Biometrics

Many physical characteristics, such as face, fingerprints, and iris as well as behavioral characteristics such as voice, gait, and keystroke dynamics, are believed to be unique to an individual. Hence, biometric analysis offers a reliable solution to the problem of identity verification. It is now widely acknowledged that biometric systems are vulnerable to manipulation where the true biometric is falsified using various attack strategies; such attacks are referred to as Presentation Attacks (PAs).

Common smartphone authentication mechanisms such as PINs, graphical passwords, and fingerprint scans offer limited security. They are relatively easy to guess or spoof, and are ineffective when the smartphone is captured after the user has logged in. Multi-modal active authentication addresses these challenges by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interaction, hand movements, gait, voice, and phone location.

Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, the PIs argue that the most secure cryptographic credentials are ones of which the users aren't even aware.

This research is developing methods that leverage a multitude of sensors embedded in hand-held and wearable devices (e.g., smart watches, smart glasses and brain-computer interfaces) for strong user authentication to smart phones. The current point-of-entry solutions, largely based on weak static credentials, such as passwords or PINs for authentication to smart phones are not sufficient because once such credentials are compromised (which is very likely given the many vulnerabilities of passwords), the attacker may gain unfettered access to the smart phone.

Cryptographic systems often rely on the secrecy of cryptographic credentials; however, these are vulnerable to eavesdropping and can resist neither a user's intentional disclosure nor coercion attacks where the user is forced to reveal the credentials. Conventional biometric keys (e.g., fingerprint, iris, etc.), unfortunately, can still be surreptitiously duplicated or adversely revealed. In this research, the PIs argue that the most secure cryptographic credentials are ones of which the users aren't even aware.