Refine
H-BRS Bibliography
- yes (80) (remove)
Departments, institutes and facilities
- Fachbereich Informatik (80) (remove)
Document Type
- Conference Object (38)
- Article (19)
- Preprint (7)
- Doctoral Thesis (4)
- Part of a Book (3)
- Research Data (3)
- Report (3)
- Book (monograph, edited volume) (1)
- Conference Proceedings (1)
- Contribution to a Periodical (1)
Year of publication
- 2021 (80) (remove)
Keywords
- Usable Security (4)
- Big Data Analysis (3)
- Machine Learning (3)
- AML (2)
- Augmented Reality (2)
- Authentication features (2)
- Cognitive robot control (2)
- Explainable robotics (2)
- Generative Models (2)
- HSP90 (2)
- Human-Computer Interaction (2)
- Learning from experience (2)
- LoRa (2)
- LoRaWAN (2)
- Low-Power Wide Area Network (LP-WAN) (2)
- Measurement (2)
- Path Loss (2)
- Quality diversity (2)
- Risk-based Authentication (RBA) (2)
- Robotics (2)
- Urban (2)
- 3D navigation (1)
- AD (1)
- AES (1)
- API Documentation (1)
- API Gebrauchstauglichkeit (1)
- API usability (1)
- Adaptive Control (1)
- Artificial Intelligence (1)
- Assistive robots (1)
- Auditory Cueing (1)
- BPMS (1)
- Benchmarking (1)
- Bioinformatics (1)
- Block cipher (1)
- Bond Graph Modelling (1)
- Branch and cut (1)
- CC (1)
- CEHL (1)
- Cache line fingerprinting (1)
- Classifiers (1)
- Clustering (1)
- Co-creative processes (1)
- Cognitive informatics (1)
- Cognitive robotics (1)
- Compliant fingers (1)
- Computational creativity (1)
- Computing methodologies (1)
- Content Security Policies (1)
- Continual robot learning (1)
- Correlative Microscopy (1)
- Cortex-M3 (1)
- Creative Commons (1)
- DPA (1)
- Datenbanksysteme (1)
- Developer Centered Security (1)
- Differential analysis (1)
- Digitale Lehre (1)
- Dimensionality reduction (1)
- Divergent optimization (1)
- Drug (1)
- E-Health (1)
- ELM (1)
- Earth Observation (1)
- Employee data protection (1)
- Evolutionary optimization (1)
- Explainable Machine Learning (1)
- Failure Prognosis (1)
- Fault Detection & Diagnosis (1)
- Fault Diagnosis (1)
- Feature extraction (1)
- Fluency (1)
- Foveated rendering (1)
- GDPR (1)
- GLI (1)
- Gabor filter (1)
- Global illumination (1)
- HSP70 (1)
- HTTP (1)
- Head-mounted Display (1)
- Header whitelisting (1)
- Heat Shock Protein (1)
- Hochleistungssport (1)
- Hochschullehre (1)
- Human centered computing (1)
- Human computer interaction (1)
- Human factors (1)
- Hybrid Failure Prognosis (1)
- Hybrid Systems (1)
- Hyperspectral image (1)
- Inductive Logic Programming (1)
- Informationsflüsse (1)
- Informationsgewinnung (1)
- Informationsverarbeitung (1)
- Integer programming (1)
- Intelligent Autonomous Systems (1)
- Intermediaries (1)
- Knowledge Graphs (1)
- Künstliche Intelligenz (1)
- Language learning (1)
- Large high-resolution displays (1)
- Leistungsdiagnostik (1)
- Leistungssport (1)
- Leukemia (1)
- MBZ (1)
- Machine-learning (1)
- Mebendazole (1)
- Memory-Constrained Devices (1)
- Methodik (1)
- Microarchitectural Data Sampling (MDS) (1)
- Mixed (1)
- Model-based Fault Diagnosis (1)
- Modelling (1)
- Molecular dynamics (1)
- Multimodal Microspectroscopy (1)
- NISTPQC (1)
- Natural Language Processing (1)
- OER (1)
- Object detection (1)
- Ontology (1)
- Open Educational Ressources (1)
- Out-of-view Objects (1)
- PDSTSP (1)
- PHR (1)
- Parallel drone scheduling traveling salesman problem (1)
- Password (1)
- Personal Health Record (1)
- Post-Quantum Signatures (1)
- Privacy engineering (1)
- Process Models (1)
- Process views (1)
- Pronunciation (1)
- QoS (1)
- Quality control (1)
- Quantum mechanics (1)
- Radiance caching (1)
- Reflectance modeling (1)
- Registration Refinement (1)
- Risk-based Authentication (1)
- Robot failure diagnosis (1)
- Robot learning (1)
- Robot software (1)
- Robotics competitions (1)
- Robust grasping (1)
- SAML (1)
- SOAP (1)
- SVM (1)
- Secure Coding Practices (1)
- Semantic gap (1)
- Separation algorithm (1)
- Sicherheits-APIs (1)
- Side channel attack (1)
- Signature Verification (1)
- Slippage detection (1)
- Smartphone (1)
- Softwareentwicklung (1)
- Spielanalyse (1)
- Streaming (1)
- Support Vector Machine (1)
- Surrogate-assistance (1)
- Synergetik (1)
- Tautomers (1)
- Touchscreens (1)
- Trainingssteuerung (1)
- Transformers (1)
- Unidirectional thermoplastic composites (1)
- Usable Privacy (1)
- Usable Security and Privacy (1)
- User interface (1)
- Variational Autoencoder (1)
- Virtual Reality (1)
- Virtual reality (1)
- Visual Cueing (1)
- Visual Discrimination (1)
- Visualization design and evaluation methods (1)
- Visualization systems and tools (1)
- Web (1)
- Wettkampfanalyse (1)
- XML Signature (1)
- XML Signature Wrapping (1)
- YAWL (1)
- ZombieLoad (1)
- architectural distortion (1)
- breast cancer (1)
- component based (1)
- convolutional neural networks (1)
- developer centered security (1)
- domain adaptation (1)
- entwicklerzentrierte Sicherheit (1)
- extreme learning machine (1)
- indicators calculation (1)
- information flows (1)
- informational self-determination (1)
- leaning-based interfaces (1)
- learning traces (1)
- locomotion interface (1)
- mebendazole (1)
- mental models (1)
- multi robot systems (1)
- navigational search (1)
- privacy at work (1)
- property-based testing for robots (1)
- reuse of indicators (1)
- security (1)
- security APIs (1)
- simulation-based robot testing (1)
- software development (1)
- spatial orientation (1)
- spatial updating (1)
- trace model (1)
- trace-based system (1)
- transfer learning (1)
- unsupervised learning (1)
- usable privacy controls (1)
- verification and validation of robot action execution (1)
- virtual reality (1)
XML Signature Wrapping (XSW) has been a relevant threat to web services for 15 years until today. Using the Personal Health Record (PHR), which is currently under development in Germany, we investigate a current SOAP-based web services system as a case study. In doing so, we highlight several deficiencies in defending against XSW. Using this real-world contemporary example as motivation, we introduce a guideline for more secure XML signature processing that provides practitioners with easier access to the effective countermeasures identified in the current state of research.
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recommended in the NIST digital identity guidelines, it has so far been used almost exclusively by major online services. This is partly due to a lack of open knowledge and implementations that would allow any service provider to roll out RBA protection to its users. To close this gap, we provide a first in-depth analysis of RBA characteristics in a practical deployment. We observed N=780 users with 247 unique features on a real-world online service for over 1.8 years. Based on our collected data set, we provide (i) a behavior analysis of two RBA implementations that were apparently used by major online services in the wild, (ii) a benchmark of the features to extract a subset that is most suitable for RBA use, (iii) a new feature that has not been used in RBA before, and (iv) factors which have a significant effect on RBA performance. Our results show that RBA needs to be carefully tailored to each online service, as even small configuration adjustments can greatly impact RBA's security and usability properties. We provide insights on the selection of features, their weightings, and the risk classification in order to benefit from RBA after a minimum number of login attempts.
Risk-based authentication (RBA) aims to strengthen password-based authentication rather than replacing it. RBA does this by monitoring and recording additional features during the login process. If feature values at login time differ significantly from those observed before, RBA requests an additional proof of identification. Although RBA is recommended in the NIST digital identity guidelines, it has so far been used almost exclusively by major online services. This is partly due to a lack of open knowledge and implementations that would allow any service provider to roll out RBA protection to its users.
To close this gap, we provide a first in-depth analysis of RBA characteristics in a practical deployment. We observed N=780 users with 247 unique features on a real-world online service for over 1.8 years. Based on our collected data set, we provide (i) a behavior analysis of two RBA implementations that were apparently used by major online services in the wild, (ii) a benchmark of the features to extract a subset that is most suitable for RBA use, (iii) a new feature that has not been used in RBA before, and (iv) factors which have a significant effect on RBA performance. Our results show that RBA needs to be carefully tailored to each online service, as even small configuration adjustments can greatly impact RBA's security and usability properties. We provide insights on the selection of features, their weightings, and the risk classification in order to benefit from RBA after a minimum number of login attempts.
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication against account takeover attacks. Our study on 65 participants shows that users find RBA more usable than two-factor authentication equivalents and more secure than password-only authentication. We identify pitfalls and provide guidelines for putting RBA into practice.
Execution monitoring is essential for robots to detect and respond to failures. Since it is impossible to enumerate all failures for a given task, we learn from successful executions of the task to detect visual anomalies during runtime. Our method learns to predict the motions that occur during the nominal execution of a task, including camera and robot body motion. A probabilistic U-Net architecture is used to learn to predict optical flow, and the robot's kinematics and 3D model are used to model camera and body motion. The errors between the observed and predicted motion are used to calculate an anomaly score. We evaluate our method on a dataset of a robot placing a book on a shelf, which includes anomalies such as falling books, camera occlusions, and robot disturbances. We find that modeling camera and body motion, in addition to the learning-based optical flow prediction, results in an improvement of the area under the receiver operating characteristic curve from 0.752 to 0.804, and the area under the precision-recall curve from 0.467 to 0.549.