Towards New Security Paradigms for User Authentication and Traffic Inspection: Harnessing Implicit Mistakes and Auditory Sense

迈向用户身份验证和流量检查的新安全范式：利用隐式错误和听觉

• 批准号: 312183-2013
• 负责人: VargasMartin, Miguel
• 金额: $ 1.09万
• 依托单位: University of Ontario Institute of Technology
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2015
• 资助国家: 加拿大
• 起止时间: 2015-01-01 至 2016-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=571704
• 关键词: Towards; New; Security; Paradigms; User

This research program studies two new security paradigms that exploit the human mind via implicit cognition and the auditory sense to cope with known, emerging, and perhaps unforeseen attacks on computer systems. One paradigm deals with user authentication based on implicit mistakes and the other one with audio inspection of network traffic. Typically, authentication relies on something the user knows, has, is, or does, such as a password, access card, fingerprints, or voice, respectively. This research program studies a novel authentication mechanism that relies on the user's unconscious distinctive mistakes which we call "implicit mistakes" to match terminology in cognitive psychology. Over the past decades, a number of researchers in cognitive psychology have reported on experiments that tap into a person's unconscious, while in recent years some companies have adopted electroencephalogram (EEG) technology into commercial mind reader devices that ship with diverse applications and provide development software kits and online stores to facilitate the production and distribution of software. Dr. Vargas Martin proposed the idea of implicit cognition authentication in 2010, marking the beginning of an upsurge of authentication proposals leveraging EEG devices and advances in cognitive psychology. With regards to traffic inspection, Vargas Martin works on appropriate techniques to harness music theory to sonificate features of network traffic that are indicative of intrusions. In particular, this research program tests the effectiveness of music harmony to convey information about the activity in a network, server, or a simple computer. A key aspect of this approach is the identification and effective interpretation of features that, when used as aggregates can convey meaningful information to a human being. The possibilities are vast, both in terms of the feature extraction techniques, and in terms of musical sound generation.

该研究计划研究两种新的安全范式，通过内隐认知和听觉来利用人类思维来科普对计算机系统的已知，新兴和可能无法预见的攻击。一种范式处理基于隐式错误的用户身份验证，另一种范式处理网络流量的音频检查。 通常，身份验证依赖于用户知道、拥有、是或做的事情，例如密码、访问卡、指纹或语音。本研究计划研究一种新的认证机制，该机制依赖于用户无意识的独特错误，我们称之为“隐式错误”，以匹配认知心理学中的术语。在过去的几十年里，许多认知心理学的研究人员报道了利用人的无意识进行实验的情况，而近年来，一些公司已经将脑电图（EEG）技术应用于商业读心仪设备，这些设备具有不同的应用程序，并提供开发软件套件和在线商店，以促进软件的生产和分销。Vargas Martin博士在2010年提出了隐式认知认证的想法，标志着利用EEG设备和认知心理学进步的认证提案热潮的开始。 关于流量检测，Vargas Martin致力于适当的技术，利用音乐理论来发声网络流量的特征，这些特征表明入侵。特别是，这项研究计划测试音乐和谐的有效性，以传达有关网络，服务器或简单计算机中活动的信息。这种方法的一个关键方面是识别和有效解释的功能，当用作聚合可以传达有意义的信息给人类。无论是在特征提取技术方面，还是在音乐声音生成方面，可能性都是巨大的。