Where DARPA Is Going, They Don’t Need Passwords

This...doesn't seem like the ironclad system one ought to have to secure passwords.  That's about as secure as a grocery list.  (Graphic from DARPA)

This…doesn’t seem like the ironclad system one ought to have to secure passwords. That’s about as secure as a grocery list. (Graphic from DARPA)

In the world of network cyber security, the weak link is often not the hardware or the software, but the user.

Passwords are often easily guessed or possibly written down, leaving entire networks vulnerable to attack. Mobile devices containing sensitive information are often lost or stolen, leaving a password as the single layer of defense.

DARPA’s Active Authentication program is addressing this problem by adding additional ways to validate a user’s identity beyond the password based on user behavior.   The program focuses on the development of new types of behavioral biometrics focused on the user’s cognitive processes—usage patterns or habits  of individuals that, in combination, can serve as an online fingerprint and identity check.

The program’s initial thrust developed tools to protect desktop workstations–an effort that continues. Active Authentication begins a second, parallel thrust using biometrics to secure mobile devices using apps, sensors and other resources unique to these platforms.

A versatile, application-driven device like a smart phone or a tablet computer may be customized quickly by downloading software applications for use on the go. For the DoD, warfighters need to download software, reports, maps, mission-specific software and receive orders in the field. This versatility cannot be provided at the cost of network security, however, and behavioral biometrics are being developed to add layers of defense without burdening the user.

“We have received a large number of really creative approaches to the desktop security problem,” said Richard Guidorizzi, DARPA program manager. “We are looking to tap into some more of this creativity to create truly robust solutions for DoD mobile platforms.”

DARPA held a Proposers’ Day on Friday February 8th to discuss new program goals. The Broad Agency Announcement for the solicitation can be found here.

Story, picture and information provided by DARPA


Disclaimer: The appearance of hyperlinks does not constitute endorsement by the Department of Defense of this website or the information, products or services contained therein. For other than authorized activities such as military exchanges and Morale, Welfare and Recreation sites, the Department of Defense does not exercise any editorial control over the information you may find at these locations. Such links are provided consistent with the stated purpose of this DoD website.