This research investigates a new form of attack which poses a potential threat to biometrically-enhanced security mechanisms. Such attacks are "generative" in nature: the attacker works from a model for mimicking an aspect of human behavior and, through direct or indirect knowledge of the targeted user's biometrics, adapts the model to generate attempted reproductions of the user's input. In this context, two types of security mechanisms are studied: biometric authentication, where the user's biometric features are measured by a nonbypassable reference monitor and compared to a stored template; and password hardening, where the user's password and biometric features measured during the entry of the password are combined into a secret key (the "hardened" password) that should be irreproducible even to an attacker with full access to the device and software which create the key. Generative models for handwriting serve as an enabling input to evaluate schemes for performing handwritten password verification and for creating hardened passwords from handwriting. The size of the attacker's search space is quantified assuming that various categories of information have been gleaned (or captured) from the targeted user, as well as employing demographic statistics. Speech synthesis for targeting a specific user's voice is also studied in these same contexts. To the extent possible, techniques are identified for improving password hardening to withstand such attacks.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
0820903
Program Officer
Karl Levitt
Project Start
Project End
Budget Start
2007-07-01
Budget End
2008-11-30
Support Year
Fiscal Year
2008
Total Cost
$90,081
Indirect Cost
Name
University of North Carolina Chapel Hill
Department
Type
DUNS #
City
Chapel Hill
State
NC
Country
United States
Zip Code
27599