| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | August 17, 2012 |
| Latest Amendment Date: | September 3, 2014 |
| Award Number: | 1228460 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Ralph Wachter
rwachter@nsf.gov (703)292-8950 CNS Division Of Computer and Network Systems CSE Direct For Computer & Info Scie & Enginr |
| Start Date: | October 1, 2012 |
| End Date: | September 30, 2016 (Estimated) |
| Total Intended Award Amount: | $349,803.00 |
| Total Awarded Amount to Date: | $414,540.00 |
| Funds Obligated to Date: |
FY 2014 = $64,737.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
333 RAVENSWOOD AVE MENLO PARK CA US 94025-3493 (703)247-8529 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
333 Ravenwswood Avenue Menlo Park CA US 94025-3493 |
| Primary Place of Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001415DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Coercion attacks that compel an authorized user to reveal his or her secret authentication credentials can give attackers access to restricted systems. The PIs are developing a new approach to preventing coercion attacks using the concept of implicit learning from cognitive psychology. Implicit learning refers to learning of patterns without any conscious knowledge of the learned pattern. Using a carefully crafted keyboard-based computer game the PIs plant a secret password in the participant's brain without the participant having any conscious knowledge of the trained password. This planted secret can be used for authentication, but participants cannot be coerced into revealing their secret since they have no conscious knowledge of it.
This project explores three directions for using implicit learning in computer security. First, the PIs are developing implicit learning tasks designed to be used in challenge-response authentication. Second, the PIs are experimenting with methods to demonstrate implicit knowledge by measuring electrical activity along the scalp using off the shelf EEG devices. Third, the PIs are conducting user experiments to demonstrate that participants are able to properly authenticate, but cannot consciously recognize the trained secret. This project is a collaboration between computer security researchers and cognitive psychologists. Ultimately, the project aims to understand how the brain represents implicit knowledge. This in turn will lead to new coercion resistant security mechanisms for high-security applications.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
By crossing interdisciplinary boundaries between neuroscience and computer science, this project examined a completely novel approach to system authentication that relied on a human's remarkable capability for storing implicit sequence knowledge. The system, which utilized a video-game style challenge-response task, was featured in a high-profile CACM publication and in BBC's Nova special, Rise of the Hackers. Beyond the impact in the realm of computer science, the need for achieving authentication standards pushed the science of memory systems theory in exploring the limits and full capabilities of the perceptual-motor sequence learning system that supports this type of knowledge acquisition and expression. Work was disseminated in print publications and presented at conferences.
Beyond the scientific contributions to cognitive neuroscience and computer science, the training opportunity that this project afforded was valuable to a number of students, across disciplines and degree levels. A psychology PhD graduate was provided an opportunity to explore this interdisciplinary boundary and developed a successful individual research career, becoming the PI of his own government-funded project. Computer science undergraduates and master students were provided an opportunity to extend their knowledge and research focus to understand how their research could simultaneously produce insight into how humans and systems work, and work together.
This project provided the environment necessary to extend science and research careers for young scientists, and has laid groundwork for new labs and threads of research focused on the increasingly-important cross-section of humans and systems.
Last Modified: 12/21/2016
Modified by: Patrick D Lincoln
Please report errors in award information by writing to: awardsearch@nsf.gov.
