The Office for the Advancement of Research, as part of our Public Scholarship Initiative, actively solicits blog entries from John Jay faculty, staff, and external scholars working on issues of key contemporary and historical significance. We promote these entries on social media, including Facebook and Twitter, as well as within the university through a partnership with our Marketing and Development Office. If you wish to contribute an entry, please contact Research Communications Manager Rachel Friedman at email@example.com with a brief (1-2 sentence) summary of your proposed entry.
Have you ever been faced with a photo grid and asked to click on every traffic light to prove you weren’t a robot before your could access your email or bank? A recent proposal by Dr. Muath Obaidat, an Assistant Professor in John Jay College’s Department of Mathematics and Computer Science, could prevent you from having to go through that ever again.
Along with co-authors including his student Joseph Brown (a 2020 graduate who earlier this year was awarded John Jay’s Ruth S. Lefkowitz Mathematics Prize), Dr. Obaidat makes the case for a new way of authenticating user information that would make logging into websites more secure without overcomplicating the system. He calls it “a step forward” both technically and logistically, as the proposed authentication system is both technically more secure and easier to deploy commercially than previous proposals. So while Obaidat’s research may seem complicated, the solution he proposes in “A Hybrid Dynamic Encryption Scheme for Multi-Factor Verification: A Novel Paradigm for Remote Authentication” (Sensors, July 2020) is not just theoretical.
(To read the full text of the article for free, visit https://www.mdpi.com/1424-8220/20/15/4212/htm)
Read on for a Q&A with Dr. Muath Obaidat:
Can you describe the most common risks of the typical username/password authentication model most of us are using today?
The most common risk in current authentication models is the lack of presentation of actual proof of identity, especially during communications. Since the majority of websites use static usernames and passwords that do not change between sessions, if an attacker can get ahold of a login — whether by guessing or through more technical means — there is no further mechanism or nuance in design to actually stop them from using stolen data to imitate a user. While 2FA (Two Factor Authentication) has risen in popularity as a mitigation for this problem, both published papers from the National Institute of Standards and Technology (NIST) as well as high profile public hacks have shown this to be insufficient by itself, because of attacks which focus on manipulating or stealing data rather than simply brute-forcing (working through all possible combinations through trial-and-error to crack a passcode).
Can you explain how your proposed method works to authenticate a session?
The simplest way to explain how this form of authentication works is to imagine you had a key split into two halves; the client has a half, and the server has a half. But instead of just sending the half of the key you have, you’re sending the blueprint for said key half, which can only be reconstructed given the other half. This blueprint changes slightly each time you log in, but is still derivative of the other “whole” key.
Only two people have the respective halves: the client and the server. These halves are derivative of data which is itself derived from an original input. Thus, as long as you can produce something from the front-end that creates one input, even though this input is never sent, it can be integrated with this system. Think of that as the “mold” from which the key is derived, and then the blueprint is shifted on both ends according to the original mold.
How does your proposed scheme differ from others that have been in use or proposed previously?
What sets it apart is both the flexibility of the design as well as the range of problems it attempts to fix at one time. Many other schemes we studied were focused on fixing one problem: typically [they focused on] brute-forcing, which manifested in the form of padding “front-end” or “back-end” parts of a scheme without giving much thought to the actual transmission of data itself. Our scheme, on the other hand, is focused on protecting that transmitted data, while also being sure not to introduce additional weaknesses on either end of the communication.
Another big issue we often ran into with other schemes is design flexibility; many were either unrealistic to implement en masse, or were so specific that they pigeonholed themselves into a scenario where they could not be combined with other communication systems or improvements to other architectural traits. Our scheme is flexible in terms of architectural integration — for example, it uses the same simple Client-Server framework without introducing third parties or other nodes — and the overall design is both simplistic in terms of implementation and highly adaptable.
What is it that has prevented many newly-proposed authentication schemes from being implemented more broadly?
While it depends on the scheme in question, there are typically three factors that are preventative to implementation: user accessibility, deployment complications, and degree of benefit. The first isn’t really technical, but relates more to consumer factors. Many schemes simply are not widely implementable on a consumer level; not only because of aspects such as speed, but also because of logistics. Having a user go through a complicated process each time they want to log into a website isn’t very practical, especially if you’re selling a product where convenience is a factor, hence why some schemes don’t catch on despite being technically sound.
Deployment complications, on the other hand, would be related to things such as how to replace current infrastructure with new infrastructure; many schemes significantly stagger architectures or are high specific and complex to actually deploy. These complications act as a deterrent to those who may want to implement them. Lastly, degree of benefit is a big factor too. Given how ubiquitous current paradigms are, simply improving one aspect in exchange for the implementation of a widely different system is a very big ask. Implementation takes time, as does adoption on a wide scale, so unless the benefit is [significant enough to merit departing from] current paradigms, it’s unlikely many would want to explore “unproven” adoptions.
How would a new authentication method go from being theoretical to being widely adopted? In other words, by what process is this type of new technology adopted, and who is responsible for its uptake?
That’s a good question, and I do not think there is a singular answer unfortunately. Especially because of the decentralization of the internet, it’s hard to give a specific answer on what this would look like in practice. As the internet has been more consolidated under specific companies, I suppose one answer to this would be that bigger companies would have to take an interest in implementation and take action themselves to create a ripple effect. This is distinct from the past, when collective normalization of technology was bottom-up because of more decentralized standards.
Dr. Muath Obaidat is an Assistant Professor of Computer Science and Information Security at John Jay College of Criminal Justice of the City University of New York and a member of the Center for Cybercrime Studies, Graduate Faculty in the Master of Science Digital Forensics and Cyber Security program and Doctoral faculty of the Computer Science Department at the Graduate School and University Center of CUNY.
He has numerous scientific article publications in journals and respected conference proceedings. His research interests lie in the area of digital forensics, ubiquitous Internet of Things (IoT) security and privacy. His recent research crosscuts the areas wireless network protocols, cloud computing and security.
Victoria Bond is a lecturer in John Jay College of Criminal Justice’s English Department, and the co-author with T. R. Simon of a series of young adult novels inspired by the childhood of American literary icon Zora Neale Hurston. The Zora and Me trilogy fictionalizes a young Zora as what The New York Times calls a “girl detective,” living in Hurston’s real-life hometown of Eatonville, Florida. Through the use of tropes from mystery and horror, the books explore community, and the fragility of justice for Black people.
In the first novel, Zora and Me, stories about a shape-shifter lead Zora and her best friend Carrie (the narrator) to solve a murder mystery. The second novel of the series, The Cursed Ground, sees Carrie and Zora learning more about the dark, unforgiveable history of slavery from a ghost. And in Bond’s latest and final novel, Zora and Me: The Summoner, Eatonville experiences upheaval that causes Zora’s family to seek their fortunes elsewhere. The use of zombies in this book, Bond says, is a way to explore the exploitation and trauma of African American lives.
Each installment of the trilogy may incorporate dark, scary elements, but, according to Kirkus Reviews, the brilliance of the novels is that they are able to render African American children’s lives during the Jim Crow era as “a time of wonder and imagination, while also attending to their harsh realities.”
Zora Neale Hurston was born in Alabama in 1891 and published several novels and many short stories, plays and essays, although she is best known for her classic Harlem Renaissance novel, Their Eyes Were Watching God. Zora and Me was the first novel not written by Hurston herself that has been endorsed by the Zora Neale Hurston Trust, founded in 2002. To bring the real Zora’s experiences in her hometown of Eatonville, Florida, to life, Bond and Simon researched Hurston’s life extensively by reading her biographies and her 1942 autobiography, Dust Tracks on a Road. They sought to create a story right for young adult readers that was true to the historical period in which it takes place, and which features a smart, spirited Black girl with a vivid imagination, ready to inspire other girls.
Zora and Me: The Summoner is forthcoming from Candlewick Press on October 13, 2020, and available for preorder now. To learn more about Zora Neale Hurston from author Vicky Bond, watch her in this short video on YouTube. Or to learn more about the experience of writing a novel during these uniquely difficult times, read this post from the author.
There is no question that the fashion industry causes great harm to the environment. The industry’s faddish nature, combined with the overproduction of low-cost, low-quality pieces, is designed to encourage overconsumption. Production of fast fashion garments eats up precious resources, like clean water and old-growth forests, and discarded clothing can sit in landfills for hundreds of years, thanks to synthetic materials used in construction.
According to scholars Monique Sosnowski—a Ph.D. candidate in criminal justice at the CUNY Graduate Center—and John Jay Assistant Professor of Criminal Justice Dr. Gohar Petrossian, pollution is not the fashion industry’s only crime. In a new article, they investigated what species were being utilized for the fashion industry, which is worth over $100 billion globally, in order to better understand the damage the industry causes to wildlife and wild places.
Sosnowski and Petrossian looked at items imported by the luxury fashion industry and seized at U.S. borders by regulatory agencies between 2003 and 2013. Their study found that, during that decade, more than 5,600 items incorporating elements illegally derived from protected animal species were seized. The most common wildlife product was reptile skin—from monitor lizards, pythons, and alligators, for the most part—and 58% of confiscated items came from wild-caught species. The authors also found that around 75% of seizures were of products coming from just six countries: Italy, France, Switzerland, Singapore, China and Hong Kong. The heavy involvement of the European countries was unexpected, according to Dr. Petrossian, because they are key players in fashion design and production but “don’t generally come up in broader discussions on wildlife trafficking.”
THE SCIENCE OF WILDLIFE CRIME
The paper applied “crime science, a body of criminological theories that focus on the crime event rather than ‘criminal dispositions,’ to understand and explain crime. The overarching assumption is that crime is an opportunity, and it is highly concentrated in time, as well as across place, among offenders, and victims,” says Dr. Petrossian. Their scientific approach enabled the authors to analyze patterns and concentrations in wildlife crime, which Sosnowski notes is among the four most profitable illegal trades.
“We are currently living in an era that has been coined the ‘sixth mass extinction,’” she says. “It is crucial that we understand the impact that humans are having on wildlife, from habitat loss to the removal of species from global environments. Fashion is one of the major industries consuming wildlife products.”
A background in wildlife conservation, including unique experiences like responding to poaching incidents in Botswana and rehabilitating trafficked cheetahs in Namibia, led Monique Sosnowski to a Ph.D. in criminology; she wanted to move beyond a more traditional conservation-informed approach to address what she’d seen in the field. Working with Dr. Petrossian on a series of studies applying crime science to wildlife crimes has given her a broader view of the effects of wildlife-related crime on global ecosystems.
CREATING SOLUTIONS, SAVING WILDLIFE
Why is it important to understand what species are most commonly used in luxury fashion products, and where they are coming from? A study like this one provides information about trends that policymakers can use to strengthen or focus enforcement and inform better understanding of the issues. Sosnowski calls this “the key to devising more effective prevention policies.”
Currently, global regulation of the trade in wildlife products, including leather, fur, and reptile skin that come from species both protected and not, is the province of the Convention on International Trade in Endangered Species (CITES); this treaty aims to ensure that international trade in wild animals and plants does not threaten their survival. But the treaty is limited in scope.
“Given the prevalence of exotic leather and fur in fashion, we believe CITES and other regulatory bodies should enact policies on its use and sustainability in order to protect wild populations, the welfare of farmed and bred populations, and the sustainability of the fashion industry,” Sosnowski says.
Consumers also have a role to play. “We are all led to believe that products found on the shelves are legal, but as this study has demonstrated, that isn’t always the case. Consumers of these products are the ones who have the power to change the behaviors of a $100 billion industry. We need to ask questions about where our products were sourced, and respond accordingly.”
Summarized from EcoHealth, Luxury Fashion Wildlife Contraband in the USA, by Monique C. Sosnowski (John Jay College, City University of New York) and Gohar A. Petrossian (John Jay College, City University of New York). Copyright 2020 EcoHealth Alliance.
Although it may seem obvious, the basic question of fairness is of huge concern to those interested in reforming our nation’s criminal justice system. This is especially important in the courtroom. “The administration of justice,” says John Jay constitutional law professor Gloria Browne-Marshall, “is supposed to be done as equally under the law as possible.” That’s the concept of due process.
But the system doesn’t always work fairly. “Mass incarceration … is unfortunately disproportionately shouldered by people of color,” said Browne-Marshall. So how do we change things to ensure equitable outcomes?
Behind the scenes, a host of scholars at John Jay College are leading the charge to develop findings, share knowledge, and train officers of the court to promote courtroom practices that are more impartial and lead to real justice. Read on to be introduced to these scholars, or read the full feature article on pages 16-17 of this year’s Impact research magazine.
Taking Better Testimony
Young or old, witnesses can be unreliable. “The most important finding is that memory is malleable and reconstructive, rather than an exact replica of any given event,” said Deryn Strange, a professor of psychology. Adult memories, especially when recounting traumatic experiences, can change over time and with the introduction of new information. Memories may incorporate intrusive thoughts, or even warp to include what the individual wishes she did differently.
Strange, who not only does research on memory but also educates courtroom officials, believes that whenever someone’s memory is on trial, judges, juries and lawyers all need to understand the power and limitations of human memory. Otherwise, decisions of guilt or innocence may very well be incorrect and unjust.
Kelly McWilliams, an assistant professor in psychology, focuses her research on children in the witness box, specifically how they use and understand language, and experience memory. Children’s memories are more limited than adults’, and they are susceptible to the introduction of false memories through questioning. Gaining helpful testimony from young witnesses depends more on the questions asked than on their abilities.
McWilliams’s research builds on recommendations from the National Institute of Child Health and Human Development — like asking open-ended questions, using general prompts, and more. McWilliams tests new modes of questioning to gather details children might not share in response to an open-ended question, which may be necessary for charging decisions or establishing credibility. “These are practices that take into account what kids are capable of doing and what we should and shouldn’t be asking them to do as witnesses,” she says.
Understanding the Science
Courtroom participants — attorneys, judges, and jurors alike — can often use help determining which pieces of scientific evidence are credible. Margaret Bull Kovera, a social psychologist by training, has researched this issue for two decades.
Evidence like repressed memories and bite analysis, and even fingerprint evidence, lack a solid basis in science. However, they often make their way into evidence, accompanied by expert witnesses, and parties to a trial may not know enough to challenge them. As a result, “they make decisions that are really not borne out by the evidence, if one were evaluating it properly,” says Kovera.
Kovera’s research is working toward a set of safeguards that contribute to better decision-making. The most promising method is simply to highlight flaws in the evidence during cross examination — something that attorneys can be trained to do — or opposing experts can help provide context. In the end, procedure that relies on solid science helps result in fairer justice.
Open to Interpretation
The quest for fairness doesn’t end at conviction. Post-incarceration, language access is an important part of accessing necessary services and treatment in prison. According to Aída Martínez-Gómez, an associate professor of legal translation and interpreting, incarcerated people who don’t speak the official language of the institution where they are being held face a number of roadblocks. It’s harder for incarcerated people to navigate forms, requests, and services without translated materials. But she says there are promising solutions.
Martínez-Gómez advocates most strongly for nonprofessional interpreting services — or services provided by incarcerated peers. In one example from her work, the practice “not only contributed to overcoming the language barrier in the prison, but also to specific rehabilitation goals and potential job opportunities” once the individual’s sentence ended.
In the end, creating a fairer system means using empirical evidence to apply justice accurately and equally in the courtroom and beyond, and to avoid administering justice in arbitrary, capricious, or discriminatory ways. Though these studies can’t solve every inequality, small changes in process and better education of the parties involved can move the needle on basic fairness.
For the full feature, please visit the John Jay Faculty and Staff Research page to read the whole magazine in PDF form!