Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Seven ways DARPA is trying to kill the password

Martyn Williams | Aug. 11, 2014
DARPA is working on desktop and mobile technologies that work not just for the initial login but continuously while the user is accessing the device.

A seemingly constant stream of data breaches and this week's news that Russian hackers have amassed a database of 1.2 billion Internet credentials has many people asking: Isn't it time we dumped the user name and password?

A lot of the best technology of today exploits biometric factors such as retina patterns, fingerprints and voice analysis, but beyond that a number of researchers are looking to tap into the way we think, walk and breathe to differentiate between us and an intruder.

Helping to lead the research is DARPA, the U.S. military's Defense Advanced Research Projects Agency. Its active authentication project is funding research at a number of institutions working on desktop and mobile technologies that work not just for the initial login but continuously while the user is accessing a device. The array of sensors already found in mobile phones makes some of the ideas particularly interesting.

The technologies exploit data that's already available inside devices, but utilize it in new ways, said Richard Guidorizzi, program manager of the project at DARPA.

"Except during lab testing, we did not need to create new devices to attach to your phone and drain your battery. They were able to use what was already there with a great deal of success," he said.

So, when might they be available? The project is still going on, but it seems to be attracting interest.

"Some of my [teams] are already being approached by some of the largest companies in the world to incorporate their technology into their products, including smartphones and Web-based technologies," said Guidorizzi.

Micro Hand Movements
A project underway at the New York Institute of Technology aims to analyze micro movements and oscillations in your hand as you hold a smartphone to determine the identity of the user. It is looking at touch-burst activity, which happens when a user performs a series of touch strokes and gestures, and the pause between those touches and gestures while the user is consuming content.

Activity-based Analysis
SRI International in Silicon Valley is trying to exploit the accelerometers and gyro sensors already inside smartphones to extract unique and distinguishing characteristics of the way a user walks and stands. Your stride length, the way you balance your body, the speed you walk all are individual to you. Additional sensors can help to determine physical characteristics, such as arm length, and the user's physical situation, such as proximity to others and whether the user is sitting, standing, picking something up, texting or talking on the phone.

The differences in how we use language could be enough to tell us apart. Drexel University is trying to extract author fingerprints from the large volumes of text we typically enter into our PCs and smartphones and then use that to spot when someone else might be at the keyboard. This could be the words used, individual grammar quirks, sentence construction and even the errors individuals are prone to making again and again. The technology can be tied together with another keyboard-based authentication method — the analysis of the way a user types, such as their keyboard speed and pauses between letters — to make an even more secure authentication system.


1  2  Next Page 

Sign up for Computerworld eNewsletters.