Risk
11/10/2011
03:40 PM
50%
50%

DARPA Seeks New Methods For Biometric Authentication

Defense Department invites experts to discuss ways to identify people when they sign into to computers without interrupting their normal activity flow.

Obama's Tech Tools
(click image for larger view)
Slideshow: Obama's TechTools
The Department of Defense (DOD) is seeking ways to biometrically identifying people when they sign in to use computers without interrupting their normal activity flow.

The Defense Advanced Research Projects Agency's Active Authentication Program aims to develop software to identify "the individual at the keyboard … through the activities the user normally performs," according to an agency posting on FedBizOpps.gov announcing an Industry Day event about the program next week.

"The Active Authentication program changes the current paradigm by removing the secret that a human holds, the password, and focuses on the secret that the human specifically is," according to DARPA.

Biometric authentication for computers already exists, but usually it is done through an extra step a use must take when logging in, such as pressing a finger to a pad that can scan and identify someone through their fingerprint.

[ Where is DARPA focusing security research efforts? Read DARPA Boosts Cybersecurity Research Spending 50%. ]

Iris scanning--in which a person is identified by a machine that captures an image of his or her iris--also is another popular biometric-authentication method, but normally for larger form-factor machines, such as airport security scanners.

DARPA, however, wants to skip any extra steps and locate biometric factors to identify someone while they're working naturally at the keyboard, according to the agency. The initial goal for the program is to identify someone working at a desktop in a typical DOD office environment.

On the Industry Day, DARPA plans to discuss its ideas for new approaches to biometrics and identify potential participants in the program.

Given the vulnerabilities of traditional password authentication systems, the federal government has been working on biometric options for identifying users of its systems and facilities to more firmly secure access to them.

To that end, the feds are developing biometric ID cards that include options for both fingerprint and iris scans for all federal employees and contractors when entering facilities or using computer systems. The move is mandated by Homeland Security Presidential Directive 12, which is aimed at increasing security and efficiency, reducing identity fraud, cutting costs, and protecting personal privacy.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.