Biometrics

group_project

Visible to the public TWC: Small: Collaborative: RUI: Towards Energy-Efficient Privacy-Preserving Active Authentication of Smartphone Users

Common smartphone authentication mechanisms such as PINs, graphical passwords, and fingerprint scans offer limited security. They are relatively easy to guess or spoof, and are ineffective when the smartphone is captured after the user has logged in. Multi-modal active authentication addresses these challenges by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interaction, hand movements, gait, voice, and phone location.

group_project

Visible to the public Forum on Cyber Resilience

This project provides support for a National Academies Roundtable, the Forum on Cyber Resilience. The Forum will facilitate and enhance the exchange of ideas among scientists, practitioners, and policy makers concerned with the resilience of computing and communications systems, including the Internet, critical infrastructure, and other societally important systems.

group_project

Visible to the public TWC SBE: Small: Collaborative: Brain Password: Exploring A Psychophysiological Approach for Secure User Authentication

Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, the PIs argue that the most secure cryptographic credentials are ones of which the users aren't even aware.

group_project

Visible to the public EAGER: Collaborative Research: Towards Understanding Smartphone User Privacy: Implication, Derivation, and Protection

This project aims to address privacy concerns of smartphone users. In particular, it investigates how the usages of the smartphone applications (apps) may reshape users' privacy perceptions and what is the implication of such reshaping. There has been recent work that investigates privacy leakage and potential defense mechanisms. However, so far there is only limited understanding on the consequences of such privacy losses, especially when large amount of privacy information leaked from smartphone users across many apps.

group_project

Visible to the public TWC: Small: Collaborative: Spoof-Resistant Smartphone Authentication using Cooperating Wearables

This research is developing methods that leverage a multitude of sensors embedded in hand-held and wearable devices (e.g., smart watches, smart glasses and brain-computer interfaces) for strong user authentication to smart phones. The current point-of-entry solutions, largely based on weak static credentials, such as passwords or PINs for authentication to smart phones are not sufficient because once such credentials are compromised (which is very likely given the many vulnerabilities of passwords), the attacker may gain unfettered access to the smart phone.

group_project

Visible to the public TWC: Small: Collaborative: Secure and Usable Mobile Authentication for People with Visual Impairment

Mobile authentication is necessary for preventing unauthorized access to mobile devices with increasingly more private information. Despite significant progress in mobile authentication for sighted people, secure and usable mobile authentication for people with visual impairment remains largely under-explored. This project is to develop, prototype and evaluate novel secure and usable mobile authentication techniques for people with visual impairment.

group_project

Visible to the public TWC SBE: Small: Collaborative: Brain Password: Exploring A Psychophysiological Approach for Secure User Authentication

Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, the PIs argue that the most secure cryptographic credentials are ones of which the users aren't even aware.

group_project

Visible to the public TWC: Small: Techniques and Tools for Enforcing Proximity-based Policies in Wireless Systems

As wireless technologies become more pervasive, it becomes increasingly important for devices to authenticate the locations of other devices. For example, patients with implantable medical devices (IMDs) may reasonably expect that any device used to control their IMD would have to be within arm's reach, to help prevent unauthorized access to their device. In other words, IMDs should enforce policies based on the proximity, and in general the location, of wirelessly connected devices.

group_project

Visible to the public TWC: Medium: Collaborative: Long-term Active User Authentication Using Multi-modal Profiles

This project aims at advancing the state-of-the-art in cybersecurity by developing efficient methods for generating novel biometric signatures and performing active and continuous user authentication. Current authentication procedures typically occur once at the initial log-in stage and involve user proxies such as passwords and smart cards which suffer from several vulnerabilities.

group_project

Visible to the public TWC SBE: Medium: Collaborative: Brain Hacking: Assessing Psychological and Computational Vulnerabilities in Brain-based Biometrics

In September of 2015, it was reported that hackers had stolen the fingerprint records of 5.6 million U.S. federal employees from the Office of Personnel Management (OPM). This was a severe security breach, and it is an even bigger problem because those fingerprints are now permanently compromised and the users cannot generate new fingerprints. This breach demonstrates two challenging facts about the current cybersecurity landscape. First, biometric credentials are vulnerable to compromise. And, second, biometrics that cannot be replaced if stolen are even more vulnerable to theft.