Digital Identity Testbed
https://go.ratio.exchange/opps/challenge.cfm?i=C802E970-3DCE-47C4-9932-0CFC8C3041AC
Purpose
The Department of Homeland Security (DHS) HSWERX pilot innovation hub, a partnership between the DHS Science and Technology Directorate (S&T) and DEFENSEWERX (DWX), will host a Collaboration Event (CE) to identify needs and define requirements for a testbed to evaluate capabilities that would detect, deter, and mitigate digital attacks on remote identity proofing technologies and processes. The purpose of the CE is to identify current limitations and ideate mechanisms to overcome limiting factors. During this open forum, participants from government, industry, academia, and national laboratories will consider specific challenge areas and develop potential paths forward with actionable plans for implementation.
- It is unclear from these statements but this effort seems to be focused on the first of the potential benefits of the testbed.
- Detecting weakness from outside attack. Create a tool for a red team to try to attack Digital Identity Ecosystems. (see wiki page Digital Forensics)
- Improving the experience of the users. Make the existing solutions work better for their intended audience.
Objective
DHS is interested in strengthening mechanisms to enable remote identity proofing capabilities. To support this objective, DHS is interested in developing test and evaluation capabilities to better understand types of digital attacks on remote identity proofing capabilities as well as assess mechanisms to detect and mitigate attacks. The testing capability should evaluate remote identity proofing functional components in isolation and as they operate in response to a particular scenario. Possible functional proofing and attack detection components may include device authentication, active configuration probes or heuristics, interactive analysis of sensor/device data, or the user’s behavioral profile/history. Ideally, the testbed would be able to test the performance of functional components, simulate attacker behavior and understand defenses such as supervised interventions, rate limits, and sensor integrity. The focus of this testing is on emerging digital attacks such as deepfakes, use of virtual cameras, etc. The testbed should include appropriate safeguards to permit working with real and synthetic identity data. The user is expected to bring their own device used in the identity proofing workflow.
Background
Digital attacks against identity are becoming increasingly common and the cost and complexity of creating or altering digital content is declining with emerging tools. Understanding these threats requires a test environment capable of making these data flows observable and enabling the assessment of attack and detection methods.
Why You Should Participate
The Collaboration Event is designed to provide insights to ensure that potential partners understand the problem set(s) fully and to increase the likelihood of matching their technologies with end user needs. This CE is also an opportunity for attendees to network and form partnerships that may provide a more comprehensive solution.
Following the CE, a subsequent Assessment Event (AE) may be initiated to analyze innovative solutions.
For event-related questions, please contact Kinsey Crim, kcrim@defensewerx.org