DARPA to Turn Humans Into Passwords

By Eric Beidel
Computer users perceive cyberspace to be so dangerous that they often lock themselves out of their own systems because they have created passwords too long and complex to remember. To jog their memory, users write passwords on sticky notes that can be found by anyone.

The Defense Advanced Research Projects Agency is working on a solution that would allow a computer to determine on its own if the person at the keyboard is an authorized user.

The Active Authentication program aims to unburden computer users from convoluted passwords by granting access to systems through the use of software biometrics.

The research changes “the current paradigm by removing the secret that a human holds, the password, and focuses on the secret that the human specifically is,” an industry day solicitation states. “This program will focus on validating the individual at the keyboard by those unique factors that make up the individual.”

DARPA wants computers to adapt to humans, not the other way around. The goal is to confirm identifying biometrics without interruption while someone goes about a normal routine.

“My house key will get you into my house, but the dog in my living room knows you’re not me,” said Program Manager Richard Guidorizzi. “No amount of holding up my key and saying you’re me is going to convince my dog you’re who you say you are. My dog knows you don’t look like me, smell like me or act like me. What we want out of this program is to find those things that are unique to you, and not some single aspect of computer security that an adversary can use to compromise your system.”

Existing research includes looking into the use of fingerprints, though DARPA officials said that the deployment of sensors creates challenges for this option. The agency prefers to focus more on software-based solutions, including mouse-tracking and forensic authorship. The latter would identify users by their unique command of language.

DARPA’s program initially will focus on authentication at a desktop in a Defense Department office environment. The agency plans to see the project through by issuing research grants to and signing cooperative agreements with industry partners.

Topics: C4ISR, Cybersecurity, Science and Engineering Technology, DARPA

Comments (0)

Retype the CAPTCHA code from the image
Change the CAPTCHA codeSpeak the CAPTCHA code
Please enter the text displayed in the image.