Last month the New York Times published a now famous op-ed from someone within President Trump’s administration.  The piece led to a hunt for the “member of the resistance” and denials by major political figures.  Watching this unfold I began to wonder whether Artificial Intelligence could have identified the author.  I have applied machine learning to all sorts of pattern recognition problems and this seemed like just another example.

TELEGRID is a market leader in the field of behavioral biometrics which includes voice recognition.  Voice recognition utilizes subtle nuances in a user’s speech pattern to perform user verification or identification.  This field is widely researched and several technologies have made their way into commercial products.  For instance, last year, Amazon announced that Alexa could differentiate between voices.

If we can perform speaker identification then author identification is not a big leap.  Handwriting recognition, which uses optical character recognition, has also been around for a long time and is used widely in the banking industry for signature verification.

But what about text that is not handwritten, is there enough difference in authors’ styles to identify them?

Stylometry is the identification of linguistic style in written language.  While around for hundreds of years, it was not until 1964 that Mosteller and Wallace applied statistical modeling to identify the authors of the Federalist Papers.  This began the application of machine learning to author identification of other classic literature and even tweets.

The results of this research have been positive but the lack of a valid business case has limited the technology’s penetration.  For instance while it might be interesting to find out if someone forged their college essay, it is doubtful that Universities will pay for it.  One potential market is artist verification for auction houses.  While not linguistic, perhaps this will be the market that helps the development of author identification.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, behavioral biometrics, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Using AI to Identify the Resistance appeared first on TELEGRID.

My Data Set is Bigger

Recently a team at the University of Manchester released a study about a system that identifies users by the way they walk.  The system uses pressure pads on the floor and a high-res camera to authenticate users based on their footsteps.   The article states that the team “compiled a database consisting of 20,000 footstep signals from more than 120 individuals.  It’s now the largest footsteps database in existence.”  I would love to hear the debate between this researcher and the researcher who has the second largest footsteps database in existence.

I understand the importance of having a large data set to cross validate and test an algorithm but Machine Learning marketing should be focused on the algorithm and not the data set size.  For instance with algorithms that suffer from high bias (AKA underfitting), the size of the data set will not have much of an impact.  Additionally certain algorithms (e.g., Support Vector Machines) can be very slow if the data set is too large.  If the speed of your Machine Learning system is important this should matter to you.

My Feature Set is Bigger

In Machine Learning features are used to predict an outcome.  For user authentication features include motion sensor data, keyboard clicking rhythm, GPS location, etc.  I recently saw an advertisement for a Machine Learning system that claimed its algorithm was the best because it used 1,000 features.

This Machine Learning marketing was claiming that the higher the number of features the better the quality of the Machine Learning algorithm.  However, if your algorithm suffers from high variance (AKA overfitting) the number of features should be reduced not increased.  Additionally, performing linear algebra functions on matrices with a high number of features can consume valuable resources.  This is an issue for Machine Learning systems that are designed to run on low power and low compute devices like mobile devices.

My Number of Iterations is Bigger

Researchers often base the superiority of their prediction on the number of times the underlying algorithm was run.  For instance, a recent study on the World Cup found that Germany had a 12.8% chance of winning.  As the Machine Learning marketing clearly shows the support for this prediction was the fact that the algorithm was run 100,000 times.  Despite the number of iterations Germany crashed out in the first round.  Now you can blame the algorithm, the human element or simply the fact that the study was performed by German researchers and was therefore biased from the start.  One thing is clear though, the number of iterations had little impact on the accuracy of this Machine Learning algorithm.

I believe the lesson from these examples is that we must cut through size-based Machine Learning marketing and challenge developers to justify their choices.  You wouldn’t select a software package simply because it was written by 10,000 engineers would you?  We should ask developers why they picked specific features.  Are all the selected features necessary or is the correlation high enough so that a few can be removed?  How is the large data set being used to improve the algorithm?  Also, how will the algorithm design affect its performance on your specific hardware?

We need to refocus Machine Learning marketing away from size and instead towards justification of the Machine Learning model.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Machine Learning Marketing: Ignore Size appeared first on TELEGRID.

TELEGRID recently completed a review by an Institutional Review Board (IRB) for a test involving biometrics.  An IRB is an ethics board that approves and monitors research involving human subjects – think of drug trials for the Food and Drug Administration.  In fact when our Government customer first asked us to go before an IRB I replied, “Why?  I am not putting shampoo in anyone’s eyes.”  However, since we were collecting biometrics from human subjects we were required to speak to an IRB about how we intended to protect the subjects’ information from data leakage.

Aside from the mountain of paperwork, the process was fairly painless and we were deemed exempt based on the type of data we were collecting, the level of security we maintain at our offices, and our ability to maintain subject anonymity.  While I agree with the type of data and cybersecurity controls being a basis for exemption, past studies have raised doubts about the ability to protect anonymity in machine learning.

For instance, in 2006, researchers from the University of Texas at Austin were able to identify Netflix users by matching a database of anonymous users’ movie preferences with users who publicly entered movie ranking on IMDb.  Anonymity was challenged again in 2013 when a Harvard professor identified 40% of a sample of anonymous participants in the Personal Genome Project.  While both studies relied on a secondary dataset, which may not always be available, they did show that it is possible to identify subjects in anonymous databases.

To protect anonymity in machine learning researchers have been working on a new technique called Differential Privacy.  Differential Privacy allows machine learning algorithms to arrive at the same conclusion whether or not a subject is included in the input data set.  To explain it we will use the classic example of a pollster asking a subject which political party they voted for.  If the pollster collected other data, which can be cross referenced to a public database, it is possible to identify the subject and their voting history.  To institute Differential Privacy we would instead ask the subject to flip a coin, and based on the result, either tell the truth or lie about who they voted for.  Using statistics it is possible to extract the ‘noise’ of the coin flip.

In short, Differential Privacy is the controlled injection of noise into a data sample to provide a subject with the ability to plausibly deny that they gave a specific response.

Differential Privacy is still in its infancy, and requires a larger data set in order to overcome the injected noise, but it is currently the most promising option we have to protect anonymity in machine learning. If you would like to learn more about Differential Privacy I would suggest starting with this episode from the podcast This Week in Machine Learning & AI.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post How to Protect Anonymity in Machine Learning appeared first on TELEGRID.

Secure Your “AI Supply Chain”^TM

Machine Learning, like any other piece of software, suffers from garbage in, garbage out.  Take the classic example of an image classifier that is designed to identify a bus.  What happens if you start to feed it pictures of giraffes and label them buses?  I mean they are both yellow and black right?  Turns out the machine will start to look at pictures of giraffes and call them buses.

Mislabeled data is one of the biggest Adversarial AI attacks.  By feeding in incorrect data adversaries can trick machines into falsely classifying images.  How many false positives must an operator see before they stop paying attention?

Messing up an algorithm is concerning but tricking it to perform an action is very dangerous.  This is called an enchanting attack and was highlighted in a recent post by Google and UC Berkley researchers.  These researchers manipulated data to force a Reinforcement Learning (RL) algorithm to purposefully lose a video game.  Imagine if an adversary could use this method to cause a robotic tank to purposefully fire on its own forces.

To mitigate this threat we need to actively focus on our AI supply chain like we do with our hardware supply chain.  Before you buy a Machine Learning product ask the company where its training data comes from.  Is it crowdsourced, meaning anyone can label the data and put in a Trojan horse?  If it is built by a team of professionals what country are they located in?  We need to remember that labelled data is to Machine Learning what microchips are to hardware.

Click to Subscribe

Know Your Algorithms

While the bus/giraffe example is a little simplistic the truth is that we often do not know what machine learning is focusing on.  In a study at UCI, students were asked to use Machine Learning to differentiate between a wolf and a husky.  When they pulled back the covers they realized that it was the snow in the background that was actually the main classifier.  Another study found that when trying to identify traffic lights it was actually the arm of the traffic light separating the sky from the ground that was the main classifier.  So if a picture of the horizon was passed into the algorithm it would also return the term traffic light.

To mitigate this threat we must know our algorithms.  Indeed the Defense Advanced Research Projects Agency (DARPA) has started to do a lot of work in this area.  By understanding what it is that AI is using to make its decisions we can not only decide if the decision has merit, but also how Adversarial AI can manipulate it.

Admiral Michael Rogers, the director of the NSA, made an interesting related point at a hearing before the Intelligence Committee.  “With the power of machine learning, artificial intelligence and big-data analytics, data concentrations now increasingly are targets of attraction to a whole host of actors.”  While the simplest reaction to this comment is to secure all data that is not always practicable.  However, if we know what patterns our AI is looking for, we will know what data must be protected.

At the moment Adversarial AI is confined to experiments where the researchers control the data, the algorithm and the RL reward.  Despite that, there is enough research to be concerned and it is justifiable for our leadership to ask questions.  In my opinion though we should not be looking at our enemies but rather ourselves.  Adversarial AI can be mitigated but first we must take the time to better understand our own AI by understanding its data inputs and the algorithms that use that data.

Click to Subscribe

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Adversarial AI and Mitigation Methods appeared first on TELEGRID.

As any James Bond fan knows, forged passports are a problem.  For example, a recent Reuters article detailed how Kim Jong-il and Kim Jong-un of North Korea allegedly used a Brazilian passport to obtain visas from foreign countries.  To combat this threat e-Passports were developed over a decade ago and since 2015 the US has required them from countries on the visa-waiver list.

e-Passports include a chip containing electronic information that matches the physical information on a passport.  To prevent forged passports, the information on this chip is digitally signed by the issuing country’s Certificate Authority (CA).

Click to Subscribe

The digital signing process involves hashing the electronic passport data and then encrypting that hash with the CA’s private key.  Software then decrypts the signature with the CA’s public key and compares the result to its own hash of the passport data.  The only way these two values would match is if the signature was created from a matching public-private key pair.  For more information on how digital signatures work watch our video tutorial on Public Key Infrastructure (PKI).

Even though CBP is checking that the electronic and physical information match, there is no way to guarantee that both are not fake if the digital signature is not verified.  This leaves our border open to forged passports.

In a 2010 report the Government Accountability Office (GAO) gave the two main reasons why CBP is not checking digital signatures.

1) “A database needs to be established and populated with the digital certificates needed to fully validate the digital signatures that can be accessed by CBP inspection workstations at the ports of entry.”

2) “CBP needs to develop and implement functionality on its inspection workstations to access the database.”

The first issue could be resolved by accessing the ICAO Public Key Directory (PKD) and downloading the CA certificates.  The International Civil Aviation Organization (ICAO) specifically created the PKD as a central repository for countries to exchange information required to validate e-Passports.

Click to Subscribe

The second issue I do not believe is a question of a software upgrade since checking digital signatures is a standard process.  Rather, I believe it is the time to access the certificate database and perform revocation checking.  This is similar to the issue the retail sector had when chip based credit cards were introduced.  Considering how many people CBP has to clear each day I understand the concern.  However, there are solutions available.  To speed up revocation checking CBP can create local CRLs or OSCP responders that are updated daily.  This is similar to the approach the US Army takes with revocation checking on its tactical networks.

At the end of the day, these are not difficult problems and I expect CBP to solve them quickly – most likely by contacting TELEGRID (hint, hint).

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Forged Passports, CBP and Digital Signatures appeared first on TELEGRID.

I know, I know, everybody loves a post about NIST guidelines. However, we thought this post was necessary due to the interest we received from our white paper detailing the updated NIST 800-63 and the number of views the accompanying video has received on youtube, which broke the record for most views of a non-cat, NIST video.

To give a brief background, the updated NIST 800-63 separates digital identity into Identity Assurance Level (IAL), Authenticator Assurance Level (AAL) and Federated Assurance Level (FAL). Within each Assurance Level, NIST defines 3 risk levels. The higher the level of risk the more restrictions that are placed on the organization (e.g., in-person vetting, multi-factor authentication, Holder of Key, etc.).

The main question that we receive from customers is, “How do I determine which Assurance Level applies to my organization?”

The NIST guidelines provide flow charts to help determine assurance level by judging risk on a scale of low, medium and high. If an organization judges any of the risks to be high (or medium for risk to Personal Safety) the Assurance Level is IAL3, AAL3 or FAL3 resulting in large IdAM changes for the organization.

Click to Subscribe

The problem with judging risk is that it is subjective. If asked to take the risk of financial loss or criminal violation wouldn’t we be risk-averse and select high? To alleviate this issue the guidelines point to NIST 800-30 which was designed to help organizations perform risk assessments in a more analytical manner.

While reviewing the 800-30 guidelines we were struck by a few core differences which we believe highlights NIST’s tougher approach to identity risk.

During a risk assessment NIST 800-30 guides organizations to view all elements of risk including threat, vulnerability and impact. However, NIST 800-63, “asks agencies to look at the potential impacts of a federation failure. In other words, what would occur if an unauthorized user could compromise an assertion?”

The reason this is important is that by focusing on impact without threat and vulnerability, organizations disregard several key points. For instance judging threat includes an assessment of who has the capability to perform the attack and do they have the desire to do so. Additionally judging vulnerability includes an assessment of existing security controls which may prevent the attack. Both threat and vulnerability serve to tamper the impact of an attack. If we only look at impact we will most likely take a tougher approach.

Click to Subscribe

Another example is the number of risk categories. NIST 800-30 recommends 5 risk categories with semi-quantitative values for each (e.g., Very High is 96-100 while High is 80-95). NIST 800-63 only has 3 categories, or 2 for Personal Safety. This reduces granularity and leads to the selection of higher Assurance Levels.

What is the reason for NIST’s tougher approach to identity risk? Perhaps it is that for all of the fear of hackers cracking firewalls, the DBIR proves that the majority of attacks are still due to stolen credentials and privilege misuse. By creating a subjective risk assessment model that skews towards higher Assurance Levels, perhaps NIST is telling organizations that they should invest more heavily in IdAM security. Perhaps organizations should pay attention.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication (MFA) and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  TELEGRID Technologies, Inc. will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post NIST’s Tougher Approach to Identity Risk appeared first on TELEGRID.

While it is easy to say that Meltdown and Spectre prove that hardware is just as risky as software, I believe we should instead focus on how we got here.  I believe there is a lesson rooted in our approach to technological innovation as highlighted by Marc Andreessen’s seminal article Why Software Is Eating the World.

Software Defined Everything has become the rallying cry of organizations.  In a drive to reduce cost and speed up innovation we have started to treat hardware as a commodity and focus on software as the solution.  But there is a problem.  What if our hardware cannot keep up with our software?  Are we asking too much of our hardware?

Moore’s law states that processor speeds double every two years (or eighteen months according to Intel).  In technology two years is an eternity so engineers have devised ground breaking methods to speed up processors.   One such method, called speculative execution, allows a processor to perform a function before it knows whether the function is required.  If the function is not required then it is discarded but the act of completing it, just in case, allows the processor to perform operations more quickly.

Click to Subscribe

While designed as an optimization technique, Meltdown and Spectre proved that a cache timing attack could take advantage of speculative execution to expose secure kernel memory.  As described by The Register, “To make the transition from user mode to kernel mode and back to user mode as fast and efficient as possible, the kernel is present in all processes’ virtual memory address spaces, although it is invisible to these programs…It seems it may be possible to craft software in such a way that the processor starts executing an instruction that would normally be blocked – such as reading kernel memory from user mode – and completes that instruction before the privilege level check occurs.”

https://youtu.be/q3WZiiaXHps

Another example of the desire to use software to solve the limitations of hardware is the deployment of Virtual Machines (VMs).  VMs have truly changed the world, creating the cloud and allowing organizations to dramatically reduce cost.  VM technology allows collocated, software-based operating systems to share expensive hardware resources.  VM security is based on hardware Trusted Platform Module (TPM) storing secure information and software hypervisors scheduling access to hardware resources.

Despite these barriers, side channel attacks can still be used to cross the boundary between collocated VMs and steal private information.  These attacks involve an attacker VM alternating execution with a target VM to observe behavior of the underlying hardware.  They take advantage of the fact that, in order to conserve memory and speed up processing, VMs often share caches and libraries (i.e., memory page deduplication).  While difficult, multiple researchers have shown a side channel attack’s ability to retrieve secure information including private keys.  Other researchers have shown the ability to perform Denial of Service (DoS) attacks by using the VM scheduler to monopolize hardware resources at the expense of collocated VMs.

With the advent of Software Defined Networking (SDN) will the next attack be listening to other people’s traffic on bare metal switches?

If we are asking too much of our hardware what can we do to correct it?  Should we accept slower processors, which has been the result of Intel’s patches?  Should we no longer allow collocation of VMs or demand completely separate data centers for our servers?

I am sure we will not start accepting slower speeds or higher costs so the next best option seems to be education.  Developers need to understand how hardware and software interoperates in order to prevent future cybersecurity attacks.  For instance, in addition to a six week course on Python, developers should also invest in a six week course on machine language.  Perhaps if they understood how hardware resources are actually used by software they will know when to push hardware and when not to.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Hardware’s Burden: Meltdown and Spectre appeared first on TELEGRID.

The post Authentication Token Cybersecurity and NIST 800-63-3 appeared first on TELEGRID.

AAA servers like AD and Radius servers are the central point for all access requests.  Anytime a user wishes to access an application, server, etc. their credentials are sent to a AAA server to determine whether they are legitimate (authentication) and are allowed access (authorization).  Depending on their configuration, the AAA server will also log access (accounting) although this is more commonly performed in commercial mobile networks.

Since the AAA server communicates with multiple applications and devices, across multiple security domains, it has become a prime target for botnet and denial of service (DoS) attacks.  Hackers and cybersecurity researchers have begun to take notice.  Let’s look at three examples.
 

Click to Subscribe

 
First, IBM X-Force Research recently identified a banking trojan virus, Qakbot, that locked out thousands of AD users.  Qakbot is financial malware and is typically used to drain online bank accounts.  This was the first time researchers have seen it used as a DoS attack by preventing users from accessing applications and devices.

Second, researcher Guido Vranken used fuzzing, where malformed data is injected into a software application, to expose several vulnerabilities in FreeRadius, the most popular open source RADIUS server.  As Security Week pointed out, “The list of vulnerabilities includes memory leak, out-of-bounds read, memory exhaustion, buffer overflow and other issues that can be exploited to remotely execute arbitrary code or cause a DoS condition.”  Luckily the open source community was quick to address the vulnerabilities.

Third, at this year’s Black Hat conference, Threat Intelligence engineers gave a talk about a method to turn the AD Domain Controller into a botnet’s command and control server.  As they pointed out, the AAA architecture, where disparate computers take access instructions from a central controller, closely mimics that of a botnet.  If malware were installed it could take advantage of existing AD commands and user attributes to transfer information between infected clients and out of the network.  If there was only one AD domain controller for the entire network, this would allow data transfer between security domains.

For the moment many of these attacks can be prevented by patching, monitoring and constructing proper network architectures.  However, as the hacker community continues to turn its attention to AAA it is only a matter of time before widespread zero day Active Directory cyber attacks are unleashed.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Active Directory Cyber Attacks appeared first on TELEGRID.

It seems the scale and timing of the ransomware attacks should be a major cause for concern.  However, I believe that the nature in which these attacks are being dealt with highlights 3 rays of hope that we are turning a corner in cybersecurity.

The first ray of hope is the amount of money being raised from these ransomware attacks.  As mentioned, WannaCry affected 300,000 computers with each user being asked for $300 to unlock their data files.  That should equate to $90,000,000.  It is estimated, however, that only $50,000 was collected.  This means that the vast majority of users figured out another way to deal with the crisis.  Perhaps users backed up their data or, in the case of Rosneft, switched to an entire backup system.  With virtual machines and cloud computing, administrators can simply tear down infected systems and rebuild them to a previous image.  The way organizations are dealing with ransomware is a clear sign of better planning.

Click to Subscribe

The second ray of hope is how the attacks are being thwarted.  WannaCry was undone by a 22 year old white hat hacker who recognized a simple kill switch.  In short, ransomware is designed to recognize traps by sending a request to a fake website.  This test is designed to fail and lets the ransomware know that it is on a real machine and not trapped in a simulated sandbox.  To stop WannaCry this 22 year old simply bought the fake domain and set up a real website.  When the ransomware stopped getting a failed signal it shut itself off.  While interesting, the fact that the ransomware was undone by a simple fix is not the ray of hope.  The ray of hope is that WannaCry was undone by an anonymous 22 year old researcher, not a major cybersecurity company.  We should be happy that there is an army of white hat hackers out there working to keep the internet safe.

The third ray of hope is the scale of the attack.  While it is estimated that WannaCry infected 300,000 computers, this new variant has so far only affected 2,000.  The SMB protocol exploit, on which both attacks rely, can be resolved by a simple Windows patch.  The reason WannaCry was so widespread is that administrators did not update their systems.  Perhaps the reduced scale of this new attack points to the fact that administrators are becoming more careful with security patches.

While we can take comfort from these 3 rays of hope, we are not out of the woods yet.  Cybersecurity is a game of cat and mouse and this week’s ransomware attack will not be the last.  However, organizations spent over $80 billion on cybersecurity in 2016 and the rapid nature in which ransomware is being dealt with proves that this was money well spent.

Eric Sharret is Vice President of Business Development at TELEGRID. TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).

Click to Subscribe

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc. TELEGRID Technologies, Inc. will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.

The post Ransomware and 3 Rays of Hope appeared first on TELEGRID.