A&T Cyber Warriors
While the emergence of “smart” products might be exciting – a fork that tracks your chew rate, an app that alerts parents when junior’s diaper needs changing – there is often a rush to market for these devices, which inadvertently creates new potential security issues.
“Cybersecurity threats are not ever going to really go away,” explains Gerry Dozier, an expert in identity science at N.C. A&T and chairman of the Department of Computer Science. “It’s an arms race between the hackers and the cybersecurity workforce. A new system is born, and what we want to try to do is discover all of the attacks that could be launched against it, and fix these vulnerabilities. In order to protect a system you have to know how people can get into the system.”
For Dozier and his team of collaborators, Drs. Mohd Anwar, Chris Doss, Albert Esterline and Tonya Smith-Jackson, one way to address cybersecurity issues proactively is to emphasize secure software design and engineering. With security threats becoming increasingly sophisticated, dangerous, and multiplying across the globe, targeting individuals and companies alike, concern is mounting on whether cybersecurity measures can keep pace with the “Internet of Things.”
In the midst of the fears, Dozier offers an optimistic outlook, maintaining that solutions to the concerns are being invented and tested. Dozier’s Department of Computer Science oversees N.C. A&T’s two major hubs for cybersecurity research – the Center for Cyber Defense (recognized by the National Security Agency and the Department of Homeland Security as a Center for Academic Excellence in Information Assurance Education), directed by Dr. Dorothy Yuan and the Center for Academic Studies in Identity Sciences (CASIS). The first National Intelligence Science and Technology Center of Academic Excellence in the United States, CASIS is now in its second phase of funding totaling $11.6 million, with grants from the Army Research Laboratory and the Department of Defense.
While both of these cybersecurity centers focus on developing ways to protect one’s cyber identity (the underpinning of cybersecurity), the interdisciplinary team of CASIS researchers – computer scientists, electrical and computer engineers, industrial and systems engineers, bioengineers, civil engineers, mathematicians and visual computing specialists – focuses on Identity Modeling, Cyberidentity Protection & Privacy and Biometrics-based Analytics & Identification. CASIS is using a blend of identity science, data science, artificial intelligence, and machine learning in an effort to solve cybersecurity problems.
CASIS research is also aggressively addressing the challenges of face and iris recognition. The results include computer models that would allow camera surveillance systems to identify a person by his or her facial and eye-region structure, regardless of aging that has occurred. The common method for validating a user’s identity requires humans to create and remember (hopefully) long, complex passwords. But in the future, PINs and passwords may be replaced with more sophisticated methods.
The research of Dozier and his colleagues in active authentication are pioneering novel ways of validating the identity of the person that go beyond biometric identifiers – fingerprints and scans of the face and iris/retina – and extend to behavioral traits such as swipe patterns, how the user handles the mouse and how the user crafts written language. All of these behaviors are completely unique to the user. Everything you do on the Internet – your “digital exhaust” – is being saved someplace, and that digital exhaust can be used to identify you – your digital ‘Self’.
The relatively young identity science pursues a deeper understanding of how the nature of ‘Self’ interacts with dynamic environments. Given these self-environment interactions, researchers want to be able to predict what ‘Self’ is likely to become if it interacts with this environment. The reverse would also be true: if this is how ‘Self’ is today, what kind of environment must it have interacted with to reach its present state?
This has a direct application to cybersecurity. “If we can identify a hacker, or a group of hackers, just by the way they do certain things, and know the history of what they have done in the past, we could predict what might happen in the future,” explained Dozier.