The Rise of iWar: Identity, Information, and the Individualization of Modern Warfare

During a decade of global counterterrorism operations and two extended counterinsurgency campaigns, the United States was confronted with a new kind of adversary. Without uniforms, flags, and formations, the task of identifying and targeting these combatants represented an unprecedented operational challenge for which Cold War era doctrinal methods were largely unsuited. This monograph examines the doctrinal, technical, and bureaucratic innovations that evolved in response to these new operational challenges. It discusses the transition from a conventionally focused, Cold War-era targeting process to one optimized for combating networks and conducting identity-based targeting. It analyzes the policy decisions and strategic choices that were the catalysts of this change and concludes with an in depth examination of emerging technologies that are likely to shape how this mode of warfare will be waged in the future.https://press.armywarcollege.edu/monographs/1436/thumbnail.jp

Unfamiliar face recognition : Security, surveillance and smartphones

A person’s ability to recognize familiar faces across a wide range of viewing conditions is one of the most impressive facets of human cognition. As shown in Figure 1, it is easy to conclude, for a known individual, that each image in the set shows the same person (British Prime Minister David Cameron), despite a wide range of variation in viewing angle, physical appearance, camera and lighting. In fact, familiar face recognition performance is often at or near ceiling level, even when the images are of poor quality [1] or artificially distorted. [2] At first glance, the aptitude for familiar face recognition may suggest a similar level of expertise for the recognition of unfamiliar faces, thus the reliance on face-to-photo ID for identity verification. [3] This is not the case, as recent research shows people are surprisingly poor at recognizing new instances of an unfamiliar person. The poor recognition of unfamiliar faces is a concern for the United States. Many preliminary screenings involve facial recognition by security agents. In order for this method to be effective, more robust training for security agents needs to be established. The Department of Defense utilizes facial and iris recognition technologies in order to eliminate human error in identifying persons of interest during surveillance operations. [4] DoD guidelines should be implemented by security agent guidance programs to ensure best practices in identification of potential threats

U.S. Military Innovation In The 21st Century: The Era Of The “Spin-On”

The intersection between the U.S. military and technological innovation, a “military-innovation nexus,” has led to the genesis of key technologies, including nuclear energy, general computing, GPS, and satellite technology from World War II to the present. However, an evolving innovation context in the twenty-first century, including the leadership of the commercial sector in technology innovation and the resurgence of great power competition, has led to doubts about the ability of the Department of Defense to discover and promote the technological innovations of the future. The Third Offset Strategy was formulated in 2014 in response to these concerns: The offset strategy promulgated reforms to bring the Pentagon and the commercial sector closer together while creating alternative contracting mechanisms for streamlined procurement and prototyping. Using defense biometrics and artificial intelligence as case studies of spin-on innovations adopted by the military, this Article seeks to understand the efficacy of the reforms undertaken under the auspices of the Third Offset Strategy to improve the institutional underpinnings of the U.S. innovation system for national security. I argue that the Third Offset Strategy has allowed the Pentagon to more effectively procure, develop, and field commercial technologies in the twenty-first century, and I conclude by proposing modest recommendations for the successful acquisition of spin-on innovations

Defense Biometrics: Additional Training for Leaders and More Timely Transmission of Data Could Enhance the Use of Biometrics in Afghanistan

A letter report issued by the Government Accountability Office with an abstract that begins "The Department of Defense (DOD) has trained thousands of personnel on the use of biometrics since 2004, but biometrics training for leaders does not provide detailed instructions on how to effectively use and manage biometrics collection tools. The Office of the Secretary of Defense, the military services, and U.S. Central Command each has emphasized in key documents the importance of training. Additionally, the Army, Marine Corps, and U.S. Special Operations Command have trained personnel prior to deployment to Afghanistan in addition to offering training resources in Afghanistan. DODs draft instruction for biometrics emphasizes the importance of training leaders in the effective employment of biometrics collection, but existing training does not instruct military leaders on (1) the effective use of biometrics, (2) selecting the appropriate personnel for biometrics collection training, and (3) tracking personnel who have been trained in biometrics collection to effectively staff biometrics operations. Absent this training, military personnel are limited in their ability to collect high-quality biometrics data to better confirm the identity of enemy combatants.

Technological Leap, Statutory Gap, and Constitutional Abyss: Remote Biometric Identification Comes of Age

Federal interest in using facial recognition technology (“FRT”) to collect, analyze, and use biometric information is rapidly growing. Despite the swift movement of agencies and contractors into this realm, however, Congress has been virtually silent on the current and potential uses of FRT. No laws directly address facial recognition—much less the pairing of facial recognition with video surveillance—in criminal law. Limits placed on the collection of personally identifiable information, moreover, do not apply. The absence of a statutory framework is a cause for concern. FRT represents the first of a series of next generation biometrics, such as hand geometry, iris, vascular patterns, hormones, and gait, which, when paired with surveillance of public space, give rise to novel questions of law and policy. These technologies constitute what can be termed Remote Biometric Identification (“RBI”). That is, they give the government the ability to ascertain the identity (1) of multiple people, (2) at a distance, (3) in public space, (4) absent notice and consent, and (5) in a continuous and on-going manner. RBI fundamentally differs from what can be understood as Immediate Biometric Identification (“IBI”)--i.e., the use of biometrics to determine identity at the point of arrest, following conviction, or in conjunction with access to secure facilities. IBI, in contrast, tends to be focused (1) on a single individual, (2) close-up, (3) in relation either to custodial detention or in the context of a specific physical area related to government activity, (4) in a manner often involving notice and often consent, and (5) is a one-time or limited occurrence. The types of legal and policy questions raised by RBI significantly differ from those accompanying IBI. In the absence of a statutory framework, we are driven to Constitutional considerations, where the Court’s jurisprudence proves inadequate as a way of addressing the concerns that present in the realm of RBI. The Fourth Amendment’s guarantee to protection against unreasonable search and seizure and the probable cause requirement for the issuance of warrants; the Fifth Amendment’s right against self-incrimination; the First Amendment’s protection of speech and assembly; and the Fifth and Fourteenth Amendments’ due process protections fail to account for the way in which such measures fundamentally challenge the current norms. The article calls for Congressional action and a judicial framing commensurate with the threat posed by these new and emerging technologies

Securing Cloud Storage by Transparent Biometric Cryptography

With the capability of storing huge volumes of data over the Internet, cloud storage has become a popular and desirable service for individuals and enterprises. The security issues, nevertheless, have been the intense debate within the cloud community. Significant attacks can be taken place, the most common being guessing the (poor) passwords. Given weaknesses with verification credentials, malicious attacks have happened across a variety of well-known storage services (i.e. Dropbox and Google Drive) – resulting in loss the privacy and confidentiality of files. Whilst today's use of third-party cryptographic applications can independently encrypt data, it arguably places a significant burden upon the user in terms of manually ciphering/deciphering each file and administering numerous keys in addition to the login password. The field of biometric cryptography applies biometric modalities within cryptography to produce robust bio-crypto keys without having to remember them. There are, nonetheless, still specific flaws associated with the security of the established bio-crypto key and its usability. Users currently should present their biometric modalities intrusively each time a file needs to be encrypted/decrypted – thus leading to cumbersomeness and inconvenience while throughout usage. Transparent biometrics seeks to eliminate the explicit interaction for verification and thereby remove the user inconvenience. However, the application of transparent biometric within bio-cryptography can increase the variability of the biometric sample leading to further challenges on reproducing the bio-crypto key. An innovative bio-cryptographic approach is developed to non-intrusively encrypt/decrypt data by a bio-crypto key established from transparent biometrics on the fly without storing it somewhere using a backpropagation neural network. This approach seeks to handle the shortcomings of the password login, and concurrently removes the usability issues of the third-party cryptographic applications – thus enabling a more secure and usable user-oriented level of encryption to reinforce the security controls within cloud-based storage. The challenge represents the ability of the innovative bio-cryptographic approach to generate a reproducible bio-crypto key by selective transparent biometric modalities including fingerprint, face and keystrokes which are inherently noisier than their traditional counterparts. Accordingly, sets of experiments using functional and practical datasets reflecting a transparent and unconstrained sample collection are conducted to determine the reliability of creating a non-intrusive and repeatable bio-crypto key of a 256-bit length. With numerous samples being acquired in a non-intrusive fashion, the system would be spontaneously able to capture 6 samples within minute window of time. There is a possibility then to trade-off the false rejection against the false acceptance to tackle the high error, as long as the correct key can be generated via at least one successful sample. As such, the experiments demonstrate that a correct key can be generated to the genuine user once a minute and the average FAR was 0.9%, 0.06%, and 0.06% for fingerprint, face, and keystrokes respectively. For further reinforcing the effectiveness of the key generation approach, other sets of experiments are also implemented to determine what impact the multibiometric approach would have upon the performance at the feature phase versus the matching phase. Holistically, the multibiometric key generation approach demonstrates the superiority in generating the bio-crypto key of a 256-bit in comparison with the single biometric approach. In particular, the feature-level fusion outperforms the matching-level fusion at producing the valid correct key with limited illegitimacy attempts in compromising it – 0.02% FAR rate overall. Accordingly, the thesis proposes an innovative bio-cryptosystem architecture by which cloud-independent encryption is provided to protect the users' personal data in a more reliable and usable fashion using non-intrusive multimodal biometrics.Higher Committee of Education Development in Iraq (HCED

Security Issues in Cloud based e-Learning Part 5(Security Management Standards)

In this part , Security standards are explored, hence all can be aware with available standards

PERSONALISING INFORMATION SECURITY EDUCATION

Whilst technological solutions go a long way in providing protection for users online, it has been long understood that the individual also plays a pivotal role. Even with the best of protection, an ill-informed person can effectively remove any protection the control might provide. Information security awareness is therefore imperative to ensure a population is well educated with respect to the threats that exist to one’s electronic information, and how to better protect oneself. Current information security awareness strategies are arguably lacking in their ability to provide a robust and personalised approach to educating users, opting for a blanket, one-size-fits-all solution. This research focuses upon achieving a better understanding of the information security awareness domain; appreciating the requirements such a system would need; and importantly, drawing upon established learning paradigms in seeking to design an effective personalised information security education. A survey was undertaken to better understand how people currently learn about information security. It focussed primarily upon employees of organisations, but also examined the relationship between work and home environments and security practice. The survey also focussed upon understanding how people learn and their preferences for styles of learning. The results established that some good work was being undertaken by organisations in terms of security awareness, and that respondents benefited from such training – both in their workplace and also at home – with a positive relationship between learning at the workplace and practise at home. The survey highlighted one key aspect for both the training provided and the respondents’ preference for learning styles. It varies. It is also clear, that it was difficult to establish the effectiveness of such training and the impact upon practice. The research, after establishing experimentally that personalised learning was a viable approach, proceeded to develop a model for information security awareness that utilised the already successful field of pedagogy and individualised learning. The resulting novel framework “Personalising Information Security Education (PISE)” is proposed. The framework is a holistic approach to solving the problem of information security awareness that can be applied both in the workplace environment and as a tool for the general public. It does not focus upon what is taught, but rather, puts into place the processes to enable an individual to develop their own information security personalised learning plan and to measure their progress through the learning experience.Ministry Of Higher Education Malaysi

EU Privacy seals project: Challenges and Possible Scope of an EU Privacy Seal Scheme. Final Report Study Deliverable 3.4

The objective of this report is focus on the challenges of implementing an effective EU privacy seal and its possible scope. It returns the focus to privacy and data protection, and presents further groundwork to feed into Task 4 of the Study (Proposals and evaluation of options for an EU-wide privacy seals scheme). Where relevant, research results and analyses of Tasks 1 and 2 are used. First, the report assesses the gaps in current privacy seal sector. Next, it highlights the advantages of, priorities for and possible scope of an EU privacy seal scheme. Eventually, four case studies (CCTV systems, cloud services, smart metering systems and biometric systems) illustrate the possible scope of an EU privacy seal scheme and demonstrate whether an EU privacy seals scheme would bring any added value to privacy and data protection.JRC.G.6-Digital Citizen Securit