse, using a single algorithm such as CAPTCHAs and Spam-Filters as a defence mechanism can work to protect a system against current attacks. However, as attackers learn from their attempts, this algorithm will eventually become useless and the system is no longer protected. We propose to look at a set of algorithms as a combined defence mechanism to maximize the time taken by attackers to break a system. When studying sets of algorithms, diverse issues arise in terms of how to construct them and in which order or in which combination to release them. In this paper, we propose a model based on Stochastic Petri Nets, which describe the interaction between an attacker, the set of algorithms used by a system, and the knowledge gained by the attacker with each attack. In particular, we investigate the interleaving of dependent algorithms, which have overlapping rules, with independent algorithms, which have a disjoint set of rules. Based on the proposed model, we have analyzed and evaluated how the order can impact the time taken by an attacker to break a set of algorithms. Given the mean time to security failure (MTTSF) for a system to reach a failure state, we identify an improved approach to the release order of a set of algorithms in terms of maximizing the time taken by the attacker to break them. Further, we show a prediction of the attacker's knowledge acquisition progress during the attack process.
- Sep 2011
- Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
CAPTCHA is a test that can, automatically, tell human and computer programmes apart. It is now almost a standard security technology, and has found widespread application on commercial websites. Robustness and usability are two fundamental aspects with CAPTCHA. The robustness of a text CAPTCHA is typically determined by the strength of its segmentation-resistance mechanism. The mechanism of Crowding Character Together (CCT) has been shown to be reasonably resistant to known attacks. On the other hand, such an approach can reduce the usability by making characters very difficult to recognize. This paper proposes an optimiser that automatically enhances the usability of a CAPTCHA design. A key point of this optimiser is that the usability of the CAPTCHA scheme is improved without sacrificing its robustness level. Applying the proposed optimiser will be shown to achieve a significant improvement in the usability of CAPTCHA.