Ron Poet's research while affiliated with University of Glasgow and other places

Publications (62)

Conference Paper
We investigate a form of recognition-based graphical passwords where users choose their pass images from a system provided collection. In these systems the user is presented with a challenge set containing their pass images, together with distracters, when they login. They need to recognise their pass images to gain access. The distracters come fro...
Chapter
The existing model of Federated Identity Management (FIM) allows a user to provide attributes only from a single Identity Provider (IdP) per service session. However, this does not cater to the fact that the user attributes are scattered and stored across multiple IdPs. An attribute aggregation mechanism would allow a user to aggregate attributes f...
Conference Paper
In this paper we present the formalisation of three well-known Identity Management protocols - SAML, OpenID and OAuth. The formalisation consists of two steps: formal specification using HLPSL (High-Level Protocol Specification Language) and formal verification using a state-of-the-art verification tool for security protocols called AVISPA (Automat...
Conference Paper
Scientific workflows are composed of different services to support scientific experiments. Often such services are provided by different organizations that can have their own autonomous access control policies. Workflows are often shared and repurposed with the same and/or different datasets to repeat scientific experiments, therefore, different us...
Conference Paper
Scientific experiments often involve use of shared resources across organization boundaries in distributed collaborative environments. They are more often enabled through web services. A plethora of research is undertaken to protect individual web services. They include centralized security models wherein the main focus is on centralised Virtual Or...
Conference Paper
Decentralized enactment of workflows is generally advocated for data intensive scientific applications. This approach offers a number of advantages including avoiding a single (centralized) point of failure, and associated (centralized) performance bottlenecks. However, such services are often assumed to be openly available with little or no securi...
Conference Paper
The two main problems that make authentication difficult for users have been known for some time and result in a number of coping mechanisms. The first problem is that users need to provide a large number of passwords, leading to password reuse. The second problem is that it is difficult to find passwords and PINS that are both secure and memorable...
Article
Full-text available
Security Assertion Markup Language (SAML, in short) is one of the most widely used technologies to enable Identity Federations among different organisations. Despite its several advantages, one of the key disadvantages of SAML is that it does not allow creating a federation in a dynamic fashion to enable service provisioning (or de-provisioning) in...
Conference Paper
Full-text available
With the absence of physical evidence, the concept of trust plays a crucial role in the proliferation and popularisation of online services. In fact, trust is the inherent quality that binds together all involved entities and provides the underlying confidence that allows them to interact in an online setting. The concept of Federated Identity Mana...
Article
Graphical passwords are a promising alternative to alphanumeric passwords for user authentication. Recognition-based schemes are commonly used. This paper aims to find the best ways to improve the usability and security of recognition-based graphical passwords using culturally familiar pictures. Two types of challenge sets (culturally familiar deco...
Conference Paper
Full-text available
In this paper we explore two issues: Federated Identity Management and Context-Aware Services. In the last decade or so we have seen these two technologies gaining considerable popularities as they offer a number of benefits to the user and other stakeholders. However, there are a few outstanding security and privacy issues that need to be resolved...
Conference Paper
In user authentication, alphanumeric passwords suffer from several weaknesses. They are hard to remember if they have been created from a random mix of letters and numbers. Recognition-based graphical passwords were proposed to increase memorability and to facilitate user authentication. Several graphical password schemes were introduced and examin...
Conference Paper
Recognition-based graphical passwords are common alternatives to alphanumeric passwords for user authentication. Previously, we proposed culturally familiar recognition-based graphical passwords using pictures that relate to users' backgrounds. This scheme showed a high level of memorability, especially for users who created their graphical passwor...
Conference Paper
Full-text available
There exist disparate sets of definitions with different se-mantics on different topics of Identity Management which often lead to misunderstanding. A few efforts can be found compiling several related vocabularies into a single place to build up a set of definitions based on a common semantic. However, these efforts are not comprehensive and are o...
Conference Paper
This paper presents a user study with 70 participants using four different image types: Mikon; doodle; art; object, to examine guessability of image passwords to textual descriptions The study reported in this paper will examine, whether a written (textual) copy made by an account holder for recalling the target images forming a password in subsequ...
Conference Paper
Existing studies in the field of graphical authentication systems (GASs) have shown that users find it difficult to remember multiple image passwords. In this context, it is believed that memorability can be improved if target images making up a graphical password are selected using a mnemonic strategy during the registration stage. We conducted a...
Conference Paper
Passwords are the most common form of authentication. The password memorability problem is magnified with increasing number of systems users have to access. Graphical authentication systems (GASs) have received significant attention as one potential alternative to alphanumeric passwords to provide more usable authentication. In this paper we review...
Article
People find it difficult to remember multiple alphanumeric as well as graphical passwords. We propose a Passhint authentication system (PHAS), where the users have to choose four images and create hints for each one of them in order to register a new password. During authentication, they have to recognize only the target images, which are displayed...
Conference Paper
This paper reports on a recognition based graphical authentication system where the users provide their pass images as simple drawings. Previous such systems have relied on a human administrator to register the images with the system, which limits their scale. We have replaced the administrator with software that both guides the user through the re...
Conference Paper
The aim of this research is to examine whether or not an attacker could guess hand drawn images chosen as graphical password by others, based on knowledge of some cultural information like where they are come from or their religion or even their hopes and aims. Also, the aim was therefore to ascertain at what level the cross-cultural influences mig...
Conference Paper
Full-text available
This paper presents a comparative analysis of different at-tribute aggregation models against a set of requirements in the settings of the Federated Identity Management (FIM). There are several attribute aggregation models currently available which allow the user to collate attributes from multiple identity providers (IdP in short) in a single serv...
Conference Paper
Recognition-based graphical authentication systems (RBGSs) using images as passwords have been proposed as one potential solution to the need for more usable authentication. The rapid increase in the technologies requiring user authentication has increased the number of passwords that users have to remember. But nearly all prior work with RBGSs has...
Conference Paper
Usability and guessability are two conflicting criteria in assessing thesuitability of an image to be used as password in the recognition based graph-ical authentication systems (RGBSs). We present the first work in this area that uses a new approach, which effectively integrates a series of techniques in order to rank images taking into account th...
Conference Paper
Recognition-based graphical password have been proposed as an alternative to overcome the drawbacks of the alphanumeric password in user authentication. A web-based study was performed to determine the cultural impact on the usability of recognition-based graphical password. A number of participants (Saudi and British) selected their graphical pass...
Conference Paper
Full-text available
This paper analyses the prospect of having a Portable Personal Identity Provider (PPIdP, in short) in the mobile phone. The ubiquitous presence of powerful mobile phones equipped with high speed networks can be utilised to make the mobile phone act as a portable and personal Identity Provider (IdP, in short) on behalf of their users. Such an IdP wo...
Conference Paper
One claimed advantage of the image passwords used in recognition based graphical authentication systems (RBGSs) over text passwords is that they cannot be written down or verbally disclosed. However, there is no empirical evidence to support this claim. In this paper, we present the first published comparison of the vulnerability of four different...
Poster
Full-text available
A study by Oracle predicted $85 billions worth of market share for context-aware services by 2015. However, there are many unresolved security and privacy issues that need to be addressed to harness the full potential of such context-aware services. Most importantly, there is a lack of a framework based on standardised techniques satisfying differe...
Conference Paper
Full-text available
Security Assertion Markup Language (SAML, in short) is one of the most widely used technologies to enable Identity Federation among organisations from different trust domains. Despite its several advantages, one of the key disadvantages of SAML is the mechanism by which an identity federation is established. This mechanism lacks flexibility to crea...
Poster
Full-text available
In this poster, we explore different aspects of a novel of type of Identity Providers (IdP), deployed in the mobile phone of a user.
Conference Paper
Full-text available
In this paper, we present a comparative analysis of a few popular Identity Management Systems against a set of requirements. Identity Management and Identity Management Systems have gained significant attention in recent years with the proliferation of different web-enabled and e-commerce services leading to an extensive research on the field in t...
Poster
Full-text available
Nowadays, Smartphones have almost ubiquitous presence. They have powerful h/w: Quad/dual core processors, massive memory & highly interactive touch screen. They are equipped with highly-dynamic Operating Systems and intuitive user interfaces. They are increasingly being used to access critical and multi-modal online services. Here, we present our a...
Conference Paper
Recognition-based graphical passwords are one of several proposed alternatives to alphanumerical passwords for user authentication. However, there has been limited work on the security of such schemes. Often authors state a possible attack combined with a proposed countermeasure, but the efficacy of the counter measure is not always quantitatively...
Article
Full-text available
Currently there are many different Identity Management Systems which differ in their architectures as well as use different protocols and serve different purposes and are extensively used by organisations to provide online services. With the remarkable growth of mobile phones in the last few years, both in number and computational power, more and m...
Article
Recognition-based graphical authentication systems rely on the recognition of authenticator images by legitimate users for authentication. This paper presents the results of a study that compared Doodle images and Mikon images as authenticators in recognition based graphical authentication systems taking various usability dimensions into account. T...
Conference Paper
There is no widely accepted way of measuring the level of security of a recognition-based graphical password against guessing attacks. We aim to address this by examining the influence of predictability of user choice on the guessability and proposing a new measure of guessability. Davis et al. showed that these biases exist for schemes using faces...
Conference Paper
Recognition-based graphical password (RBGP) schemes are not easily compared in terms of security. Current research uses many different measures which results in confusion as to whether RBGP schemes are secure against guessing and capture attacks. If it were possible to measure all RBGP schemes in a common way it would provide an easy comparison bet...
Poster
Full-text available
The focus of this research is on Identity Management (IdM, in short) with mobile devices. Mobile devices like Smartphone, Tablet, PDA, etc. are becoming an integrated part of our lives with their ever increasing ubiquitous presence. Nowadays, they represent a major way of accessing the Internet, and the only way in many parts of the world. Current...
Conference Paper
this paper we present an experiment to detect the vulnerability of recognition based graphical authentication system to shoulder surfing. The experiment is conducted with teams of two, a user logging in to such as system and an observer who is trying to spot the user's pass-image. Our results suggest that inputting our choice via the keyboard is mo...
Article
Full-text available
When a user logs on to a recognition based authentication system, he or she is presented with a number of images, one of which is their pass image and the others are distractors. The user must recognise and select their own image to enter the system. If any of the distractors is too similar to the target, the user is likely to become confused and m...
Article
Graphical authentication holds some potential as an alternative to the ubiquitous password. Graphical authentication mechanisms typically present users with one or more challenge sets composed of a number of images: one target image surrounded by distractor images. Unfortunately, this means it tends to be more time-consuming than password entry and...
Article
We present a novel type of computer generated picture in which the positions of the main chain alpha carbon atoms are averaged and the different types of hydrogen bonds between main chain atoms are represented by lines of different colours and thicknesses joining the alpha-carbon atoms. This allows various types of helices, beta-sheets, beta-bulges...
Article
Full-text available
Graphical passwords hold some promise in a world of increasing numbers of passwords, which computer users are straining to remember. However, since these kinds of mechanisms are a fairly new innovation many design and implementation problems exist which could well prevent these mechanisms from realising their full potential. This paper addresses th...
Article
The use of Lennard-Jones potentials gives rise to an expected energydistribution for main-chain polypeptide conformations in the Ramachandran plot that matches well the observed distribution of ,Ψ values in high-resolution proteins. The position of the energy minimum in the β-strand conformation region is situated where there is a substantial contr...
Article
An angle named γ has been employed to describe the geometry at a hydrogen bond between main-chain atoms of polypeptides. In antiparallel β-sheet, γ is normally positive, whereas, in parallel β-sheet and α-helices, it is negative. Although intriguing, no particular explanation has been offered to explain this result. We provide evidence that, in eac...
Article
The use of Lennard-Jones potentials gives rise to an expected energy distribution for main-chain polypeptide conformations in the Ramachandran plot that matches well the observed distribution of phi,psi values in high-resolution proteins. The position of the energy minimum in the beta-strand conformation region is situated where there is a substant...
Article
An angle named gamma has been employed to describe the geometry at a hydrogen bond between main-chain atoms of polypeptides. In antiparallel beta-sheet, gamma is normally positive, whereas, in parallel beta-sheet and alpha-helices, it is negative. Although intriguing, no particular explanation has been offered to explain this result. We provide evi...
Conference Paper
A computer system is presented for the visualization of proteins. It runs on a UNIX-based computer graphics workstation. The system provides a substantial increase in understanding of protein structural features, knowledge about which will assist in prediction work. An experiment with the system carried out using the wheat germ agglutinin protein,...
Article
We report the frequent occurrence in proteins of motifs consisting of either 9-membered or 11-membered rings that involve the side-chain amide groups of asparagine and glutamine residues. The syn CO and NH groups of these amide groups are hydrogen-bonded to the main-chain NH and CO groups of other amino acid residues. The main-chain part of both th...
Article
Two computer graphics techniques for displaying hydrogen bonds between the main chains of different proteins are described, and illustrated for two thiol proteases. (The X-ray crystallography was performed by Kamphuis et al. in 1984, and by Baker and Dodson in 1980.) One is a three-dimensional model that can be manipulated in space; the hydrogen bo...
Article
Gamma-turns may be defined by a hydrogen bond between the carbonyl group of one amino acid residue and the amino group of the acid two residues ahead in the sequence. They occur as two types, inverse gamma-turns and classic gamma-turns (classic gamma-turns are usually called just gamma-turns but we prefer to add the adjective classic to distinguish...
Article
The structures of commonly occurring loop motifs and β-hairpins are described, with emphasis on their inter-main chain hydrogen bond patterns. Especially new is the realization that β-hairpins occur in four distinct classes that are of evolutionary and structural significance. Certain of the loop motifs are often found at the ends of particular cla...
Article
Full-text available
We show that beta-hairpins can be divided into four classes, each with a number of members. Hairpins from a single class are readily interconverted by loss or gain of hydrogen bonds, but interconversion between classes requires complete unzipping and reformation of the entire beta-hairpin. Sibanda & Thornton [(1985) Nature (London) 316, 170-174] ha...

Citations

... Nonetheless, it has discovered a slew of benign, widely used apps that use masking strategies, implying end consumers and retailers would be benefited from utilizing a method like ours to expose potentially malicious improved user experience by modifying behavior in Android applications. e research aims to develop an excellent way to protect Android app users' private information [74]. A poll of smartphone users was done as part of the study to determine their comprehension of privacy protection. ...
... Another way for increasing the users' performance is with the use of techniques such as visual cryptography and distortion of the image areas [93]. Moreover, the use of seen distractors (e.g., areas of images that the user has already seen and is familiar with) can increase the user performance when authenticating with GUA schemes [8]. ...
... Traditional IdPs within the centralized domain generally do not support any attribute aggregation mechanism. However, there have been works that have explored how attribute aggregation can be achieved within the federated domain [29], [30]. Nevertheless, we do not explore them any further than the assumption that there are some centralized public IdPs which provide interfaces (e.g. via an API) to generate and supply assertions to other IdPs in a secure way. ...
... Minh Chau Nguyen and Hee Sun Won propose a web-based analytic workflow system to allow end-users to use easily their desired analytic functions to solve specific problems in different domains [4] . Sardar Hussain, Richard O. Sinnott and Ron Poet provide a security-oriented workflow framework that supports secure workflow enactment [5] . Zhenyu Wen, Jacek Cał a, Paul Watson, and Alexander Romanovsky present a novel algorithm to deploy workflow applications on federated clouds [6] . ...
... AVISPA is a popular security protocol verifier which uses mathematical logic to analyze the security properties of a given protocol. Researchers have used this tool to model and analyze popular security protocols such as SAML and OpenID [29,30]. In AVISPA, the security K. Hasan et al. protocols are specified using a special specification language called High-Level Protocol Specification Language (HLPSL) [31]. ...
... Other works such as [13] propose solutions to secure workflow enactment while providing an identification services to the different workflows, however, do not tackle the delegation of these services as part of mobile environment were non-stable connections could hamper the workflow execution. Some authors [14] tackle the problem of decentralized workflow by focusing on traceability and control access policies, while assuming that other critical security controls are resolved at the orchestrator level. ...
... Previous researchers studied that pictures, especially photographs, are easier to remember than text-based passwords [3]. However, Chowdhury et al. [4] reviewed that memorability still remain unsolved even when the GUA is employed. ...
... Any amino acid residue, not just proline, can adopt this conformation (Cubellis, Caillez, Blundell, & Lovell, 2005). The helix is stabilized by solvation (hydrogen bonds with water) and weak dipolar inter-residue interactions (Maccallum, Poet, & Milner-White, 1995) but not by hydrogen bonding between residues so it is easily perturbed and gives rise to worm-like, flexible, polypeptide chains in many IDPs, including caseins. (Adzhubei, Sternberg, & Makarov, 2013;Baldwin, 2002;Barron, Blanch, & Hecht, 2002;Shi, Woody, & Kallenbach, 2002). ...
... For the 0 .-*C = 0 interaction, Maccallum et al. (1995) have shown that the Coulombic interaction between the oppositely charged non-bonded atoms, even when they are at a distance greater than the sum of their van der Waals radii, can have a magnitude as much as 80% of a hydrogen bond. In the present case, the non-bonded atoms are not only at a much shorter distance , they also orient for the optimal overlap of their respective molecular orbitals, and the gain in energy could be comparable to a hydrogen bond. ...
... Given the differences in sequence for the inhibitors in this region , it is interesting that the a ( ~ turn is conserved. A common feature of this turn for EETI-11, Leu,-EETI-11, and CMTI-I is the occurrence of its fourth residue in the y region of d-$ space, which is what would be expected for a 0-bulge loop (Milner White & Poet, 1987). The sharp loop defined by residues 11-15 is of significant interest since part of the sequence in this region, namely Asp-Ser- Asp-Cys, is highly conserved throughout the squash family proteins. ...