Showing papers by "Chris J. Mitchell published in 2016"
TL;DR: The automatic influence of learning on attention does not appear to fit the traditional view of attention as being either goal-directed or stimulus-driven, and suggests a new kind of “derived” attention.
Abstract: This article presents a comprehensive survey of research concerning interactions between associative learning and attention in humans. Four main findings are described. First, attention is biased toward stimuli that predict their consequences reliably (learned predictiveness). This finding is consistent with the approach taken by Mackintosh (1975) in his attentional model of associative learning in nonhuman animals. Second, the strength of this attentional bias is modulated by the value of the outcome (learned value). That is, predictors of high-value outcomes receive especially high levels of attention. Third, the related but opposing idea that uncertainty may result in increased attention to stimuli (Pearce & Hall, 1980), receives less support. This suggests that hybrid models of associative learning, incorporating the mechanisms of both the Mackintosh and Pearce-Hall theories, may not be required to explain data from human participants. Rather, a simpler model, in which attention to stimuli is determined by how strongly they are associated with significant outcomes, goes a long way to account for the data on human attentional learning. The last main finding, and an exciting area for future research and theorizing, is that learned predictiveness and learned value modulate both deliberate attentional focus, and more automatic attentional capture. The automatic influence of learning on attention does not appear to fit the traditional view of attention as being either goal-directed or stimulus-driven. Rather, it suggests a new kind of “derived” attention.
232 citations
07 Jul 2016
TL;DR: A large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites supporting it, reveals widespread serious vulnerabilities, many allowing an attacker to log in to an RP website as a victim user.
Abstract: Many millions of users routinely use Google to log ini¾?to relying party RP websites supporting Google's OpenID Connect service. OpenID Connect builds an identity layer on top of the OAuth 2.0 protocol, which has itself been widely adopted to support identity management. OpenID Connect allows an RP to obtain authentication assurances regarding an end user. A number of authors have analysed OAuth 2.0 security, but whether OpenID Connect is secure in practice remains an open question. We report on a large-scale practical study of Google's implementation of OpenID Connect, involving forensic examination of 103 RP websites supporting it. Our study reveals widespread serious vulnerabilities of a number of types, many allowing an attacker to log ini¾?to an RP website as a victim user. These issues appear to be caused by a combination of Google's design of its OpenID Connect service and RP developers making design decisions sacrificing security for ease of implementation. We give practical recommendations for both RPs and OPs to help improve the security of real world OpenID Connect systems.
50 citations
TL;DR: The margin of safety for two-key triple DES is slim, and efforts to replace it, at least with its three-key variant, and preferably with a more modern cipher such as AES should be pursued with some urgency.
Abstract: This paper reconsiders the security offered by two-key triple DES, an encryption technique that remains widely used despite recently being de-standardised by NIST. A generalization of the 1990 van Oorschot–Wiener attack is described, constituting the first advance in cryptanalysis of two-key triple DES since 1990. We give further attack enhancements that together imply that the widely used estimate that two-key triple DES provides 80 bits of security can no longer be regarded as conservative; the widely stated assertion that the scheme is secure as long as the key is changed regularly is also challenged. The main conclusion is that, whilst not completely broken, the margin of safety for two-key triple DES is slim, and efforts to replace it, at least with its three-key variant, and preferably with a more modern cipher such as AES, should be pursued with some urgency.
33 citations
TL;DR: The results suggest that cue-elicited response selection is mediated by a propositional belief regarding the efficacy of the response–outcome relationship, rather than an automatic ideomotor mechanism.
Abstract: Two experiments examined the role of propositional and automatic (ideomotor) processes in cue-elicited responding for rewarding outcomes (beer and chocolate). In a training phase, participants earned either chocolate or beer points by making one of two button-press responses. Rewards were indicated by the presentation of chocolate and beer pictures. On test, each trial began with a picture of beer or chocolate, or a blank screen, and choice of the beer versus chocolate response was assessed in the presence of these three pictures. Participants tended to choose the beer and chocolate response in the presence of the beer and chocolate pictures, respectively. In Experiment 1, instructions signalling that the pictures did not indicate which response would be rewarded significantly reduced the priming effect. In Experiment 2, instructions indicating that the pictures signified which response would not be rewarded resulted in a reversed priming effect. Finally, in both experiments, the priming effect correlated...
26 citations
TL;DR: This study characterized the lncRNAs in human primary monocytes and provided a landscape of lnc RNAs in monocytes, which could facilitate future experimental studies to characterize the functions of these molecules in the innate immune system.
25 citations
TL;DR: PyQuant is a flexible mass spectrometry data quantification platform that is capable of interfacing with a variety of existing formats and is highly customizable, which permits easy configuration for custom analysis.
24 citations
Posted Content•
TL;DR: A generalisation of the 1990 van Oorschot-Wiener attack is described in this article, constituting the first advance in cryptanalysis of 2-key triple DES since 1990.
Abstract: This paper reconsiders the security offered by 2-key triple DES, an encryption technique that remains widely used despite recently being de-standardised by NIST. A generalisation of the 1990 van Oorschot-Wiener attack is described, constituting the first advance in cryptanalysis of 2-key triple DES since 1990. We give further attack enhancements that together imply that the widely used estimate that 2-key triple DES provides 80 bits of security can no longer be regarded as conservative; the widely stated assertion that the scheme is secure as long as the key is changed regularly is also challenged. The main conclusion is that, whilst not completely broken, the margin of safety for 2-key triple DES is slim, and efforts to replace it, at least with its 3-key variant, should be pursued with some urgency.
17 citations
TL;DR: A knockout of ptp‐3 is used to circumvent the inability to knockout multiple members of the LAR family in mouse models and is suggestive of pTP‐3 as a potential negative regulator of several kinase families, such as the mitogen activated kinases (MAPKs), and multiple tyrosine kinases including FER, MET, and NTRK2.
13 citations
26 Sep 2016
TL;DR: In this paper, the authors propose a general model for password generators that generate site-specific passwords on demand, and critically examine options for instantiating it and propose a new scheme, AutoPass, intended to incorporate the best features of the prior art while addressing many of the shortcomings of existing systems.
Abstract: Password generators that generate site-specific passwords on demand are an alternative to password managers. Over the last 15 years a range of such systems have been described. We propose the first general model for such systems, and critically examine options for instantiating it. The model enables an objective assessment of the design of such systems; it has also been used to sketch a possible new scheme, AutoPass, intended to incorporate the best features of the prior art while addressing many of the shortcomings of existing systems.
6 citations
TL;DR: The results suggest that familiarity of the relationship between stimuli and their context, not simply familiarity ofThe stimuli themselves, leads to liking, which supports a broader framework that suggests that liking is partly a function of the consistency between past and present experiences with a target stimulus.
Abstract: Recent evidence suggests that increased liking of exposed stimuli—a phenomenon known as the mere exposure effect—is dependent on experiencing the stimuli in the same context at exposure and test. Three experiments extended this work by examining the effect of presenting target stimuli in single and multiple exposure contexts. Target face stimuli were repeatedly paired with nonsense words, which took the role of contexts, across exposure. On test, the mere exposure effect was found only when the target face stimuli were presented with nonsense word cues (contexts) with which they had been repeatedly paired. The mere exposure effect was eliminated when exposure to target face stimuli with the nonsense word cues (contexts) was minimal, despite the overall number of exposures to the target face being equated across single- and multiple-context exposure conditions. The results suggest that familiarity of the relationship between stimuli and their context, not simply familiarity of the stimuli themselves, leads...
5 citations
Posted Content•
TL;DR: The first general model for password generators that generate site-specific passwords on demand is proposed, and a possible new scheme, AutoPass, is sketched to incorporate the best features of the prior art while addressing many of the shortcomings of existing systems.
Abstract: This paper considers password generators, i.e. systems designed to generate site-specific passwords on demand. Such systems are an alternative to password managers. Over the last 15 years a range of password generator systems have been described. This paper proposes the first general model for such systems, and critically examines options for instantiating this model; options considered include all those previously proposed as part of existing schemes as well as certain novel possibilities. The model enables a more objective and high-level assessment of the design of such systems; it has also been used to sketch a possible new scheme, AutoPass, intended to incorporate the best features of the prior art whilst also addressing many of the most serious shortcomings of existing systems through the inclusion of novel features.
26 Sep 2016
TL;DR: In this paper, the authors propose a modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs.
Abstract: As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal explicitly designed to enhance GSM authentication that could be deployed without modifying any of the existing network infrastructure.
30 Jun 2016
TL;DR: A series of challenges that face effective standardisation of cryptographic techniques are discussed, primarily focussing on experience within ISO/IEC JTC 1/SC 27/WG 2, the international standards committee responsible for developing standards for cryptographic methods.
Abstract: A series of challenges that face effective standardisation of cryptographic techniques are discussed. In many cases these challenges are illustrated with case studies, primarily focussing on experience within ISO/IEC JTC 1/SC 27/WG 2, the international standards committee responsible for developing standards for cryptographic methods. Priorities for improving the effectiveness of the standards-making process are also highlighted.
Posted Content•
TL;DR: This paper proposes a novel modification to the relationship between a Subscriber Identity Module and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs.
Abstract: As has been widely discussed, the GSM mobile telephony system only offers unilateral authentication of the mobile phone to the network; this limitation permits a range of attacks. While adding support for mutual authentication would be highly beneficial, changing the way GSM serving networks operate is not practical. This paper proposes a novel modification to the relationship between a Subscriber Identity Module (SIM) and its home network which allows mutual authentication without changing any of the existing mobile infrastructure, including the phones; the only necessary changes are to the authentication centres and the SIMs. This enhancement, which could be deployed piecemeal in a completely transparent way, not only addresses a number of serious vulnerabilities in GSM but is also the first proposal for enhancing GSM authentication that possesses such transparency properties.