Tag Archive for: ‘put

New algorithm helps BYU team put best face forward in security | Education

/in


A group of students and professor Dr. D.J. Lee at BYU have come together to build an algorithm that could possibly bring two-factor authentication to facial recognition technologies in everything from cell phones to surveillance systems.

The project started almost two years ago as Lee and some students tried to think of an interesting research project. The group started looking into facial motion and how it could be analyzed.

That evolved into seeing if students are paying attention in class and it eventually morphed into improved security for facial recognition with the use of facial motion.

With the world of security constantly changing and hackers adapting to those changes, Lee acknowledged that nothing is perfect in terms of security.

“Fingerprinting is easy to do and people even make fake fingerprints,” Lee said. “The most common one is facial recognition and the biggest problem is, all of these can be used when the user is not aware. When you’re sleeping or unconscious, someone could use your biometrics to get into the system. It’s difficult, people come up with all kinds of ideas to hack into the system.”

He added that a company in Japan makes facial masks that look like people and some access social media pages to unlock devices needing facial recognition. Even algorithms can be fooled by photos and this technology can address the biggest concern, which is unintentional identity verification.

Two-factor authentication is not new technology, as companies like Apple and social media apps use it to verify someone’s identity, but integrating it into facial recognition is.

Lee said it is called Concurrent Two-Factor Identity Verification.

“Meaning you show your face and make the facial motion just once, you don’t have to do it twice,” Lee said. “With the facial motion, if people want to use your photo they cannot fool the system since the photo is not moving.”

The technology first uses facial recognition and then a secret phrase is mouthed, a movement with one’s lips is made, or a facial motion is made to satisfy the second step of authentication.

Even if a video is used, the chances of that video matching the secret facial…

Source…

Have we put too much emphasis on protecting the network?

/in


Recently, much of the cybersecurity commentary and blogs have talked about new approaches for protecting the network, especially beyond the perimeter. For the past few years, the industry has focused on conditional access (i.e., identity as the new perimeter) and even zero trust.

protecting the network

We talk about the perimeter becoming porous and traditional “network” defenses — like firewalls — as no longer being effective. The trend is for our discussions to take on a verbal shorthand and presume that everyone understands what we mean when we talk about protecting the network, beyond the perimeter.

Let’s take a step back and look afresh at what we are trying to convey. Our focus is not solely on protecting the network. The “network” is really the plumbing that all of our interconnected devices, applications, data, and resources rely on, and through which we pass instructions and information.

In many ways the network is a utility of pathways, mapped so that we can pass those instructions and information effectively. Like a utility, we expect it to be available as needed, and while it should be maintained and yes, even protected, our shorthand of protecting the network has obfuscated the real targets of what we should be protecting and the controls for providing that protection.

We should throttle back the shorthand phrase of protecting the network and actually talk about protecting the application, data, and resources that we rely on in today’s environment of information technology. This means understanding what those targets really are, the value of those targets, and being able to manage and control access to those targets. This is not novel or brilliant — in fact it is the basis of the Center for Internet Security’s Top 20 Critical Security Controls.

For years, we have focused on the basic concepts — the assets we want to protect should be known, have an identity, be a part of managed inventory, be monitored, and be controlled by strong authentication and authorization rules. Additionally, trust cannot and should not be assumed by any asset of any other asset, person, or resource. This is really the definition of zero trust. We have to focus our controls as…

Source…

Defence secretary puts £22m into cyber centres to ‘put the Army at the forefront of information warfare’ – PublicTechnology

/in
  1. Defence secretary puts £22m into cyber centres to ‘put the Army at the forefront of information warfare’  PublicTechnology
  2. UK pledges £22m for new cyber warfare centres  NS Tech
  3. Defence Secretary commits £22m to fund Army cyber operations centres  IT PRO
  4. UK vows to retaliate against Russian hacking  Business Standard
  5. Armed Forces to get £22m for new cyber operations centres as part of £1.9bn digital defence strategy  Plymouth Live
  6. View full coverage on read more

“cyber warfare news” – read more