Researchers from the Defense Advanced Research Projects Agency will next week detail a new program it hopes will develop technology to dramatically change computer system security authorization.
The program, called Active Authentication, looks to develop technology that goes way beyond today's use of hard to remember password protection and determine identity through "use of software applications that can determine identity through the activities the user normally performs," DARPA said.
"Active Authentication program to tie identity to level of access within system. You're the key to your system. Want to make machine aware of its operator and are working towards systems managing authentication invisibly in the background," said DARPA program manager Richard Guidorizzi at the agency's Colloquium on Future Directions in Cyber Security meeting this week. Such new systems might look at the unique words a user types or examine length of sentences and use of punctuation to determine user authenticity.
Examples of existing research include work with fingerprints, although deployment of sensors makes this more challenging so this program focuses more on software-based solutions. Mouse tracking has received attention as a tool that can validate a person's identify while sitting at a computer, suggesting this as a possible candidate for further research.
Instead of current authentication systems that force humans to adapt to computers and use passwords like 6tFcVbNh^TfCvB or R%t6Y&u8I(o0P-, Guidorizzi said he wants to make computers adapt to the humans that built them in the first place.
"My house key will get you into my house, but the dog in my living room knows you're not me. No amount of holding up my key and saying you're me is going to convince my dog you're who you say you are. My dog knows you don't look like me, smell like me or act like me. What we want out of this program is to find those things that are unique to you, and not some single aspect of computer security that an adversary can use to compromise your system," Guidorizzi said.
"Active Authentication looks to make you the key to your access, not to track aspects of who you are." Guidorizzi expects researchers to take special care to ensure this program doesn't violate privacy laws or allow information about a user's identity to be misused by others. He doesn't want to capture user aspects in a database; he said the systems only want to use this information as the key to user computer systems access.
The Active Authentication proposers day meeting will be held November 18, 2011 in Arlington, VA. For information go here.
The Active Authentication program is just one of DARPA's many plans to improve system security. At its Colloquium meeting the agency reminded everyone that it had a big hand in creating the Internet and now its wants to get serious about protecting it.
DARPA Director Regina Dugan said that since 2009, the agency has steadily increased its cyber research efforts and its budget submission for fiscal year 2012 increased cyber research funding by $88 million, from $120 million to $208 million. In addition, over the next five years, the agency plans to grow its top-line budget investment in cyber research from 8% to 12%.
DARPA has built an expert cybersecurity teams composed of people from the "white hat" hacker community, academia, labs and nonprofits, and major commercial companies, in addition to the defense and intelligence communities.
It has also enlisted the help of security experts such as the inventor of L0phtCrack, a Microsoft password auditing tool, and ex-BBN scientist Peiter "Mudge" Zatko, who now runs a DARPA program called Cyber Fast Track that brings what he calls unique security technologies into the military realm.
No comments:
Post a Comment