Towards New Security Paradigms for User Authentication and Traffic Inspection: Harnessing Implicit Mistakes and Auditory Sense

迈向用户身份验证和流量检查的新安全范式：利用隐式错误和听觉

• 批准号: 312183-2013
• 负责人: VargasMartin, Miguel
• 金额: $ 1.09万
• 依托单位: University of Ontario Institute of Technology
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2017
• 资助国家: 加拿大
• 起止时间: 2017-01-01 至 2018-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=634364
• 关键词: Towards; New; Security; Paradigms; User

This research program studies two new security paradigms that exploit the human mind via implicit cognition and the auditory sense to cope with known, emerging, and perhaps unforeseen attacks on computer systems. One paradigm deals with user authentication based on implicit mistakes and the other one with audio inspection of network traffic. Typically, authentication relies on something the user knows, has, is, or does, such as a password, access card, fingerprints, or voice, respectively. This research program studies a novel authentication mechanism that relies on the user's unconscious distinctive mistakes which we call "implicit mistakes" to match terminology in cognitive psychology. Over the past decades, a number of researchers in cognitive psychology have reported on experiments that tap into a person's unconscious, while in recent years some companies have adopted electroencephalogram (EEG) technology into commercial mind reader devices that ship with diverse applications and provide development software kits and online stores to facilitate the production and distribution of software. Dr. Vargas Martin proposed the idea of implicit cognition authentication in 2010, marking the beginning of an upsurge of authentication proposals leveraging EEG devices and advances in cognitive psychology. With regards to traffic inspection, Vargas Martin works on appropriate techniques to harness music theory to sonificate features of network traffic that are indicative of intrusions. In particular, this research program tests the effectiveness of music harmony to convey information about the activity in a network, server, or a simple computer. A key aspect of this approach is the identification and effective interpretation of features that, when used as aggregates can convey meaningful information to a human being. The possibilities are vast, both in terms of the feature extraction techniques, and in terms of musical sound generation.

该研究计划研究了两个新的安全范式，这些范式通过隐式认知和听觉意义来利用人类的思想，以应对已知的，新兴的以及可能对计算机系统的攻击。一个范式根据隐式错误处理用户身份验证，另一个范式通过对网络流量进行音频检查。通常，身份验证分别依赖于用户知道，具有，IS或做的事物，例如密码，访问卡，指纹或语音。该研究计划研究了一种新颖的身份验证机制，该机制依赖于用户的无意识独特错误，我们称之为“隐性错误”以匹配认知心理学中的术语。在过去的几十年中，许多认知心理学的研究人员报告了一些实验，这些实验会涉足一个人的无意识，而近年来，一些公司已将脑电图（EEG）技术采用了具有多种应用程序的商业思维读取器设备，这些设备运送了不同的应用程序，并提供了开发软件套件和在线商店和在线商店，以促进软件的生产和分配。瓦尔加斯·马丁（Vargas Martin）博士在2010年提出了隐性认知身份验证的想法，这标志着利用脑电图设备和认知心理学进步的身份验证建议的开始。在交通检查方面，Vargas Martin致力于利用音乐理论的适当技术，以代替指示入侵的网络流量的特征。特别是，该研究计划测试了音乐和谐的有效性，以传达有关网络，服务器或简单计算机中活动的信息。这种方法的一个关键方面是对特征的识别和有效解释，当用作骨料时，可以将有意义的信息传达给人类。就特征提取技术和音乐声音而言，这些可能性都是巨大的。