Developers at the Defense Advanced Research Projects Agency want to build information technology security that goes beyond simply recognizing complex passwords but rather gets in your head to confirm your identity before you get access or continue to have access to important information.
Specifically, the agency's Active Authentication program looks to develop what DARPA calls "novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software-based biometrics."
More security news: From Anonymous to Hackerazzi: The year in security mischief-making
Biometrics is defined as the characteristics used to uniquely recognize humans based upon one or more intrinsic physical or behavioral traits. Active Authorization focuses on the computational behavioral traits that can be observed through how we interact with the world. Just as when you touch something with your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a "cognitive fingerprint," DARPA said in officially announcing the contracting process for the program.
DARPA had talked about Active Authentication at its Colloquium on Future Directions in Cyber Security meeting last October. "Active Authentication program to tie identity to level of access within system. You're the key to your system. Want to make machine aware of its operator and are working towards systems managing authentication invisibly in the background," Such new systems might look at the unique words a user types or examine length of sentences and use of punctuation to determine user authenticity, said DARPA program manager Richard Guidorizzi at the meeting.
In its current announcement DARPA stated: "The current standard method for validating a user's identity for authentication on an information system requires humans to do something that is inherently difficult: create, remember, and manage long, complex passwords. Moreover, as long as the session remains active, typical systems incorporate no mechanisms to verify that the user originally authenticated is the user still in control of the keyboard. Thus, unauthorized individuals may improperly obtain extended access to information system resources if a password is compromised or if a user does not exercise adequate vigilance after initially authenticating at the console."
More news: 25 tech touchstones of the past 25 years
DARPA said the current Broad Agency Announcement will address the first phase of what it says will be a three phase development program. In the first phase, the focus will be on researching biometrics that does not require the installation of additional hardware sensors. Rather, DARPA will look for research on biometrics that can be captured through the technology already in use in a standard DoD office environment, looking for aspects of the "cognitive fingerprint." A heavy emphasis will be placed on validating any potential new biometrics with tests to ensure they would be effective in large scale deployments.
Some examples of the computational behavior metrics of the cognitive fingerprint include:
- - keystrokes
- - eye scans
- - how the user searches for information (verbs and predicates used)
- - how the user selects information (verbs and predicates used)
- - how the user reads the material selected
- - eye tracking on the page
- - speed with which the individual reads the content
- - methods and structure of communication (exchange of email)
The later planned phases of the program will focus on developing a system that integrates any available biometrics using a new authentication platform suitable for deployment on a standard desktop or laptop. The authentication platform is planned to be developed with open Application Programming Interfaces (APIs) to allow the integration of other software or hardware biometrics available in the future from any source, DARPA stated.
The Active Authentication program is just one of DARPA's many plans to improve system security. At its Colloquium meeting the agency reminded everyone that it had a big hand in creating the Internet and now its wants to get serious about protecting it. DARPA Director Regina Dugan said that since 2009, the agency has steadily increased its cyber research efforts and its budget submission for fiscal year 2012 increased cyber research funding by $88 million, from $120 million to $208 million. In addition, over the next five years, the agency plans to grow its top-line budget investment in cyber research from 8% to 12%.
Layer 8 Extra
Check out these other hot stories: