Your engineers are not experts in RF so you buy a proprietary wireless mesh network module.  It costs significantly more than the entire sensor but it’s got to be worth it.  Right?

You need a microprocessor to read and process the sensor data for transmission.  The radio module has a microprocessor but you aren’t allowed to access it because it’s “vendor-locked” so you purchase an additional single board computer to run your code.

The mesh radio module doesn’t have power so it requires an external power source.  The power used by the RF module FAR exceeds any power estimates you had for your sensor.  You also have to power the single board computer you just added.

Now you will need to create a rechargeable battery circuit.  In order to know how many batteries you will need, to meet your battery-life requirements, you will need to perform detailed tests on the power usage of the new system.

We are ready for the enclosure.  You will need to get all these things to fit inside a small light-weight container that meets your customer’s size requirements which just seem impossible at this point.

You’re exhausted and running out of time so you spend a fortune manufacturing a custom enclosure. The sensor “system” is finally done.

Let’s say the wireless mesh network isn’t performing as advertised or you find a cheaper product.  If you change it then you will have to change everything.  You’re stuck.

Your sophisticated sensor is now a complex, awkward, expensive, power hungry system that can never be modified.  How did you even get here?

Radio module manufactures are extremely secretive and refuse to share any information they deem proprietary.  They purposefully create black box modules that remain shrouded in mystery.  This design creates redundancy and ultimately increases the cost, size, weight and power-usage of any system in which it is integrated. If engineers were allowed to use their microprocessor then the entire system would immediately shrink in power, size and cost.

What radio manufactures don’t want you to know is that wireless mesh technologies have been around for years and include many open source routing protocols.  “The Better Approach To Mobile Ad-hoc Networking” (B.A.T.M.A.N.) is an example of an open-source routing protocol for multi-hop wireless mesh networks.  My company, TELEGRID, has even stopped developing a proprietary wireless mesh routing protocol due to the remarkable performance of B.A.T.M.A.N.  Our uMesh wireless network allows system manufacturers to select specific components they need and MOST IMPORTANTLY write code on the same microprocessor as the wireless mesh network.

System manufacturers need to break-free from the wireless mesh network black-box conspiracy.  It is the only way to cut costs and size so that mesh-networked devices can finally permeate the marketplace and the world.

Want more information on how to add wireless mesh networking to your product just call me at 973-994-4440 and ask for Beth!

The post THE B-HIVE: Why Can’t System Developers Use the Wireless Mesh Network Processor? appeared first on TELEGRID.

Last month the New York Times published a now famous op-ed from someone within President Trump’s administration.  The piece led to a hunt for the “member of the resistance” and denials by major political figures.  Watching this unfold I began to wonder whether Artificial Intelligence could have identified the author.  I have applied machine learning to all sorts of pattern recognition problems and this seemed like just another example.

TELEGRID is a market leader in the field of behavioral biometrics which includes voice recognition.  Voice recognition utilizes subtle nuances in a user’s speech pattern to perform user verification or identification.  This field is widely researched and several technologies have made their way into commercial products.  For instance, last year, Amazon announced that Alexa could differentiate between voices.

If we can perform speaker identification then author identification is not a big leap.  Handwriting recognition, which uses optical character recognition, has also been around for a long time and is used widely in the banking industry for signature verification.

But what about text that is not handwritten, is there enough difference in authors’ styles to identify them?

Stylometry is the identification of linguistic style in written language.  While around for hundreds of years, it was not until 1964 that Mosteller and Wallace applied statistical modeling to identify the authors of the Federalist Papers.  This began the application of machine learning to author identification of other classic literature and even tweets.

The results of this research have been positive but the lack of a valid business case has limited the technology’s penetration.  For instance while it might be interesting to find out if someone forged their college essay, it is doubtful that Universities will pay for it.  One potential market is artist verification for auction houses.  While not linguistic, perhaps this will be the market that helps the development of author identification.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, behavioral biometrics, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Using AI to Identify the Resistance appeared first on TELEGRID.

My Data Set is Bigger

Recently a team at the University of Manchester released a study about a system that identifies users by the way they walk.  The system uses pressure pads on the floor and a high-res camera to authenticate users based on their footsteps.   The article states that the team “compiled a database consisting of 20,000 footstep signals from more than 120 individuals.  It’s now the largest footsteps database in existence.”  I would love to hear the debate between this researcher and the researcher who has the second largest footsteps database in existence.

I understand the importance of having a large data set to cross validate and test an algorithm but Machine Learning marketing should be focused on the algorithm and not the data set size.  For instance with algorithms that suffer from high bias (AKA underfitting), the size of the data set will not have much of an impact.  Additionally certain algorithms (e.g., Support Vector Machines) can be very slow if the data set is too large.  If the speed of your Machine Learning system is important this should matter to you.

My Feature Set is Bigger

In Machine Learning features are used to predict an outcome.  For user authentication features include motion sensor data, keyboard clicking rhythm, GPS location, etc.  I recently saw an advertisement for a Machine Learning system that claimed its algorithm was the best because it used 1,000 features.

This Machine Learning marketing was claiming that the higher the number of features the better the quality of the Machine Learning algorithm.  However, if your algorithm suffers from high variance (AKA overfitting) the number of features should be reduced not increased.  Additionally, performing linear algebra functions on matrices with a high number of features can consume valuable resources.  This is an issue for Machine Learning systems that are designed to run on low power and low compute devices like mobile devices.

My Number of Iterations is Bigger

Researchers often base the superiority of their prediction on the number of times the underlying algorithm was run.  For instance, a recent study on the World Cup found that Germany had a 12.8% chance of winning.  As the Machine Learning marketing clearly shows the support for this prediction was the fact that the algorithm was run 100,000 times.  Despite the number of iterations Germany crashed out in the first round.  Now you can blame the algorithm, the human element or simply the fact that the study was performed by German researchers and was therefore biased from the start.  One thing is clear though, the number of iterations had little impact on the accuracy of this Machine Learning algorithm.

I believe the lesson from these examples is that we must cut through size-based Machine Learning marketing and challenge developers to justify their choices.  You wouldn’t select a software package simply because it was written by 10,000 engineers would you?  We should ask developers why they picked specific features.  Are all the selected features necessary or is the correlation high enough so that a few can be removed?  How is the large data set being used to improve the algorithm?  Also, how will the algorithm design affect its performance on your specific hardware?

We need to refocus Machine Learning marketing away from size and instead towards justification of the Machine Learning model.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Machine Learning Marketing: Ignore Size appeared first on TELEGRID.

In ROS a process is called a node and every node is responsible for one task. Nodes communicate with each other using messages passed through logical channels known as topics. Nodes can send or receive data from another node using by publishing or subscribing to a topic.Nodes and topics. Image adapted from a tutorial from Justin Huang.

In order to start learning ROS you will need a robot.  For beginners, the best place to start is with a good affordable robot called the Turtlebot.  Turtlebot is the most affordable advanced ROS robot on the market.   It uses off-the-shelf consumer electronics like the Orbbec Astra Pro sensor, a standard netbook and a robot base built from a repurposed robot vacuum cleaner to keep costs low.

TurtleBot is a low-cost, personal robot kit with open-source software.  Turtlebot was designed in collaboration with the original makers of ROS, Willow Garage in 2010 and has since become the go-to software platform for roboticists around the world.

A TurtleBot allows you to build a custom robot that can drive around as well as see in 3D.  You can create amazing applications and learn more about ROS.  As an entry level mobile robotics platform, TurtleBot has many of the same capabilities of the company’s larger robotics p

latforms, like PR2.

Still want to learn ROS without buying a robot?  Easy – robot simulation.  A robotics simulator is used to create applications for a physical robot without depending on the actual machine which saves time and money. In most cases these applications can be transferred onto the physical robot without modifications.

The Open Source Robotics Foundation (OSRF) provides a free and open source robot simulator called Gazebo.  Gazebo

is an open source robot simulation application.  Used by both hobbyists an

d professionals alike, one can build models that act like real robots and move in their own world, ruled by its four, state of the art, physics engines the default being ODE Open Dynamics Engine.

The ROS Foundation provides a free Turtlebot Simulator which allows you to learn ROS and write code that can be moved to a real Turtlebot robot.  You can be up and running in 15 minutes!

To learn more check out these links:

www.ros.org 

gazebosim.org/

www.turtlebot.com

wiki.ros.org/turtlebot_gazebo

B

The post Getting Started with the Robot Operating System (ROS) appeared first on TELEGRID.

What we didn’t know then was that those kids were on the forefront of wireless communications which will become so important in the future.  They were communicating far and wide before cell phones were even a dream.

Ham radios communicate on a variety of radio frequencies that are allocated by the FCC for amateur use.  No License is required to purchase the equipment or to receive (listen), however, an FCC License is required to transmit on Amateur Radio frequencies in the USA.

Ham radios may operate from just above the AM broadcast band (1605 to 1705 kHz) to the microwave region in the GHz range with many ham bands found above the AM band to just above the citizens band (27 MHz). These bands are often referred to as short-wave bands which “bounce” off the ionosphere from the transmitter to the receiver’s antenna. The higher the frequency the “shorter” the wavelength.  This is different than FM radio and TV stations which use line-of-sight frequencies and are limited to 40 or 50 miles.

As a kid, I asked my Dad what it would take to get started in amateur radio and his response, money.

The equipment or “gear” for ham radio is expensive.  Radio components such as modulators, demodulators and tuners are traditionally implemented in hardware components which are expensive.

All that changed with the advent of modern computing and analog to digital converters which allowed most of these traditionally hardware-based components to be implemented in software.  This led to the creation of  what is now known as Software Defined Radio (SDR) which enables easy signal processing and the production of inexpensive wideband scanner radios.

The introduction of SDR was originally limited mostly to military organizations but SDR was transformed with the introduction of the RTL-SDR (www.rtl-sdr.com), a $25 SDR USB dongle.

The RTL-SDR operates in the 500 kHz – 1766 MHz frequency range and connects to a PC or laptop via USB.  The open source software application SDR# can be used to display the measurable frequency spectrum and even demodulate FM radio so you can hear music.

Other inexpensive SDR followed including the HackRF (https://greatscottgadgets.com/hackrf/) which can operate up to 6GHz.  It is considerably more expensive at $300 but higher frequencies require more expensive components.

Now anyone on a budget, including hobbyists (like me) can access the radio spectrum. This type of scanner capability would have cost hundreds or even thousands of dollars just a few years ago.

So what can you do with SDR?  This list is just few ideas from the rtl-sdr blog:

So what is TELEGRID doing with them? We are creating exciting solutions for the US Military using this technology.  We just and can’t talk about it here.  If you want more information or have a new, exciting idea that requires a custom RF solution, please give us a call at 973 994-4440 – we love to talk about RF!

Want to learn more.  Click on the following links:

http://www.arrl.org/clubs

https://www.rtl-sdr.com

https://greatscottgadgets.com/hackrf/

https://electronics.howstuffworks.com/ham-radio2.htm

B

The post THE B-HIVE: Cheap Software Defined Radio (SDR) Changes Everything! appeared first on TELEGRID.

I thought so too until I watched a 2014 video of Charlie Miller and Chris Valasek forcing a Jeep Cherokee to go off the highway into a ditch at full speed.  What’s the big deal?  THEY WEREN’T IN THE CAR!  They were driving behind the Jeep and were able to control it remotely. Scary.

How did they do it?  First, they hacked into the vehicle through an unsecure Wi-Fi connection – easy, unfortunately.

But how did they control the car?  By hacking the vehicle control network – the CAN Bus.

As cars became more advanced and offered more features the need for a common communication protocol emerged.   In 1983, a team at Bosch started developing the Controller Area Network (CAN) Bus to solve this complex problem.  New features including airbags, power steering, acceleration, braking, cruise control, audio components, power windows & doors now had a standard way to communicate with each other.  These components connect directly to the CAN Bus through Electronic Control Units (ECUs) which primarily consist of microprocessors and sensors.  In simplest terms, the CAN bus is a network where any system in the car can send and receive commands, kind of like an electronic command center.

The original CAN Bus was designed at a time when the thought of hacking vehicle software or any software was a far-off thought.  It was so incredibly difficult to even write custom embedded code that the idea of someone hacking it was just crazy.  Well, here we are at crazy.

The implementation of the CAN bus also allowed car manufacturers to move forward with the On-Board Diagnostics (OBD) protocol standard currently OBD-II. OBD-II offers a set of problem codes that can be easily interpreted by mechanics when trying to diagnose a problem. You can find the typeical OBD port under the steering column.

All you need to buy is a CAN bus module – here’s one from Sparkfun.com (https://www.sparkfun.com/products/13262).

Hook it up to your car’s OBD connector and a laptop and you can see all the information being transmitted on your cars CAN bus.  Cool right?  But wait – Did it ask you to login?

Nope … and that’s where our problem begins.

The CAN Bus has no security measures, period.  Messages are transmitted on the bus with only unique identifiers.  The lower the numerical value of the ID, the higher the message priority.  The problem is that there is no origination or destination indication transmitted with the message.  In a world of TCP/IP the idea that a message can be transmitted without knowing the sender is nuts!  This allows ANYONE to transmit messages on the bus with any ID at any time.

Lack of security leaves the CAN Bus susceptible to many different attack scenarios.  The easiest attack is a brute force attack where a hacker simply has to transmit high priority messages on the bus at such a high rate that the other messages can’t get through.  This will eventually immobilize the car and the driver.

The real danger, however,  is when a sophisticated hacker deciphers valid CAN Bus messages and is able to retransmit them at will which allows a hacker to gain control of the vehicle.  (This is also how self-driving cars work – but we will talk about that another time).

So what are we to do?  Many ideas have come up about how to implement security.  One method calls for adding authentication or encryption to the bus.  The issue with these types of methods is that they can introduce latency on the bus which will affect vehicle performance.  These methods also call for a network connection to a remote Certificate Authority (CA) and a central powerful processor which do not exist today.  These solutions probably will not happen without a complete vehicle network redesign which is a big deal.

Other methods include using Artificial Intelligence (AI) to identify “normal” CAN Bus behavior and then perform anomaly detection.  Again, this is a good method but requires a great deal of training to produce a behavioral model.  That means countless hours driving different “control” vehicles with different drivers in order to produce unique patterns.

My team at TELEGRID has a different approach that can identify a CAN Bus attacker without affecting the vehicle performance or long training periods.  We are currently working on this solution for US military vehicles and can’t discuss it here so give us a call (973.994.4440) for more information.

Apparently one sure security method available today involves ensuring that the external Wi-Fi connections to the vehicle are secure.  After the initial Jeep hack, Chrysler secured the Wi-Fi connection that made the hack possible and issued a recall for all at-risk vehicles.  Problem solved?  Well, no, because a few years later Charlie and Chris were again able to hack into a Jeep vehicle even after the recall through a different open connection.  Sigh.

In the meantime, all we can do is hope that car manufacturers will put as much emphasis on vehicle security as they do on heated and cooled seats.

Want to learn more?  Check out these links:

http://illmatics.com/carhacking.html

https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/

https://medium.freecodecamp.org/hacking-cars-a-guide-tutorial-on-how-to-hack-a-car-5eafcfbbb7ec

Thank you to the TELEGRID team for spending countless hours in the car listening to my country music and to Charlie Miller and Chris Valasek – not all super heroes wear capes.

Thanks for reading and that’s the buzz from the B-hive.

B

The post THE B-HIVE: Hacking the CAN Bus appeared first on TELEGRID.

TELEGRID recently completed a review by an Institutional Review Board (IRB) for a test involving biometrics.  An IRB is an ethics board that approves and monitors research involving human subjects – think of drug trials for the Food and Drug Administration.  In fact when our Government customer first asked us to go before an IRB I replied, “Why?  I am not putting shampoo in anyone’s eyes.”  However, since we were collecting biometrics from human subjects we were required to speak to an IRB about how we intended to protect the subjects’ information from data leakage.

Aside from the mountain of paperwork, the process was fairly painless and we were deemed exempt based on the type of data we were collecting, the level of security we maintain at our offices, and our ability to maintain subject anonymity.  While I agree with the type of data and cybersecurity controls being a basis for exemption, past studies have raised doubts about the ability to protect anonymity in machine learning.

For instance, in 2006, researchers from the University of Texas at Austin were able to identify Netflix users by matching a database of anonymous users’ movie preferences with users who publicly entered movie ranking on IMDb.  Anonymity was challenged again in 2013 when a Harvard professor identified 40% of a sample of anonymous participants in the Personal Genome Project.  While both studies relied on a secondary dataset, which may not always be available, they did show that it is possible to identify subjects in anonymous databases.

To protect anonymity in machine learning researchers have been working on a new technique called Differential Privacy.  Differential Privacy allows machine learning algorithms to arrive at the same conclusion whether or not a subject is included in the input data set.  To explain it we will use the classic example of a pollster asking a subject which political party they voted for.  If the pollster collected other data, which can be cross referenced to a public database, it is possible to identify the subject and their voting history.  To institute Differential Privacy we would instead ask the subject to flip a coin, and based on the result, either tell the truth or lie about who they voted for.  Using statistics it is possible to extract the ‘noise’ of the coin flip.

In short, Differential Privacy is the controlled injection of noise into a data sample to provide a subject with the ability to plausibly deny that they gave a specific response.

Differential Privacy is still in its infancy, and requires a larger data set in order to overcome the injected noise, but it is currently the most promising option we have to protect anonymity in machine learning. If you would like to learn more about Differential Privacy I would suggest starting with this episode from the podcast This Week in Machine Learning & AI.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post How to Protect Anonymity in Machine Learning appeared first on TELEGRID.

Secure Your “AI Supply Chain”^TM

Machine Learning, like any other piece of software, suffers from garbage in, garbage out.  Take the classic example of an image classifier that is designed to identify a bus.  What happens if you start to feed it pictures of giraffes and label them buses?  I mean they are both yellow and black right?  Turns out the machine will start to look at pictures of giraffes and call them buses.

Mislabeled data is one of the biggest Adversarial AI attacks.  By feeding in incorrect data adversaries can trick machines into falsely classifying images.  How many false positives must an operator see before they stop paying attention?

Messing up an algorithm is concerning but tricking it to perform an action is very dangerous.  This is called an enchanting attack and was highlighted in a recent post by Google and UC Berkley researchers.  These researchers manipulated data to force a Reinforcement Learning (RL) algorithm to purposefully lose a video game.  Imagine if an adversary could use this method to cause a robotic tank to purposefully fire on its own forces.

To mitigate this threat we need to actively focus on our AI supply chain like we do with our hardware supply chain.  Before you buy a Machine Learning product ask the company where its training data comes from.  Is it crowdsourced, meaning anyone can label the data and put in a Trojan horse?  If it is built by a team of professionals what country are they located in?  We need to remember that labelled data is to Machine Learning what microchips are to hardware.

Click to Subscribe

Know Your Algorithms

While the bus/giraffe example is a little simplistic the truth is that we often do not know what machine learning is focusing on.  In a study at UCI, students were asked to use Machine Learning to differentiate between a wolf and a husky.  When they pulled back the covers they realized that it was the snow in the background that was actually the main classifier.  Another study found that when trying to identify traffic lights it was actually the arm of the traffic light separating the sky from the ground that was the main classifier.  So if a picture of the horizon was passed into the algorithm it would also return the term traffic light.

To mitigate this threat we must know our algorithms.  Indeed the Defense Advanced Research Projects Agency (DARPA) has started to do a lot of work in this area.  By understanding what it is that AI is using to make its decisions we can not only decide if the decision has merit, but also how Adversarial AI can manipulate it.

Admiral Michael Rogers, the director of the NSA, made an interesting related point at a hearing before the Intelligence Committee.  “With the power of machine learning, artificial intelligence and big-data analytics, data concentrations now increasingly are targets of attraction to a whole host of actors.”  While the simplest reaction to this comment is to secure all data that is not always practicable.  However, if we know what patterns our AI is looking for, we will know what data must be protected.

At the moment Adversarial AI is confined to experiments where the researchers control the data, the algorithm and the RL reward.  Despite that, there is enough research to be concerned and it is justifiable for our leadership to ask questions.  In my opinion though we should not be looking at our enemies but rather ourselves.  Adversarial AI can be mitigated but first we must take the time to better understand our own AI by understanding its data inputs and the algorithms that use that data.

Click to Subscribe

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Adversarial AI and Mitigation Methods appeared first on TELEGRID.

As any James Bond fan knows, forged passports are a problem.  For example, a recent Reuters article detailed how Kim Jong-il and Kim Jong-un of North Korea allegedly used a Brazilian passport to obtain visas from foreign countries.  To combat this threat e-Passports were developed over a decade ago and since 2015 the US has required them from countries on the visa-waiver list.

e-Passports include a chip containing electronic information that matches the physical information on a passport.  To prevent forged passports, the information on this chip is digitally signed by the issuing country’s Certificate Authority (CA).

Click to Subscribe

The digital signing process involves hashing the electronic passport data and then encrypting that hash with the CA’s private key.  Software then decrypts the signature with the CA’s public key and compares the result to its own hash of the passport data.  The only way these two values would match is if the signature was created from a matching public-private key pair.  For more information on how digital signatures work watch our video tutorial on Public Key Infrastructure (PKI).

Even though CBP is checking that the electronic and physical information match, there is no way to guarantee that both are not fake if the digital signature is not verified.  This leaves our border open to forged passports.

In a 2010 report the Government Accountability Office (GAO) gave the two main reasons why CBP is not checking digital signatures.

1) “A database needs to be established and populated with the digital certificates needed to fully validate the digital signatures that can be accessed by CBP inspection workstations at the ports of entry.”

2) “CBP needs to develop and implement functionality on its inspection workstations to access the database.”

The first issue could be resolved by accessing the ICAO Public Key Directory (PKD) and downloading the CA certificates.  The International Civil Aviation Organization (ICAO) specifically created the PKD as a central repository for countries to exchange information required to validate e-Passports.

Click to Subscribe

The second issue I do not believe is a question of a software upgrade since checking digital signatures is a standard process.  Rather, I believe it is the time to access the certificate database and perform revocation checking.  This is similar to the issue the retail sector had when chip based credit cards were introduced.  Considering how many people CBP has to clear each day I understand the concern.  However, there are solutions available.  To speed up revocation checking CBP can create local CRLs or OSCP responders that are updated daily.  This is similar to the approach the US Army takes with revocation checking on its tactical networks.

At the end of the day, these are not difficult problems and I expect CBP to solve them quickly – most likely by contacting TELEGRID (hint, hint).

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication, and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post Forged Passports, CBP and Digital Signatures appeared first on TELEGRID.

I know, I know, everybody loves a post about NIST guidelines. However, we thought this post was necessary due to the interest we received from our white paper detailing the updated NIST 800-63 and the number of views the accompanying video has received on youtube, which broke the record for most views of a non-cat, NIST video.

To give a brief background, the updated NIST 800-63 separates digital identity into Identity Assurance Level (IAL), Authenticator Assurance Level (AAL) and Federated Assurance Level (FAL). Within each Assurance Level, NIST defines 3 risk levels. The higher the level of risk the more restrictions that are placed on the organization (e.g., in-person vetting, multi-factor authentication, Holder of Key, etc.).

The main question that we receive from customers is, “How do I determine which Assurance Level applies to my organization?”

The NIST guidelines provide flow charts to help determine assurance level by judging risk on a scale of low, medium and high. If an organization judges any of the risks to be high (or medium for risk to Personal Safety) the Assurance Level is IAL3, AAL3 or FAL3 resulting in large IdAM changes for the organization.

Click to Subscribe

The problem with judging risk is that it is subjective. If asked to take the risk of financial loss or criminal violation wouldn’t we be risk-averse and select high? To alleviate this issue the guidelines point to NIST 800-30 which was designed to help organizations perform risk assessments in a more analytical manner.

While reviewing the 800-30 guidelines we were struck by a few core differences which we believe highlights NIST’s tougher approach to identity risk.

During a risk assessment NIST 800-30 guides organizations to view all elements of risk including threat, vulnerability and impact. However, NIST 800-63, “asks agencies to look at the potential impacts of a federation failure. In other words, what would occur if an unauthorized user could compromise an assertion?”

The reason this is important is that by focusing on impact without threat and vulnerability, organizations disregard several key points. For instance judging threat includes an assessment of who has the capability to perform the attack and do they have the desire to do so. Additionally judging vulnerability includes an assessment of existing security controls which may prevent the attack. Both threat and vulnerability serve to tamper the impact of an attack. If we only look at impact we will most likely take a tougher approach.

Click to Subscribe

Another example is the number of risk categories. NIST 800-30 recommends 5 risk categories with semi-quantitative values for each (e.g., Very High is 96-100 while High is 80-95). NIST 800-63 only has 3 categories, or 2 for Personal Safety. This reduces granularity and leads to the selection of higher Assurance Levels.

What is the reason for NIST’s tougher approach to identity risk? Perhaps it is that for all of the fear of hackers cracking firewalls, the DBIR proves that the majority of attacks are still due to stolen credentials and privilege misuse. By creating a subjective risk assessment model that skews towards higher Assurance Levels, perhaps NIST is telling organizations that they should invest more heavily in IdAM security. Perhaps organizations should pay attention.

Eric Sharret is Vice President of Business Development at TELEGRID.  TELEGRID has unique expertise in secure authentication, PKI, Multi-Factor Authentication (MFA) and secure embedded systems.

Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc.  TELEGRID Technologies, Inc. will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use.  All information is provided on an as-is basis.

The post NIST’s Tougher Approach to Identity Risk appeared first on TELEGRID.