Showing papers by "Chris J. Mitchell published in 2011"

Negative Transfer in Human Associative Learning

Abstract: Models of attentional allocation in associative learning are typically structured according to one of two guiding principles: the predictiveness principle, which posits that attention is paid to cues that have reliably predicted an outcome in the past, or the uncertainty principle, which states that attention is paid to cues about which little is known. Both principles are well supported by studies of animals. However, in studies of human learning, there is very little direct empirical support for the uncertainty principle. In the study reported here, we addressed this gap by investigating negative transfer, a phenomenon that may provide unique support for the uncertainty principle. In two human learning experiments using an allergist task, we replicated the primary findings of previous research on animal learning. We believe that these data provide the first direct evidence for the uncertainty principle in human associative learning.

Attention and relative novelty in human perceptual learning.

Abstract: Four experiments examined the role of attention in human perceptual learning. In Experiment 1, participants were preexposed to a pair of visual (checkerboard) stimuli AX and BX, with common elements X and unique features A and B. A same-different task was then used to assess discrimination of AX and BX and a pair of control stimuli, CY and DY. In addition, participants' eye movements were recorded to assess the role of attentional processes. The results showed that preexposure enhanced discrimination between AX and BX. Furthermore, participants showed greater attention to the preexposed unique features A and B than to the novel unique features C and D, as measured by the eye gaze monitor. Experiments 2 and 3 examined the prediction that perceptual learning is due to the relative familiarity of the common and unique stimulus features. Experiment 4 replicated the intermixed-blocked effect and showed that the way in which AX and BX are presented is also important for perceptual learning. The results generally support the idea that intermixed preexposure to AX and BX increases attention to the unique stimulus features A and B. Some aspects of the results are consistent with a relative novelty account, whereas others implicate a high-level attentional process that is not driven by stimulus novelty.

Discriminating between the effects of valence and salience in the Implicit Association Test

Abstract: The Implicit Association Test (IAT) is the most widely used indirect measure of attitudes in social psychology. It has been suggested that artefacts such as salience asymmetries and familiarity can influence performance on the IAT. Chang and Mitchell (2009) proposed that the ease with which IAT stimuli are classified (classification fluency) is the common mechanism underlying both of these factors. In the current study, we investigated the effect of classification fluency on the IAT and trialled a measure—the split IAT—for dissociating between the effects of valence and salience in the IAT. Across six experiments, we examined the relationship between target classification fluency and salience asymmetries in the IAT. In the standard IAT, the more fluently classified target category was, all else being equal, compatible with pleasant attributes over unpleasant attributes. Furthermore, the more fluently classified target category was more easily classified with the more salient attribute category in the spli...

Memory for, and salience of, the unique features of similar stimuli in perceptual learning.

Abstract: In two experiments, participants received exposure to complex checkerboards (e.g., AX and BX) that consisted of small distinctive features (A and B) superimposed on a larger common background (X). Subsequent discrimination between AX and BX, assessed by a same-different task, was facilitated when the stimuli were presented on alternate trials in preexposure--a perceptual learning effect (Experiment 1). The hypothesis that this form of exposure results in more accurate representations of the unique features was supported in Experiment 1, which showed that participants were well able to match the color of the feature with its shape. Experiment 2 showed that exposure to A and B in isolation, intermixed with presentations of AX and BX, enhanced the perceptual learning effect, which confirmed that the better encoding of the unique features during intermixed preexposure is a direct cause of the enhanced discrimination observed following preexposure on this schedule.

Client-Based CardSpace-OpenID Interoperation

Abstract: We propose a novel scheme to provide interoperability between two of the most widely discussed identity management systems, namely CardSpace and OpenID. In this scheme, CardSpace users are able to obtain an assertion token from an OpenID-enabled identity provider, the contents of which can be processed by a CardSpace-enabled relying party. The scheme, based on a browser extension, is transparent to OpenID providers and to the CardSpace identity selector, and only requires minor changes to the operation of the CardSpace relying party.

A universal client-based identity management tool

Abstract: A wide variety of identity management systems have been introduced to improve the security and usability of user authentication; however, password-based authentication remains the dominant technology despite its well known shortcomings. In this paper we describe a client-based identity management tool we call IDSpace, designed to address this problem by providing a single user interface and user experience for user authentication, whilst supporting a range of existing identity management technologies. The goal is to simplify the use of the wide range of existing technologies, helping to encourage their use, whilst imposing no additional burden on existing service providers and identity providers. Operation of IDSpace with certain existing systems is described.

Extending the Scope of cardspace

Abstract: The recently-proposed PassCard scheme enables CardSpace to be used as a password manager, thereby both improving the usability and security of passwords as well as encouraging CardSpace adoption. However, this scheme does not work with sites using HTTPS, seriously limiting its practicality. In this paper we extend PassCard to support sites using both HTTP and HTTPS. Usernames and passwords are stored in CardSpace personal cards, and these cards can be used to sign on transparently to corresponding websites. PassCard does not require any changes to login servers, default browser security settings or to the CardSpace identity selector; in particular, it does not require websites to support CardSpace. PassCard operates with both the CardSpace and the Higgins identity selectors without any modification. We describe how this new version of PassCard operates, and give security and usability analyses.

SSL/TLS session-aware user authentication using a GAA bootstrapped key

Abstract: Most SSL/TLS-based electronic commerce (e-commerce) applications (including Internet banking) are vulnerable to man in the middle attacks. Such attacks arise since users are often unable to authenticate a server effectively, and because user authentication methods are typically decoupled from SSL/TLS session establishment. Cryptographically binding the two authentication procedures together, a process referred to here as SSL/TLS session-aware user authentication (TLS-SA), is a lightweight and effective countermeasure. In this paper we propose a means of implementing TLS-SA using a GAA bootstrapped key. The scheme employs a GAA-enabled user device with a display and an input capability (e.g. a 3G mobile phone) and a GAA-aware server. We describe a simple instantiation of the scheme which makes the password authentication mechanism SSL/TLS session-aware; in addition we describe two possible variants that give security-efficiency trade-offs. Analysis shows that the scheme is effective, secure and scalable. Moreover, the approach fits well to the multi-institution scenario.

Enhancing cardspace authentication using a mobile device

Abstract: In this paper we propose a simple, novel scheme for using a mobile device to enhance CardSpace authentication. During the process of user authentication on a PC using CardSpace, a random and shortlived one-time password is sent to the user's mobile device; this must then be entered into the PC by the user when prompted. The scheme does not require any changes to login servers, the CardSpace identity selector, or to the mobile device itself. We specify the scheme and give details of a proof-of-concept prototype. Security and operational analyses are also provided.

Client-based CardSpace-Shibboleth Interoperation

Abstract: Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a simple, novel scheme to provide interoperability between two of the most widely discussed identity systems, namely CardSpace and Shibboleth. In this scheme, CardSpace users are able to obtain an assertion token from a Shibboleth-enabled identity provider that can be processed by a CardSpace-enabled relying party. We specify the operation of the scheme and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided.

Building general purpose security services on trusted computing

Abstract: The Generic Authentication Architecture (GAA) is a standardised extension to the mobile telephony security infrastructures (including the Universal Mobile Telecommunications System (UMTS) authentication infrastructure) that supports the provision of generic security services to network applications. In this paper we propose one possible means for extending the widespread Trusted Computing security infrastructure using a GAA-like framework. This enables an existing security infrastructure to be used as the basis of a general-purpose authenticated key establishment service in a simple and uniform way, and also provides an opportunity for trusted computing aware third parties to provide novel security services. We also discuss trust issues and possible applications of GAA services.

CardSpace-OpenID Integration for CardSpace Users

Abstract: Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a novel, simple scheme to provide interoperability between two of the most widely discussed identity management systems, namely CardSpace and OpenID. In this scheme, CardSpace users are able to obtain an assertion token from an OpenIDenabled identity provider, the contents of which can be processed by a CardSpace-enabled relying party. The scheme, based on a browser extension, is transparent to OpenID providers and to the CardSpace identity selector, and only requires minor changes to the operation of a CardSpace-enabled relying party. We specify its operation and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided.

New Architectures for Identity Management | Removing Barriers to Adoption ⁄

Abstract: In recent years a large number of identity management systems have been proposed. Unfortunately, although these systems ofier the possibility of signiflcantly improving user security, they have not been widely adopted, typically because the cost of adoption is too high for the involved parties. In this talk we consider the problem of designing identity management systems which ofier security advantages but are yet easy to adopt. This involves designing combinations of security protocols and client machine software architectures that support secure identity management protocols in ways that ofier simple and low cost migration paths. We describe a client-based identity management tool we call IDSpace, designed to be easy to adopt, and which provides a single user interface and user experience for user authentication, whilst supporting a range of existing identity management technologies. Operation of IDSpace with certain existing systems is described.

Privacy in Identity & Access Management systems

Abstract: This chapter surveys the approaches for addressing privacy in open identity and access management systems that have been taken by a number of current systems. The chapter begins by listing important privacy requirements and discusses how three systems that are being incrementally deployed in the Internet, namely SAML 2.0, CardSpace, and eID, address these requirements. Subsequently, the findings of recent European research projects in the area of privacy for I&AM systems are discussed. Finally, the approach taken to address the identified privacy requirements by ongoing projects is described at a high level. The overall goal of this chapter is to provide the reader with an overview of the diversity of privacy issues and techniques in the context of I&AM.

Using CardSpace as a Password-based Single Sign-on System

Abstract: In this paper we propose a simple scheme that allows Card-Space to be used as a password-based single sign-on system, thereby both improving the usability and security of passwords as well as encouraging CardSpace adoption. We describe three related approaches to achieving password-based single sign-on using CardSpace. In each case users are able to store their credentials for a set of websites in a personal card, and use it to seamlessly single sign on to all these websites. The approaches do not require any changes to login servers or to the CardSpace identity selector and, in particular, they do not require websites to support CardSpace. We also describe three proof-of-concept prototypes and give usability, security and performance analyses.