Seven ways DARPA is trying to kill the password
Seven ways DARPA is trying to kill the password
By Martyn Williams
Follow
IDG News Service | Aug 8, 2014 4:25 PM
A seemingly constant stream of data breaches and this
week’s news that Russian hackers have amassed a database of 1.2 billion
Internet credentials has many people asking: Isn’t it time we dumped the user
name and password?
A lot of the best technology of today exploits biometric
factors such as retina patterns, fingerprints and voice analysis, but beyond
that a number of researchers are looking to tap into the way we think, walk and
breathe to differentiate between us and an intruder.
Helping to lead the research is DARPA, the U.S.
military’s Defense Advanced Research Projects Agency. Its active authentication
project is funding research at a number of institutions working on desktop and
mobile technologies that work not just for the initial login but continuously
while the user is accessing a device. The array of sensors already found in
mobile phones makes some of the ideas particularly interesting.
The technologies exploit data that’s already available
inside devices, but utilize it in new ways, said Richard Guidorizzi, program
manager of the project at DARPA.
“Except during lab testing, we did not need to create new
devices to attach to your phone and drain your battery. They were able to use
what was already there with a great deal of success,” he said.
So, when might they be available? The project is still
going on, but it seems to be attracting interest.
“Some of my [teams] are already being approached by some
of the largest companies in the world to incorporate their technology into
their products, including smartphones and Web-based technologies,” said
Guidorizzi.
Micro Hand Movements
A project underway at the New York Institute of
Technology aims to analyze micro movements and oscillations in your hand as you
hold a smartphone to determine the identity of the user. It is looking at
touch-burst activity, which happens when a user performs a series of touch
strokes and gestures, and the pause between those touches and gestures while
the user is consuming content.
Activity-based Analysis
SRI International in Silicon Valley is trying to exploit
the accelerometers and gyro sensors already inside smartphones to extract
unique and distinguishing characteristics of the way a user walks and stands.
Your stride length, the way you balance your body, the speed you walk all are
individual to you. Additional sensors can help to determine physical
characteristics, such as arm length, and the user’s physical situation, such as
proximity to others and whether the user is sitting, standing, picking
something up, texting or talking on the phone.
Stylometry
The differences in how we use language could be enough to
tell us apart. Drexel University is trying to extract author fingerprints from
the large volumes of text we typically enter into our PCs and smartphones and
then use that to spot when someone else might be at the keyboard. This could be
the words used, individual grammar quirks, sentence construction and even the
errors individuals are prone to making again and again. The technology can be
tied together with another keyboard-based authentication method—the analysis of
the way a user types, such as their keyboard speed and pauses between
letters—to make an even more secure authentication system.
Microwave Heartbeats
NASA’s Jet Propulsion Laboratory is trying to detect the
individual features of your heartbeat from a phone. Microwave signals emitted
by the phone are reflected back by your body, collected by sensors in the phone
and amplified to detect your heart rhythm. This might have the added bonus of
being able to alert you to see a doctor should a subtle change in your
heartbeat happen.
The last thing anyone wants to see on a PC is an error
message, but this particular type of annoyance might turn out to have a role to
play in security. By throwing up random error messages and analyzing how users
respond to them, the Southwest Research Institute is hoping to identify
individuals and spot intruders. So next time your PC tells you it’s out of
memory and asks if you want to report the issue, think carefully. It could be
testing you.
Biometric Analysis
Perhaps most familiar to people through fingerprint sensors,
biometric analysis seeks to exploit a wide range of personal characteristics.
Li Creative Technologies is developing a voice-based system that can be used to
unlock a mobile device. You’ll be prompted to say a passphrase, and the
software doesn’t just monitor if the phrase was correct but whether you were
the one saying it. A second function continuously monitors what’s being said
around the device to detect if another user has picked up the phone and is
attempting to access it.
Visual Fingerprinting
The University of Maryland is using visual streams to
make sure you’re the one using your PC or phone. On the desktop it looks at
things like the way you organize windows and resize them, your work patterns
and limitations in mouse movements. On the phone the system pulls in three
video streams: an image of you from the front-facing camera, an image of your
surroundings (or shoes or pants) captured with the rear-facing camera, and your
screen activity from the display. Researchers hope that taken together, these
three streams will be distinct enough to authenticate an individual user and
keep them authenticated while using the device.
This story, "Seven ways DARPA is trying to kill the
password" was originally published by IDG News Service .
Martyn Williams
Comments
Post a Comment