IDENTIFICATION, AUTHENTICATION…LOYALTY!..
IVANOV Vitaly Viktorovich
IDENTIFICATION, AUTHENTICATION…LOYALTY!
The work examines one of the promising areas of development of access control systems, related to checking the loyalty of enterprise personnel.
In the modern world, there is a constant increase in threats to enterprise security. In the broadest sense, threats can be divided into external, associated with the violation of enterprise security boundaries, and internal, associated with the negligence or deliberate actions of enterprise personnel. Existing physical security systems are aimed at eliminating both external threats (perimeter protection, access control, network connection protection, encryption of data transmitted over the network, encryption of data on disks) and internal threats (access control to premises, workstations, etc.). However, even the most advanced physical security systems ultimately do not ensure enterprise security, since there are still people who, by the nature of their work, are associated with confidential data or have access to material assets. For example, the results of research conducted by the Computer Security Institute indicate that in 55% of cases of loss of confidential information, the cause is unintentional personnel errors. The actions of dishonest and offended colleagues account for 19% of cases. And only 26% of cases are associated with power supply problems, viruses, external attacks and natural disasters. Therefore, the greatest threat to the safety of the enterprise is posed by the people who work there.
One of the attempts to combat the threats posed by personnel is the enterprise security service, whose tasks include monitoring personnel in order to assess their loyalty. Moreover, many commercial firms, when hiring personnel, readily resort to the services of psychologists to screen out “psychologically dangerous” individuals. For the same purpose, employees of recruiting agencies are trained in special interview techniques with applicants. However, sad statistics indicate the obvious inadequacy of such measures.
The ability to constantly check loyalty at the level of the access control subsystem of the enterprise's physical security system can significantly reduce the enterprise's risks associated with personnel. However, the task of creating a psychological portrait of a person, assessing his loyalty still does not have adequate methods for solving within the framework of physical security systems.
In general, the problem of detecting lies or insincerity in human behavior has a fairly long history. All such checks are based on the well-established fact that a person's physical condition is largely determined by his emotional state.
The study of the human psyche using experimental methods is the field of activity of experimental psychology, which emerged as an independent scientific discipline at the end of the 19th century. Thus, already in 1883, the English psychologist F. Galton developed the theoretical foundations of testing: the use of a series of identical tests on a large number of individuals, statistical analysis of the results, and the identification of standards of assessment.
Nowadays, there are countless psychological tests that allow one to evaluate professional suitability, personal characteristics of the test subject, his emotional state, etc. Common to all testing methods is that initially the test subject is presented with some stimulus (for example, a task to perform some actions, a question, a drawing, etc.) and then his response is recorded. It is clear that at the moment of awareness of the stimulus, it will be remembered and subsequently, during repeated tests, habituation will occur, which will reduce the reliability of the test results. For example, a lie detector (polygraph) is most effective if the person who is tested on it believes that this device cannot be deceived.
In a very simplified way, two levels can be distinguished in human consciousness. Firstly, the subconscious, which perceives all incoming information, and secondly, the consciousness itself, i.e. the mind. In these terms, a lie is a product of the activity of consciousness. At the subconscious level, an emotional assessment of the stimulus is formed, i.e., exactly what should be recorded in the process of testing to determine the true motives of human activity.
Therefore, in the process of constant operational testing of personnel to determine their attitude to the enterprise (loyalty), stimuli should be presented to the subconscious of the subject. The methods that allow this to be done include, for example, the much-talked-about “25th frame”. Its essence is that the human brain is capable of relatively critically and meaningfully perceiving visual information at a speed of 24 frames per second. Each additional frame, intentionally added to this sequence and differing in meaning from the others, is a direct impact on the subconscious. A number of different experiments have proven that, despite the fact that the stimulus itself is not perceived by the subject during testing, it nevertheless influences his actions [1].
This method of presenting a stimulus to the subconscious is the basis of the hardware and software complex “MindReader 2.0™”, developed by a team led by Academician of the Russian Academy of Natural Sciences I.V. Smirnov [2]. In this complex, implemented on the basis of a personal computer, during testing the subject is presented with a key word for a very short time, which most significantly characterizes the topic under study, which is then erased with a special mask — an arbitrary set of symbols that do not have a semantic load. The time interval from the moment the word is shown to the moment the user presses a certain key on a special remote control is recorded. The testing time is about 30 minutes on 20 topics. It is clear that the daily use of such methods in the conditions of a real enterprise is difficult. Not only because spending 30 minutes of working time on assessing loyalty is quite wasteful, but also for a number of moral and ethical issues. However, given that the goal of such studies is not so much to prevent threats as to identify the circle of people psychologically capable of causing damage to the enterprise's activities, it seems reasonable to introduce such technologies into the access control system.
Fig. 1. Block diagram of the algorithm for the operation of the user identification device
to assess his loyalty
Technically, it is not difficult to organize such testing if the enterprise has an access control system that uses special code-setting devices, combined, for example, with proximity card readers, with a graphic information board and the ability to randomly place numbers on the keyboard. The block diagram of the algorithm for the operation of such a device is shown in Fig. 1.The keyword is supposed to be a pictogram as a brighter and more unambiguous stimulus. Subsequently, based on the data on the topic and the corresponding reaction time, a data array is created, with the help of which an assessment of the loyalty of a specific user is formed. The ability to randomly place numbers on the keyboard is necessary for several reasons. Firstly, the user will not develop an automatic skill for entering a pin code. Secondly, the use of such devices increases the system's resistance to hacking by spying on the user's movements when entering a pin code.
Considering that during the working day each employee passes through the checkpoint of the enterprise at least twice, it is possible to organize the collection of the necessary statistics for a certain, sufficiently long, period of time. Identification of stable signs of possible «disloyal behavior» will allow to form a risk group, thereby significantly increasing the efficiency of the security service in preventing violations of labor discipline of the enterprise. Moreover, information that the enterprise uses a set of such means can serve as a powerful deterrent (a kind of «placebo» effect) for potential intruders.
Creating systems that allow monitoring personnel loyalty will require significant efforts of a number of specialists in various fields of science and technology. However, the realities of today are such that the relevance of such systems is beyond doubt.
Literature
- Harvey Schiffman. Sensation and Perception. 5th edition. SPb.: Piter, 2003.
- Smirnov I.V. Psychoecology. Moscow: Publishing house “Refrigeration business” with technical assistance from Spetsmontazhstroy-ST”, 2003.