The Department of Homeland Security is moving forward with the White House's "kill the password" initiative with an award for cell phone software that authentic...
The Department of Homeland Security gave Fairfax, Virginia-based company, Kryptowire $1.7 million from its Mobile Technology Security research and development award to create cellphone software that authenticates users without the use of passwords and pins.
Kryptowire, which provides mobile application software assurance tools, anti-piracy tools and other mobile security services, won the award based on its work in the Defense Advanced Research Project Agency’s behavioral biometrics project called the Active Authentication Program.
In an interview with Federal News Radio, Kryptowire founder Angelos Stavrou said the company will use the funds from the MTS award to further its behavioral biometrics research from DARPA and develop smart phone software that can identify users by their habits.
“One of the problems we have identified that users have with mobile devices is every time they want to do something, they might have to put a password. Sometimes the password is too long, especially for mission critical devices,” Stavrou said. “In essence, we’re trying to avoid using passwords … [by tracking] the way that the user utilizes the device behaviorally through applications, extract a profile and use that profile to authenticate the user continuously.”
The software is called “continuous seamless authentication for mobile devices.” A user’s behavior profile lets them access certain applications that require higher levels of security.
The profiles are generated based on sensors that already exist in the phone, such as the touch screen and the accelerometer, which tracks how a user tilts or moves their device. The sensors authenticate a user by monitoring how they move naturally and where they typically tap on the screen.
“We are going to have what’s called progressive authentication,” Stavrou said. “You will start with a score, let’s say you start from zero, and 100 means you are fully authenticated.”
Yet, not all functions need a perfect score in order to work.
“If you go to browse Google, you don’t need to have 100 percent authentication, but if you try to read your email, you might want 100 percent authentication,” he said.
The software also can identify users based on environmental parameters such as their usual stomping grounds.
“If someone steals your device and tries to go somewhere that is unknown for the device, automatically, the authentication is heightened,” Stavrou said. “It means basically that you have to prove yourself more because now you are not in a known environment.”
One of the challenges Stavrou said Kyrptowire needs to work though on the project is how to transfer profiles from one gadget to another so a user doesn’t “have to keep retraining the devices.”
If all else fails though, Stavrou said password authentication still is an option with the software.
“As a last effort, meaning if that you cannot authenticate on your device because something happened, you can still use your password, but we want to avoid the use of passwords as much as possible,” he said.
Currently, the software is only in development for Android phones, but Starvou said Kryptowire plans to expand capabilities to Apple and Windows devices, including tablets. While it’s a government prototype for now, Stavrou said he hopes to see seamless authentication expand into commercial markets.
“A lot of people create cool technologies, but the real question is how do you move it to the market? How do you make it usable in a way that the user trusts the application?” he said. “It’s an innovative research, and what we’re trying to do is basically see how we can push it and move it to mass usage. Part of what we do with DHS is try to see if we can deploy the solution within the federal government at least as a pilot in the beginning and see how things can be transitioned.”
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.