U.S. flag

An official website of the United States government, Department of Justice.

Dot gov

The .gov means it’s official.
Federal government websites always use a .gov or .mil domain. Before sharing sensitive information online, make sure you’re on a .gov or .mil site by inspecting your browser’s address (or “location”) bar.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

A Multi-Modal Neuro-Physiological Investigation of User-Centered Security

Award Information

Award #
2016-R2-CX-0001
Location
Awardee County
Jefferson
Congressional District
Status
Closed
Funding First Awarded
2016
Total funding (to date)
$49,997

Description of original award (Fiscal Year 2016, $49,997)

As submitted by the proposer: The security of computer systems often relies upon decisions and actions of end users -a principle sometimes referred to as "human in the loop". User behavior when faced with security tasks can therefore directly or indirectly impact the overall security of the system. In this light, it is vital to understand users' behavior when subject to such tasks. A large volume of prior research in the field of user-centered security has mostly focused on users' task performance (i.e., how well, or poorly, users perform the tasks) but did not explore the inner workings of users' underlying behavior (i.e., how users process the tasks). In this proposal, we set out to investigate users susceptibility to cyber criminal attacks by concentrating at the most fundamental component governing user behavior the human brain. We introduce a novel neuroscience-based study methodology to inform the design of user-centered security systems as it relates to cyber crime. This proposed work is based on our two accomplished studies of phishing detection and malware warnings, one using fMRI (functional Magnetic Resonance Imaging) and the other using EEG (electroencephalography) and eye tracking. We outline our planned fNIRS (functional Near-Infrared Spectroscopy) study especially focusing on difference in neural activations while users view real and fake artifacts, and an automated detection of real and fake artifacts (e.g detection of real and fake websites) based on subconscious neural differences. Finally, we discuss the broader impacts and implications of our work to the field of user-centered security, including the domain of security education, targeted security training, and security screening. Our work is well-aligned with President Obama's BRAIN initiative, and hopes to enhance people's cyber health, safety and well-being in the long-run with an inter-disciplinary venture cutting across Computer Science, Psychology and Neuroscience.

Note: This project contains a research and/or development component, as defined in applicable law.
ca/ncf

Date Created: August 1, 2016