Authentication is the first step in securing a networked application. Traditional authentication relies on cryptographic algorithms that verify users identify based on certain pre-configured secrets. In a world with "trillions" of mobile objects ("computation in everything") rigorous key management techniques are difficult, the traceability of pre-configured secrets is compromised, and crypto-based authentication schemes become ineffective.
This project will investigate an alternative approach, referred to as cognitive security, to address this compelling problem. Cognitive security aims to supplement the crypto-based solutions with unique, unforgeable, and robust credentials that are inherent to the network entities such as mobile devices and users. For example, a location claim can be verified by a location "fingerprint" constructed from the ambient radio signals presented at the said location at the said time. A user's identity can be verified by knowledge the verifier learned from the user's online social networks. These credentials are physical properties of the mobile devices or knowledge naturally known to the users, which do not have to be pre-configured or remembered. Mechanisms will be developed so that these credentials can be collected or learnt through the normal network operations and be used to securely verify a device or a user's identity or claims.
This is an international collaborative project, between US and Japan. The project will involve multiple areas of information technology, including security, wireless communications and networking, and machine learning. Cognitive security is a promising new approach to mobile network security where the security of the device or secrets stored in the device cannot be guaranteed.
