February 12, 2013
Active Authentication program investigates behavioral biometrics for mobile devices
In the world of network cyber security, the weak link is often not the hardware or the software, but the user. Passwords are often easily guessed or possibly written down, leaving entire networks vulnerable to attack. Mobile devices containing sensitive information are often lost or stolen, leaving a password as the single layer of defense.
DARPA’s Active Authentication program is addressing this problem by adding additional ways to validate a user’s identity beyond the password based on user behavior. The program focuses on the development of new types of behavioral biometrics focused on the user’s cognitive processes—usage patterns or habits of individuals that, in combination, can serve as an online fingerprint and identity check.
The program’s initial thrust developed tools to protect desktop workstations--an effort that continues. Active Authentication begins a second, parallel thrust using biometrics to secure mobile devices using apps, sensors and other resources unique to these platforms.
A versatile, application-driven device like a smart phone or a tablet computer may be customized quickly by downloading software applications for use on the go. For the DoD, warfighters need to download software, reports, maps, mission-specific software and receive orders in the field. This versatility cannot be provided at the cost of network security, however, and behavioral biometrics are being developed to add layers of defense without burdening the user.
“We have received a large number of really creative approaches to the desktop security problem,” said Richard Guidorizzi, DARPA program manager. “We are looking to tap into some more of this creativity to create truly robust solutions for DoD mobile platforms.”
DARPA held a Proposers’ Day on Friday February 8th to discuss new program goals. The Broad Agency Announcement for the solicitation can be found at: http://go.usa.gov/47G4