2015 GenCyber Cybersecurity Workshop Review of Friday amp Monday Sessions Dr Charles C Tappert Seidenberg School of CSIS Pace University httpcsispaceeductappert What is ID: 333594
Download Presentation The PPT/PDF document "Subtitle" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Subtitle
2015 GenCyber Cybersecurity Workshop
Review of Friday & Monday Sessions
Dr. Charles C. Tappert
Seidenberg School of CSIS, Pace University
http://csis.pace.edu/~ctappert
/
Slide2
What
is Biometrics?
The science of identifying, or verifying the identity of, a person based on physiological or behavioral
characteristics/traitsPhysical traitsFingerprint, Face, Iris
Behavioral traits
Signature/handwriting, Voice
Keyboard and mouse input
Websites and videos
http://www.biometrics.gov/
Biometric SecuritySlide3
Technologies Used in Biometrics
Pattern Recognition (
PhD Course, JPR)
Machine LearningArtificial IntelligenceData Mining
Beer and Diapers
Target Figured Out A Teen Girl Was Pregnant Before Her Father DidSlide4
Pattern Recognition
What is pattern recognition?
The act of taking in raw data and taking an action based on the “category” of the patternWe gain an understanding and appreciation for pattern recognition in the real world – visual scenes, noises, etc.
Human senses: sight, hearing, taste, smell, touch Recognition not an exact match like a passwordSlide5
Pattern Recognition
An Introductory Example
(from Pattern Classification by
Duda
, et al.)
Sorting incoming Fish on a conveyor according to species using optical sensing
Sea bass
Species
SalmonSlide6The following sentence has many spelling errors. Right click on a word to get suggested correct spelling choices.We cant
allign
teh wonds corektly in htis
sentance.On right clicking, most of correct spellings of the words are listed as first choice.Now, type the sentence above with the spelling errors into Microsoft Word.
Many of the misspelled words are almost instantaneously auto-corrected.
Pattern Recognition
Post Processing – for example, OCRSlide7
Traditional Modes of
Person Authentication
Possessions – what you haveKeys, passports, smartcards, etc.
Knowledge – what you knowSecret information: passwords, etc.Biometrics – what you are/doCharacteristics of the human body and human actions that differentiate people from each otherSlide8
Most Common & Other Biometrics
Most Common
Other BiometricsSlide9Universality
every person has the biometric characteristicUniqueness
no two persons have the same biometric characteristicPermanence biometric characteristic invariant over timeCollectability
measurable with a sensing deviceAcceptability user population and public in general should have no strong objections to measuring/collecting the biometric
Attributes Necessary to Make a Biometric PracticalSlide10
Identification versus Verification
Identification
1-of-n
Verification
accept/rejectSlide11Face – Jimmy Carter, Saddam Hussein
Fingerprint
IrisSignatureVoice
Discussed 5 of 6 Most Common BiometricsSlide12
Typical Error RatesSlide13
Biometric Zoo
SheepDominant group, systems perform well for themGoats
Weak distinctive traits, produce many False RejectsLambsEasy to imitate, cause “passive” False Accepts
WolvesGood at imitating, cause “active” False AcceptsChameleonsEasy to imitate and good at imitating othersSlide14
Many Biometric Systems and
Interesting Articles on the Internet
Long-range Iris Recognition
Google Glass Face Recognition
Microsoft's
Age Estimator
KeyTrac
Keystroke Demos
:
passwords, any text
Secret Lock
Michigan State UniversityDNA Generated Face –
NYT science section articleBuilding a Face, and Case, on DNA – March 2015Slide15
Spoofing Biometric Systems
Interesting Articles on the Internet
Crime of the
future – biometric
spoofing
?
Hacker Clones
Fingerprint from
Photograph
Can facial recognition systems be spoofed using high quality video?Slide16
Microsoft’s Age Estimator Ideas
Have the students find photos of famous people and enter the actual and machine-estimated ages into the spreadsheet
For each student in the class have the other students guess the age estimator outcome and enter the
student guesses and the machine-estimated ages into the spreadsheetSlide17
Forgery Quiz Web Application
http://
tempasp.seidenberg.csis/experimentalhandwriting/experimentalhandwriting.htmlWe will try to have our IT support group support this app
Alternatively, we might have a project team redo it using PHP rather than the unsupported ASPSlide18
Flower Recognition App
Interactive Visual System – human assists machine to improve recognition
Early work in 2005, new study currently underway 2015 using smartphone appSlide19
Verizon Funding
–Leigh Anne Clevenger
Reduce UID/Password Dependency
Most people have many UID/Passwords for access
Bank accounts, smartphone/computer, social websites, etc.
Location Component
Near Field Communication (NFC)
Near-field communication uses electromagnetic induction between two loop antennas located within each other's near field
Geofencing
Uses the global positioning system (GPS) or radio frequency identification (RFID) to define geographical boundaries
Biometrics -
Explore several
biometrics for use in this problem areaWho needs passwords? 5 biometric devicesSlide20
Monday –Biometrics
The
science of identifying, or verifying the identity of, a person based on physiological or behavioral characteristics/traits
Physical traitsFingerprint, Face, IrisBehavioral traits
Signature/handwriting, Voice
Computer-user input: keystroke and mouse input, writing linguistic style, semantic content
Websites and videos
http://www.biometrics.gov/
Biometric SecuritySlide21
Importance of
Computer-Input Biometrics
Continual Authentication of Computer Users
U.S. DoD wants to continually authenticate all gov’t computer users, both military and non-military
DARPA Active Authentication Phase 1
2010 and 2012 – authenticate on desktops/laptops
Requirement – detect intruder within minutes
DARPA Active Authentication Phase 2
2013 and 2015 – authenticate on mobile
devices
BehavioSec
Requirement – detect intruder within fraction of
minuteSlide22
Importance of
Computer-Input Biometrics
Continual Authentication of Computer Users
U.S. Higher Education Opportunity Act of 2008
Concerns authentication
of students taking online tests
Universities
are using more online courses
Requires
institutions of higher learning to adopt new identification technologies as they become available
To assure students of record are those accessing the systems and taking the exams in online coursesSlide23Proposal to DARPA Active Authentication
Continual Burst Authentication Strategy
Continual authentication is ongoing verification but with possible interruptions
Whereas continuous authentication would mean without interruption
Burst authentication is verification on a short period of computer inputBursts captured only after pauses
We believe
these to be important concepts
23
EISIC 2012Slide24
Possible Broader Intrusion Detection Plan
Multi-biometric System
Motor control level – keystroke + mouse movementLinguistic level – stylometry (char, word, syntax)
Semantic level – target likely intruder commands
Intruder
Keystroke + Mouse
Stylometry
Motor Control
Level
Linguistic
Level
Semantic
LevelSlide25Three Keystroke Biometric Presentations
Short Numeric Input on Mechanical Keyboards – Ned
BakelmanShort Numeric Input on Smartphone Touchscreens – Mike Coakley
Impaired Users Taking Online Tests on Mechanical Keyboards – Gonzalo PerezAlso discussed mouse movement; and
stylometry on online tests, novels, and Facebook postings25
EISIC 2012Slide26
Project Ideas
List and describe various biometrics, can you think of new ones?
What is the government doing in biometrics?Find interesting Web and news items related to biometrics – e.g., beer and diapers, Target’s pregnant girl, DNA generated face, secret lock, age estimation
Find or go deeper into interesting technologies – e.g., spelling correction, Siri’s voice command systemList and describe the ways people use the usual authentication method of combining
what you have
and
what you know
Investigate the biometric
zoo
Find articles on biometric spoofingSlide27Copyright for Material ReuseCopyright©
2015 Charles Tappert (ctappert@pace.edu),
Pace University. Please properly acknowledge the source for any reuse of the materials as below.Charles Tappert, 2015 GenCyber Cybersecurity Workshop, Pace University
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation. A copy of the license is available at http://www.gnu.org/copyleft/fdl.html. Slide28
Acknowledgment
The authors would like to acknowledge the support from the National Science Foundation under Grant No. 1027400 and from the GenCyber program in the National Security Agency. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation, the National Security Agency or the
U.S. government.
2015
GenCyber
Cybersecurity Workshop