By Kathleen Hickey
Creating, remembering and managing long, complex passwords is “inherently unnatural,” the agency said on its Active Authentication site. And most active sessions don’t have mechanisms to identify that the current user is still the one originally authenticated.
Biometric features such as fingerprints haven long been used in some two-factor authentication systems, but even then it only confirms a user’s ID when logging in. DARPA is proposing behavior-based methods for continual verification.
The agency issued a Broad Agency Announcement solicitation in January for its Active Authentication program. Responses were due March 6.
The program is seeking new ways to identify users, based on intrinsic or behavioral traits. “Just as when you touch something [with] your finger you leave behind a fingerprint, when you interact with technology you do so in a pattern based on how your mind processes information, leaving behind a ‘cognitive fingerprint,” DARPA’s statement said.
The first phase of Active Authentication will focus on researching biometrics that do not require additional hardware sensors, such as mouse and keystroke dynamics. An individual potentially could be identified by how fast he or she types or reads; what words he uses when creating a document or e-mail message; or how he moves the mouse across a page, DARPA said.
Later phases of the program will combine the biometrics with a new authentication program for standard Defense Department desktop or laptop PCs.
The program intends to combine its identification techniques into a continuous authentication process, so that the identity of a user at a machine is constantly being confirmed. The platform will be developed with open Application Programming Interfaces to allow for the easy addition of future biometric software and hardware, DARPA said.