DARPA to detail program that radically alters security authentication techniques

DARPA wants technology that jumps beyond strong password protection

Researchers from the Defense Advanced Research Projects Agency will next week detail a new program it hopes will develop technology to dramatically change computer system security  authorization.

The program, called Active Authentication, looks to develop technology that goes way beyond today's use of hard to remember password protection and determine identity through "use of software applications that can determine identity through the activities the user normally performs," DARPA said.

More on security: Who really sets global cybersecurity standards?

 "Active Authentication program to tie identity to level of access within system. You're the key to your system.  Want to make machine aware of its operator and are working  towards systems managing authentication invisibly in the background," said DARPA program manager Richard Guidorizzi at the agency's Colloquium on Future Directions in Cyber Security meeting this week.  Such new systems might look at the unique words a user types or examine length of sentences and  use of punctuation to determine user authenticity.

Examples of existing research include work with fingerprints, although deployment of sensors makes this more challenging so this program focuses more on software-based solutions.  Mouse tracking has received attention as a tool that can validate a person's identify while sitting at a computer, suggesting this as a possible candidate for further research.

Instead of current authentication systems that force humans to adapt to computers and use passwords like 6tFcVbNh^TfCvB or R%t6Y&u8I(o0P-, Guidorizzi said he wants to make computers adapt to the humans that built them in the first place. 

"My house key will get you into my house, but the dog in my living room knows you're not me.  No amount of holding up my key and saying you're me is going to convince my dog you're who you say you are.  My dog knows you don't look like me, smell like me or act like me.  What we want out of this program is to find those things that are unique to you, and not some single aspect of computer security that an adversary can use to compromise your system," Guidorizzi said. 

"Active Authentication looks to make you the key to your access, not to track aspects of who you are."  Guidorizzi expects researchers to take special care to ensure this program doesn't violate privacy laws or allow information about a user's identity to be misused by others.  He doesn't want to capture user aspects in a database; he said the systems only want to use this information as the key to user computer systems access.

The Active Authentication proposers day meeting will be held November 18, 2011 in Arlington, VA. For information go here.

The Active Authentication program is just one of DARPA's many plans to improve system security. At its Colloquium meeting the agency reminded everyone that  it had a big hand in creating the Internet and now its wants to get serious about protecting it.

DARPA Director Regina Dugan said that since 2009, the agency has steadily increased its cyber research efforts and its budget submission for fiscal year 2012 increased cyber research funding by $88 million, from $120 million to $208 million. In addition, over the next five years, the agency plans to grow its top-line budget investment in cyber research from 8% to 12%.

DARPA has built an expert cybersecurity teams composed of people from the "white hat" hacker community, academia, labs and nonprofits, and major commercial companies, in addition to the defense and intelligence communities.

It has also enlisted the help of security experts such as the inventor of L0phtCrack, a Microsoft password auditing tool, and ex-BBN scientist Peiter "Mudge" Zatko, who now runs a DARPA program called Cyber Fast Track that brings what he calls unique security technologies into the military realm.

Follow Michael Cooney on Twitter: nwwlayer8  and on Facebook

Layer 8 Extra

Check out these other hot stories:

US snapshot of broadband world finds disparity and dial-up

FBI takes out $14M DNS malware operation

DARPA gets serious with Internet security, schmoozes the dark side

"Mudge" Zatko shaking up DARPA's security software routine

US cyber chief says cloud computing can manage serious cyber threats

IBM illuminates solar power system aimed at data centers

NASA looking at building tractor beams for space

US intelligence group seeking cutting-edge, secure chip development

The ultimate in man v. machine moments

DARPA offers $50,000 prize if you can figure out these shredded puzzles

NASA: "Interplanetary bogeyman" comet Elenin is no more; it's an ex-comet

After the iPhone, ex-Apple engineers built world's ultimate thermostat

Gartner: The top 10 strategic technology trends for 2012

Copyright © 2011 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022