Towards New Security Paradigms for User Authentication and Traffic Inspection: Harnessing Implicit Mistakes and Auditory Sense

迈向用户身份验证和流量检查的新安全范式：利用隐式错误和听觉

• 批准号: 312183-2013
• 负责人: VargasMartin, Miguel
• 金额: $ 1.09万
• 依托单位: University of Ontario Institute of Technology
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2015
• 资助国家: 加拿大
• 起止时间: 2015-01-01 至 2016-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=571704
• 关键词: Towards; New; Security; Paradigms; User

This research program studies two new security paradigms that exploit the human mind via implicit cognition and the auditory sense to cope with known, emerging, and perhaps unforeseen attacks on computer systems. One paradigm deals with user authentication based on implicit mistakes and the other one with audio inspection of network traffic. Typically, authentication relies on something the user knows, has, is, or does, such as a password, access card, fingerprints, or voice, respectively. This research program studies a novel authentication mechanism that relies on the user's unconscious distinctive mistakes which we call "implicit mistakes" to match terminology in cognitive psychology. Over the past decades, a number of researchers in cognitive psychology have reported on experiments that tap into a person's unconscious, while in recent years some companies have adopted electroencephalogram (EEG) technology into commercial mind reader devices that ship with diverse applications and provide development software kits and online stores to facilitate the production and distribution of software. Dr. Vargas Martin proposed the idea of implicit cognition authentication in 2010, marking the beginning of an upsurge of authentication proposals leveraging EEG devices and advances in cognitive psychology. With regards to traffic inspection, Vargas Martin works on appropriate techniques to harness music theory to sonificate features of network traffic that are indicative of intrusions. In particular, this research program tests the effectiveness of music harmony to convey information about the activity in a network, server, or a simple computer. A key aspect of this approach is the identification and effective interpretation of features that, when used as aggregates can convey meaningful information to a human being. The possibilities are vast, both in terms of the feature extraction techniques, and in terms of musical sound generation.

这个研究项目研究了两种新的安全范式，通过内隐认知和听觉来利用人类的思维来应对已知的、正在出现的、也许是不可预见的对计算机系统的攻击。一种范式处理基于隐式错误的用户认证，另一种范式处理网络流量的音频检查。