Category: Security

MCAST IICT Presents & Publishes Research

During the international conference ISMS 2018, hosted at the University of Malta, Darren Cilia has presented our research work in typing biometrics on behalf of MCAST IICT. As part of our research, the smartphone application used to gather the data and the dataset itself is being made public on Kaggle and GitHub respectively.

We hope that other researchers will find these contributions useful and look forward to hearing of other new research.

Well done Darren Cilia

After the announcement that our research will be accepted for the ISMS2018, MCAST IICT organized a meeting where the IICT directors thanked and congratulated Darren Cilia for his hard work and achievement.

Darren graduated in December 2017 and will be presenting our research next week at the International Conference on Information Systems and Management Systems 2018 at the University of Malta in Valletta. Today, he delivered a talk to all 1st, 2nd and 3rd year BSc Software and Multimedia students, sharing his experience and motivating them to excel and believe in themselves.

Thanks also go to our directors for their support. I would like to congratulate Darren and say how proud I am of his achievement, hard work, and professionalism.

 

IMG_20180214_130424

M.Sc. Research

In October 2013 I started my M.Sc. in Business Intelligence Systems and Data Mining studies at De Montfort University, and have graduated in July 2016. In this post, I would like to document my final research project: Continuous Passive User Authentication via Typing Heat Maps, part of which has been presented at the ICCE-Berlin 2016 Conference and published as an IEEE Paper.

My research was in Continuous Passive User Authentication via Typing Heat Maps, under the mentorship of Dr. Samad Ahmadi. The aim of this research was to identify whether it is possible to classify the owner of a smartphone via their typing pattern using keystroke dynamics (time interval digraphs) and touch data (position, surface area, slide distance and slide velocity) whilst typing normal text. The rationale for this research was that smartphones are the most commonly used personal devices loaded with personal, corporate and billing data. Yet, sharing practices are very common amongst family members, colleagues and friends which could lead to undesired situations such as children conceding to in-app purchases.

So first I set out to identify a set of terms that a user can type. I came across the work of the late Adam Kilgariff who created a lemmatized list based off from the British National Corpus. This process is documented in this video.

Next, I created a custom mobile keyboard and app which was used to gather a number of keystrokes from 32 different users. This led to the generation of around 32K digraph events. A walkthrough of the mobile app is found in this video. This app was used on two identify smartphones, Samsung S5, and given to 32 different individuals in supervised sessions such as what is documented in the following 3 videos: part 01, part 02, part 03.

DiGraph

The data was then migrated to a PC, cleaned and migrated to a DB. Some exploratory analysis was done then a Multi-Layer Perceptron Neural Network was trained for the classification. The research yielded an accuracy of 96% and a False Alarm Rate of 6% which compares very well with other research. For more detail, you can check my VIVA presentation in this video.

 

Configuring SSL for Apache on OS X Lion using MAMP

Configuring SSL for Apache on OS X Lion using MAMP

After self-signing an SSL certificate for development purposes the Web server needs to be configured appropriately. I found the posting by Dave Kiss to be the best one. Following are the required steps if you used the default MAMP settings:

  1. Backup your configuration files:
    1. Open a terminal window.
    2. Go to the Apache configuration folder:
      cd /Applications/MAMP/conf/apache
    3. Backup the Apache configuration file:
      cp httpd.conf httpd.conf.bak
    4. Backup the SSL configuration file:
      cp extra/httpd-ssl.conf extra/httpd-ssl.conf.bak
  2. Update the Apache configuration file:
    1. Open the configuration file using an editor of your choice:
      nano httpd.conf
    2. Search for the line containing httpd-ssl.conf:
      Press Ctrl-W then type httpd-ssl.conf
    3. Uncomment the line by removing the # from the beginning such that it reads:
      Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf
    4. Save and exit:
      Press Ctrl-X the Y
  3. Copy the server.key and server.crt file to your Apache configuration folder.
  4. Start the servers through the MAMP interface.
  5. Navigate to your site through a browser using https:
    https://localhost
Accept self-signed certificate

N.B. If the apache server fails to start then you have an error in your configuration, make sure you replace the DocumentRoot in your SSL configuration file to match your actual root folder.

N.B. Dave’s post also contains steps to configure Virtual Hosts which I left out for a different posting to be less confusing.

N.B. Dave’s post using git to backup the files, in this post I simply make a copy of the configuration file, if you want to restore the backup simply type: cp httpd.conf.bak httpd.conf or any other file you want to restore.

SSL Certificates

SSL Certificates

At some point any Web Developer would need to secure part of a site and therefore require an SSL certificate. There are different options available depending on the use and here is a short post documenting the various options:

Free for Open Source Projects: Some providers are willing to offer free SSL certificates for open-source projects such as GoDaddy.com, obviously some terms and conditions apply which one must read. More details can be found here.

Free with Hosting Plan: Some Web Hosting providers would include a free SSL certificate if you buy a hosting plan. Generally the offer is for the first year with competitive renewal pricing. Just to name a few: HostColor.com, DomainAvenue.com and HostGator.com

Free SSL Community: A growing community called StartSSL are offering an entry level service for free for basic used and limited warranty which might well satisfy your needs and therefore worth a check.

Comparison Charts: If none of the above suits you then you might have to actually buy an SSL certificate, not before doing the appropriate research. WhichSSL is a dedicated site to aid in the selection of the appropriate certificate authority or SSL vendor to choose with the help of a comparison chart. More comparisons can be found in Wikipedia.org and SSLShopper.com. Your research might also payoff by finding some promotional offers and/or discounts.

Self-Signed Certificates for Development: Well if you need a certificate just for development purposes then you can sign one yourself as shown in my previous post.

Self-Signed SSL Certificate

Self-Signed SSL Certificate

If you are planning on developing or customizing some web systems such as WordPress or Magento, then at one point you will need some security. You might want to sign the SSL certificate yourself. A number of guides exists for this, for Windows Systems I found the one by Shivprasad Koirala to be very intuitive and for Unix systems the one by Heroku and Scott Baker are best. Here are the steps required:

  1. Check that openssl is installed by running the following command in a terminal:
    which openssl
     
  2. If no such file is found then you need to install. Here are the possible installation methods
    1. Mac OSX – Via Homebrew: homebrew install openssl
    2. Windows – Download software package.
    3. Linux (Debian/Ubuntu Variants) – Guide – sudo apt-get install openssl
    4. Linux (RedHat Variants) – Guide – yum install openssl

     

  3. Generate the keys for the Certificate Authority
    openssl genrsa -des3 -out ca.key 4096
    openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
     
  4. Generate the private key for your server
    openssl genrsa -des3 -out server.key 4096
     
  5. Create the certificate signing request to be signed (leave challenge password and organization name empty)
    openssl req -new -key server.key -out server.csr
     
  6. Sign your certificate
    openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
     
  7. Optionally remove the password
     openssl rsa -in server.key -out server.key.nopass

For some documentation about how to use openssl check the official site.

Theme: Overlay by Kaira