"Good evening everyone, this is Shawn Daugherty again from University Alliance and Florida Tech University online. I'd like to welcome you to tonight's webinar on Security Challenges of Biometric Systems.
Again, I'll be your host this evening. First of all I'd like to go ahead and introduce our panelist Doctor Liam Mayron from the Florida Institute of Technology. Doctor Mayron is the degree chair for our MSIA, which is the Master of Science in Information Assurance and Cybersecurity out of the Harris Institute of Assured Information, just a quick housekeeping rule. We are going to have the presentation talk a little about the school as well as the programs. You have the ability to ask questions, and you can do that throughout the presentation via your chat function. And we will collect those questions and, address those at the end of the presentation. So, with that said, I'm going to go ahead and turn it over to Doctor Mayron. Take it away, Doctor Mayron.
"So we're going to talk about Biometric Systems at a high level and, then go into, a little bit of depth in some of the different, ways that they're being used and, being exploited.
And as Shawn mentioned please type in your questions and we'll, we'll get to them in due course. So let's, let's go for it.
So, first of all let's talk about what Biometrics are. Well, Biometrics are physical and behavioral characteristics that we hope can uniquely identify humans. So a very popular example of biometrics are fingerprints or face recognition. We're going to talk about those as well as a few others. These are typically used for authentication. Because Biometrics are a part of who you are, they're a natural choice to associate you with your identity, or at least who you are claiming to be. And, most interestingly, this is a very active and interdisciplinary area of research. It combines aspects of image processing security information retrieval, even physiology and cognitive science so it brings together people of many diverse backgrounds.
So, a bit of an example of biometrics we're here in sunny central Florida and of course we have a lot of theme parks and, when you go to these theme parks, not only do they ask for your ticket but quite often they ask for your finger print as well. And so this is an interesting and, and practical use of, of biometrics the, the reason that they ask for your fingerprint what I discovered is that they do this to stop reuse of tickets. So they want to associate your ticket with, with who you are so that you can't, say, go to a park for half a day and then give your ticket to someone else. And then they can get in on the, on the same pass.
What's interesting is that people are, are quite ready to give their, their fingerprint and there's not much information available of how this information is actually used and treated. Whether it's how it's stored, how long it's retained what type of protection is, is available. The information that's collected is not associated with your identity, but still associated with a token that you use and, and, you may use, throughout your day there. Another example also at these theme parks, they provide lockers for you to use. In which case your fingerprint is literally your, your key. You use it to get access to a locker to put your sunglasses, and other things while you turn upside-down, in a roller coaster. And then you use it to, to retrieve. When - with these type of systems, they need to be designed in a way that allows people to pass through quickly and doesn't incorrectly deny people, that would be a lot of frustration. So this is an example of a system that has pretty low security requirements and more stringent throughput requirements.
So, let's take a step back and look at identity. So, identity is usually composed of, can be composed of up to three different types of things. So first it's what a person knows. It can be what a person possesses, or who a person is. Their intrinsic characteristics. Well, what a person knows, this is some sort of secret, usually a password. It could also be some other knowledge that you expect only that person to, to possess, what a person possesses, this can be a, a token. This can be a either a security token, a physical key, it can be something like a license, something that you expect the person to possess, that is presenting their identity. Who a person is well this is biometrics. Now what a person knows and what a person possesses, these, well they can be, stolen or forged and they can also be forgotten. Who a person is, is not impossible but it's a bit harder to duplicate it’s harder to forge and certainly more difficult to leave behind. So this is one reason we're interested in biometrics. Another is, it's been show that multifactor identification using two or more of these different modalities provides far more robust security. So you could combine use of a biometric with say, a password and have a system that's quite a bit more secure.
So biometric systems have, at the highest level, two basic functions. Either verification or identification. Verification is simpler. This is when the system tries to answer the question are you who you say you are? So if you go to a, a kiosk or another system and you say my name is Liam. Verify my identity. The system only needs to look up the records it has for who you claim you are and match. Do one comparison and see if, if you should be let in. Identification is more complicated. This is trying to answer the question are you someone who the system previously knew so you're not claiming an identity. This is used more for forensics and different types of investigations where you may have a photo of someone you're not sure who they are but you want to compare their face say to many faces in the database and see if they're a match.
There are many different types of biometrics. These are just a few examples. They can range from fingerprints, palm prints, your face, iris, retina, the ear. Even things like your voice or your signature can be used as biometrics. Gait is the, the locomotion you make when, when you walk. And this can be used to identify people, or at least exclude people, from being that candidate. Hand geometry is, is, biometric. It's quite easy to implement and compute. It's also less unique, vein patterns, even odor and DNA are Biometrics.
So here's an example of a, fingerprint. Fingerprints are one the oldest, Biometrics. They've been used for, for quite a bit over a hundred years in a more traditional law in the past few decades in digital systems. And we're going to go into a bit more depth in fingerprints. Essentially, we're going to look at our different ridges and where they begin, end and split. Here's an infrared print picture of an iris. When we iris Biometrics are one of the strongest. The iris is quite unique. And it's also more challenging to forge. Usually, when we implement iris recognition systems, we use an infrared camera. So that we're not distracted by the, the color of the eye and we can see what we need to see. Here's an example of a gait system. And in this case, it's processing the person. A process called skeletonization, in order to determine the pattern they make when they move. So that's an example of a few biometrics, of course faces are another Biometric and they have some unique characteristics. People are quite willing to have their face photographed. In fact there's sites like Facebook and other ones where you can get access to, to quite a bit of face data. Could also be used from a distance without a person having to have contact with a sensor.
So, when Biometric systems are used, there are 2 different phases. One is the enrollment phase, and the second is the recognition phase. Enrollment, it occurs a first time someone's information is entered in the system. In this case, you'll sample the Biometric features whether it's taking a picture of a face or, some scan of the fingerprint a scan of the eye or something else. Then you'll extract key points a much more compact representation of the trade. So in the case of fingerprint, biometrics the whole fingerprint won't be stored just key points known as minutia. So you'll discard the raw data and keep these key features, and the reason we do that is, there's a few reasons. One is that the raw data takes a much more stored space and we don't need it, and the other is it's much faster to do the comparison of this more compact representation and so that's exactly what we do in the recognition phase. Someone will present themselves to the system, we'll resample the data, extract the features and then comparing it to all our stored data and see which of the stored data is most similar, if any, to the, to the claimed features. And hopefully be able to determine the user's identity.
Biometric systems at the highest level have four different components of course, when we look at an actual implementation there'll be more components but generally we can talk of the system in terms of, the sensor it uses, the feature extraction algorithms, how the database is constructed and the matching component.
So, one area I want to talk in a bit more detail is feature extraction. This is an area with a lot of research interest. And, the purpose here is to generate this template. This compact representation of the biometric trait. In some cases, the feature extraction module, will in, near real time very quickly assess the quality so if the user's still there and the quality of the sample is poor maybe bad lighting condition maybe, there was moisture on the fingers. They were nervous maybe their finger was pressed too hard. It can immediately ask for another sample of better quality. It will segment or just get the, the data that is really relevant and then in some cases enhance it. If there was say, in the case of fingerprints ridges that are obviously broken it may fill them in, in the case of a face it might try to adjust some of the, the parameters of the photo. Matching is the process of comparing what has been presented to the system to something that's stored in the database. And what we want to know is if the, the individual's a genuine match or an impostor. Now, in some cases, you may have a match that's a perfect score. And this is one area where biometrics differ from more traditional areas of, of recognition, like or authentication, like passwords. When you have a password, of course, you want to make sure the password that's entered matches exactly what's known to the system. You don't want someone to get maybe five out of six characters in the password correct and be allowed in. In biometrics, this is different. In fact, if you have an exact match, you may want to be very suspicious of this. It may be indicative of a replay attack or forged or copied credentials. With biometric systems, every time the data is sampled, it's a little bit different. Your fingerprint may be placed in a different location on the sensor. A different angle, a different pressure. Your face will look different every different day, especially over prolonged period of time. Because of this it's a challenge for system designers to tweak their system to have enough tolerance to allow these day to day variations in the biometric traits, but still be a reliable mechanism of security, not to let everyone in.
Though, when we build biometric systems there are two or when we choose biometrics, there's two characteristics that we're really looking for: uniqueness and permanence. We want this to be sufficiently unique. It should be able to distinguish two individuals. With very large biometric databases this is a challenge. The largest biometric database ever constructed, still being built, is in India. They started there with two fingerprints from every individual and they had to go back and actually get all ten fingers from people, because when over a billion people. The two fingerprints were not enough to uniquely identify individuals in that very large pool. So they needed more, more features and they went back and got more, more fingers. The other characteristic is permanence. You want a biometric that won't change too much over time. Some features physical features of humans stay relatively the same for most of our lives, others change sort of for example our nose and ears grow at a linear rate pretty much for our entire lives. Our finger prints remain pretty constant so that's why they are reasonable biometrics. Our irises too recent work that's shown that they do change over time. But some other research says proposed some ways that we can accommodate this.
When we design biometric applications, there's a few things we want to take into consideration. First we want to think about our users. Our user is going to want to, cooperate with the system, or are they going to be non-cooperative? Will the system be deployed overtly, or will it be deployed covertly? In this case, if it's a covert system, you may want a stand-off biometric system, something like face recognition, that can be deployed at a distance. Will the users be habituated, or non-habituated? Is this a system that they will use every day, or is it one that they may use once or few times in their lives? In the latter case, the system has to be much easier for the user to use and require less training. Will the operation be attended or unattended? Will there be a human there. Another person to, to help people. And also will it be controlled or uncontrolled. Do you know where the system is going to be deployed. In the case of uncontrolled operation it makes it quite a bit more challenging. For example, face recognition it's very different to recognize faces in daylight and, and predictable lighting conditions compared to night time or, or different fields, different terrains. And finally, will the system be open or closed? Will it integrate with other components, does it need to use a common data format?
So, here's an example of a, of a fingerprint. Let's talk a bit more detail about this. So fingerprints these are actually composed of, a series of ridges, that, the underside of our fingers and the purpose of these ridges is, two-fold. One is to improve the sensation, improve how we feel things and the other is to provide more friction so that we can grasp things more easily. Others about 20 to 24 ridges per centimeter and the actual ridge flow pattern is a result of random stresses that occur during fetal development. This last point, this is what makes fingerprints a reasonable biometric tool to use. They are until recently have been thought not to be genetic and not to be shared between siblings and relatives. Some more recent research has shed some doubt on this. But in general fingerprints provide reasonable uniqueness and reasonable permanence.
There are different levels of fingerprint recognition. And they're called rather uncreatively, level one, two and three. Most digital systems look at level two features. Level one features is just, is simply the type of pattern on the fingerprint. This is not enough to uniquely identify a person. It may be enough to remove a person from consideration, if you want to narrow down potential identities. Level 2 features are enough to uniquely identify a person. These are composed of the ridges on the fingerprint. Specifically where they terminate and where they split, also bifurcations. We know these locations, called minutia, and then we simply store a list of these minutia. Level three features require a higher resolution censor, a more expensive system, but of course have even better discriminative ability. So a minutia consists of their location image, the direction, and then the type, whether it's an ending or a bifurcation. Now, one interesting thing, if we're just storing the minutia, you can actually potentially derive a fingerprint or at least a pattern that would produce those minutia again. Well, this brings us to the security element. We need to find a way to protect this information. The way this system works is different sets of minutia are compared, and if the difference between these sets is within allowable parameters, then it's considered a match.
So, let's move forward and talk a bit about security threats to biometric systems. Oh, some of these you'll recognize from other systems in general, for example, denial of service can affect many types of, of systems, and biometrics can be a sophisticated remote attack, or it can be as simple as just standing in front of an access point and not moving. Whereas intrusion is a threat to, to systems, unauthorized access, repudiation is another security vulnerability of biometric systems. The purpose of bio, biometrics is to provide good non-reputed authentication. People that use the system should not be able to deny access they've done on the system. And also function creep. So what function creep refers to is using one set of information or data for a purpose it's not intended to. In the case of biometrics, if you use your fingerprints, say, for your bank and your health care records potentially someone who gain unauthorized access to that data could have access to both your bank and your health care records. Even though these are not supposed to be connected.
System attacks to biometric systems can be either insider attacks, or infrastructure attacks. The insider attacks involve humans and these are very dangerous biometric systems cause, due to their nature, these systems require human interaction. It can be intentional or unintentional. These type attacks include collusion, coercion which are similar except for the, the motive. Negligence enrollment fraud. So, in some cases, during the enrollment, this initial introduction of the person to the system someone may pretend to be someone else in order to gain access to their information. Exception of use refers to a mechanism that's required in, in most biometric systems. In some cases, people cannot present their biometrics maybe their fingers just don't register with the system or, or they don't have any. There needs to be a backup mechanism to provide access. Maybe this is showing your ID to a human operator. This is a vulnerability because it, it may be easier to forge an ID card than to forge a biometric and in some cases this has, has been used to circumvent the biometric security mechanism.
Infrastructure attacks are attacks on the hardware and the software of the system. And these can be attacks on the user interface, the system modules, the connections between the system modules or the template database itself. And we're going to go into some detail on tax and the templates. But first let's talk about the user interface. User interface attacks are initiated by, initiated by presenting a biometric to the system. These can involve impersonating someone else, obfuscation - hiding your biometrics or spoofing. In case of spoofing we want to have good spoof detection and this is usually some method of liveness detection really determining that the person presenting the biometrics is actually alive. We can measure someone's pulse, their blood pressure, even their perspiration in the case of fingerprint sensors. For fingerprints, also, the longer you leave your, your finger on the sensor the flatter it gets. So we can look for these things just to make sure that it's your real finger, not a prosthetic or some other forgery. In the case of face detection. Around a year ago, Google introduced an experimental face authentication mechanism into Android but they forgot to have liveness detection. In this case, it was very easy to circumvent the system. You could simply hold up, a picture of someone and it would let you in. So they updated this and now they look for blinking.
Interconnection attacks, these can be man in the middle attack, replay attack or even hill-climbing. Case of man of the middle attacks, some unauthorized third party is able to insert themselves between communication it's of different parts of the system. And, are either observed or modify this traffic. A replay attack is, recording a session and then replaying to gain the same types of access. Hill-climbing is an interesting attack and you need to have some sort of, insight into how the system works. So say, let's take a face recognition system, for example. You may present your face, and try to gain access. And you may be able to see that the system gives you a score of, say, 40, and you need a 90 to get in. Well, you can, change some things. Change your hair. Change other things. And maybe you get a higher score, 50. Well, you can use the hill climbing to keep moving your score closer to what you need to gain access.
Template database attacks are, can be quite severe in biometric systems. And the reason is that leakage of this information, this authentication information is can be a more serious issue then, say, the exultation of passwords. So let's talk a bit about why. Well, your password is a credential that can be changed. So if your password is leaked, then you can go in and authenticate some other way and update your password. You cannot update you biometrics, so if your fingerprints are leaked and forged. You can't recall that, that credential. As a result, we need to find ways to work with biometrics that one, defend the information in the system and two, if that information is exposed, it doesn't actually expose the source biometric. There, it's not possible to replace the biometric tokens that are compromised. As a result, this irrevocable nature of biometrics is both its strength, because it binds them very tightly to your identity and a weakness.
So, password security techniques are challenging to apply effectively to biometrics. Sure, we can encrypt biometrics, usually with passwords, we apply a one way hash. And then compare the results of that hash to see if they're exactly the same. Because biometrics are going to be slightly different each time you present them to the system, the results if we were to hash them, the hash would be completely different. And, as a result not very useful for authenticating a person. Password systems require an exact match and biometric systems require a good or similar match. So there's, a few approaches that, have been used, and are being researched. We can, one approach is looking at cryptographic security, or non-invertible templates. Generating a template that can't, that's transformation that can't go back to the original biometric data. Another goal is to maintain performance maintain in terms of matching ability. We don't want to hamper the speed of letting someone in with too much security or at least security that's too slow and also, we want revoke ability. It should be possible to say, generate multiple throwaway templates from the same data, so that if, if it is compromised functionality can be continued.
So one idea is to use encryption. And this is actually generally what's used today. The challenge with encryption of course is that the security comes down to the secrecy of the key being used. And at some point during the authentication, you will expose the original data by decrypting it. It's very convenient, easy to implement, and also doesn't affect matching performance. Still, this is generally not sufficient for securing biometric data.
A newer approach is feature transformation. This is applying a transformation function to the template to generate something that we can treat as equivalent to the template, but is actually different. So that if someone were to view the transformed template they may not be able to get back to the original one, the case of the non-invertible template.
What it comes down to over is that today there's no ideal method of biometric security and many challenges in this area. In a lot of systems hybrids of these different techniques are, are being used. Some research topics that we're thinking about is one, applying security existing security methods that we can extend to biometrics. We're also looking at a way to measure the security of biometric systems which is metrics is quite challenging and then maybe if there's biometrics that are not compatible with existing security schemes. So that's it for, for my presentation. Thank you, and I'll turn it over to Shawn.
Thank you, Doctor Mayron. Well, we appreciate very much that, that presentation and all the information. I'm just gonna take a couple of moments and go through the and talk a little bit about Florida Tech as well as talk a little bit about the programs that are available. So, Florida Tech has, is a traditional brick and mortar university. It's non-profit, private, and it's been around for more than 55 years. It was really born out of the need for continuing education for technicians and scientists and business leaders at what is now the John F. Kennedy space center on the space coast, in Melbourne Florida. Just a couple of bullet points to kind of point out, and it's ranked a Tier 1 Best National University by U.S. New World Report. And the college salary report ranks Florida Tech graduates, their mid-career and starting salaries first among all Florida universities that includes public and private. I think those are some very important bullets.
Next. A little bit about the faculty. Faculty for the MSIA Cybersecurity program is, is, is taught by the, the faculty at Florida Tech at the Paris Institute for Assured Information. And 90, over 90% of the faculty, are, doctors. If the university is also regionally accredited by this southern association of colleges and schools towards associates back bachelors, masters, education specialist and doctoral degrees. And regional accreditation for those of you who are not familiar with it is the highest level of accreditation given by the department of education. Florida Tech is also a traditional university that offers sports in Division II NCAA. And that's, they've got 21 sports and recently started a football team which will have its first game this fall and that's a big deal.
A couple other points, with this program through the Florida Tech University Online Connection. The all the programs, all the courses are offered 100% online, and there are a lot of advantages to that, obviously, from a convenience standpoint, you know, you can, attend class 24/7. And the classroom is very interactive. With a lot of different features such as group study, which gives the ability of, of the faculty to be able to, hold class, literally, via a, a mechanism that provides whiteboard access, provides students with the ability to use webcams again to connect and students can also utilize it for study sessions. There's also a social and a mobile aspect to the classroom where students can access the classroom via any mobile device. And then Florida Tech the education is top ranked, tuition rates are very competitive.
So to talk a little about our programs that are available specifically in cybersecurity. There's a Master of Science in Information Technology with a specialization in cybersecurity. And the, the uniqueness about this program is it offers some business courses, technology courses, as well as cybersecurity courses. And it's unique in that it's, you know, taught from a management perspective and again touches many different subject matters.
And then of course we have the Master of Science in Information Assurance and Cybersecurity. And Doctor Mayron would you like to take a moment and talk a little bit about that.
Sure, well the, Master of Information Assurance and Cybersecurity or the MSIAC is a master’s degree that we offer, out of the Department of Computer Science in the College of Engineering here. It consists of 11 cybersecurity courses. The courses were actually created from scratch in order to all focus on cybersecurity. And we cover a pretty broad range of topics in the field. There's required courses in topics like host and application security, and network security, but then some of the elective courses cover things like, like biometrics secure software development, cryptography, steganography and other topics like that. It's, the degree, it, makes good use of, of technical skills, but also goes a bit, beyond say what you get, from maybe in, just a purely technical field.
Alright, very good. Thank you very, very much, Doctor Mayron we are going to now move to the question portion of the presentation, and we've gotten a few questions, throughout the presentation and so we can kind of cover those now. And so the first question that we have is, why isn't biometric security used in more phones and computers, why do I have to keep remembering so many different passwords? Doctor Mayron would you like to take that one?
Sure, well there's, there's a few reasons, well I have to say I saw a rumor that, the new Iphone actually will have a biometric sensor. Thus they actually acquired a company based here in Melbourne, Florida that, that does that but there's a few reasons why today we don't have more biometrics in, in mobile devices. One is that usability studies have shown that users actually don't care so much about security. They prefer convenience. When you look at a lot of phones, many of them are set with no password or, sometimes, even just, a four digit pin code which is, very easy to guess. And once you're in, you have access to, without a password, to, email in some cases, banking information, a lot of stuff. So one of the reasons is, just convenience, the second part of the question said. Users don't want to keep, re-entering different passwords, and they don't want to keep authenticating themselves. Another is limitation of hardware, phones do have cameras, but because they can be held from any angle, in any environment, it makes face recognition a bit challenging. You can see in Android phones that Google is trying to move towards face recognitions. So, maybe we'll see that one day soon.
All right, very good. Another question is, how in depth do courses in this program get as far as writing code, such as writing code in a Java environment or using tools like VB?
That's a really, really good question. And the answer's that, it varies it depends on the course. We have a few courses that do go quiet in depth into the code particular at the low level. Something that we feel is really important for someone to, to be comfortable with coming out of this degree. Other courses are project-based. Which means that it is really up to the student working with the professor to propose a project. And in that case, the student can choose whichever environment they're most comfortable with, or is most appropriate for the task. If your technical skills, if you're coding is maybe background is less rigorous or you just haven't done it in, in 10 or 20 years. We are preparing soon a, a course that you can take before going onto the main part of the program that will actually get you up to speed on that, as well.
All right, very good. The next question is, Is there any differences completing the degree online instead of on campus? Second part is, any disadvantages?
Sure, that's another good question. We offer the same degree on campus and online. We actually started online a year before we started on campus. The courses are the same, the course numbers are the same, the transcript is identical. In the sense of what you need to do to get through the degree, it's as identical as we can make it. Of course the experience is going to differ whether you take the classes on campus or online. On campus you, you are physically here and you, that's a bit different. In some cases you get to spend more time one on one with the professors. However, we, we have number of people that are actually local here in Melbourne that choose to take the degree online simply because they, they prefer the, the convenience, of it. So, terms of the material terms of the degree, the classes are the same. The, the exams are the same the assignments are the same. The, courses were, were developed by the same professors, so, there's not much different in terms of material. The differences are basically what you would expect between going to campus and, interacting through, through the computer and the phone.
Alright very good, Next question is: How much coding experience do I need to know to enter the program? I think maybe we've touched on that, Doctor Mayron, if you wanna just kind of wrap that one up.
Sure. Well, I, I, also want to say we, we offer multiple programs in cybersecurity. So when I was answering the last questions I was referring to the MSIAC. The, the Information Assurance and Cybersecurity Degree offered through the, the College of Engineering. For the MSIT with the specialization in cybersecurity. That degree does not require coding. So we have the more technical one, the MSIAC, and the, more IT business oriented one, the MSIT. For the technical degree, well, apply, and we'll see if your experience is good. But really we look for, at least some evidence of programming. There are courses we look for, on the transcript, specifically data structures. If you took that course, you should be fine. Now in some cases people have other experience that, that we can look at also, and really get a grasp of if you can program. And in, in other cases we will have very, very soon there's new, programming background course so you can enroll in that and then see if your background is sufficient or get up to speed on what you're missing.
All right, very good. Another question that's come in is, do online classes hold meetings like this? As like this as a class environment.
They do not. The benefit of or at least I should say they're not required. The benefit of the convenience of the online environment is that they're asynchronous. So, we tried to design it in a way where for the most part do you enter the classroom at the, the time that's appropriate for you. We've students that are in different time zones, different places. Now, that said, some classes do have optional meetings, optional study groups. And different times where you know, if you want to you can mark on your calendar and, and we do get together as, as a group and have some, some discussions and it's, pretty fun. But usually we, we don't require that for the online classes.
All right very good. Next question is: How long will it take to complete the degree?
So the degree is the MSIAC is 11 courses, and the courses are in eight week modules, so you go through them pretty quickly. They're, they're condensed well actually one other difference online the courses take a full semester they take 15 weeks.
Upon campus and online there in eight weeks. So you could complete six courses a year if you go straight through. And as a result to complete the degree in a little bit under two years. I think it's one year, ten months, two weeks.
All right, very good. The next question touches a little bit on the admissions requirement again: Do the admissions requirement require a significant experience in cybersecurity work experience this time? So not necessarily - I think the last questions really involved from an education background and having taken you know some type you know data coding or structures class. This one's focused more on the requirements from a work experience standpoint. Doctor Mayron?
That's a very interesting question, the short answer is no, there's no particular cybersecurity background that's required. You can take this degree without having that bound and one of the purposes that you'll learn about that. With that said we do have a number of students that have just really, really interesting backgrounds in cybersecurity. And they're looking to you know fill in the gaps in their knowledge or gain some depth there. So in the classes you, you find a really nice mix of you know, people that have not seen this before and are, are learning and then another group of people that have experience. Maybe they're working every day in this field. And, and it all comes together in a really nice discussion there.
All right very good, the next question that we have is: what's the difference between the Master of Science in Information Technology and the MSIA Cybersecurity?
So the Master of Science and Information Technology is offered through the College of Business and as a result you'll find courses in there, like Project Management other, parts of the degree that will help prepare you to lead an Information Technology Organization. The MSIAC degree the Information Assurance and Cybersecurity Degree is offered through the College of Engineering and it is a more technical degree. So if you want to get into low level system exploits. If you have coding background, if you have technical background then that's probably the more appropriate degree for you. So it, it depends on your, on what your career goals are. If you want to work in an IT organization the MSIT is a good fit. If you want, if your background is more technical then maybe you want to look at the MSIAC.
All right, very good. The next question that we have is, what is the cost per credit hour?
Sure, it's each class is, is, three credit hours. Three semester credit hours. And it's $740 per credit hour. And I'm happy to say this last year there was no tuition increases for any of the programs, for the online programs at Florida Tech. And, absolutely, financial aid is available. You know also tuition assistance. And so you know you know, financial aid through the federal government is, is not credit based, it's based off of need. And you know again you know, we're about to kind of roll over. I think we just got out of the question that we're gonna go ahead and answer. And then we're gonna talk a little bit about, we've got some other questions about enrollments. And that's actually the next portion of the, the program. The next question is, is there any certificate that you can add to the degree regarding forensics? Doctor Mayron?
We do not currently have a Certificate in Forensics. We are developing some courses. And but right now we don't have a, a full Certificate in Forensics. We do have a Certificate in Cybersecurity. Which is the first four courses of the MSIAC degree. So you can take that and then get the certificate along the way to getting the full degree. But we don't have a certificate in forensics yet.
All right. Very good. The next question that we have rolls right into the next part of the presentation. Which is, is about the enrollment process. And so the question is can you elaborate? Or you know tell us a little bit about the enrollment process.
And so we're just gonna go ahead and put a slide up here that talks about that, obviously there is some contact information for Doctor Mayron. As well as there is information and a link to the FloridaTechOnline.com site, where you can actually visit. And you can also contact an enrollment adviser at 888-352-8324, and speak with a representative. And they can answer any questions that you have about the programs, as well as about enrollments in the upcoming sessions. So you know, feel free to reach out to an enrollment advisor and further the conversation.
And with that, Doctor Mayron, do you have any closing statements, or any closing thoughts?
I wanted to thank everyone for their, for their time tonight and I do check my email. So if you have any questions please, don't hesitate to contact me and, I'll do my best to get back to you thank you.
All right, well then, we're gonna go ahead and conclude the session. I'd like to thank everybody that participated, thank you for coming. And again, feel free to reach out to, to us and ask further questions ask about the enrollment process, we'd more than happy to help you. Thank you very much and goodnight."