Modern field guide to security and privacy

Can the federal government kill the password?

Using university partnerships, Northrop Grumman is working on innovative, behavior-based technologies to enhance mobile security for the federal government

Imagine a world with no passwords, where Internet users are freed from memorizing jumbles of characters and numbers that are usually either too simple to crack by today’s sophisticated attackers or too complex to remember by the people who need to use them.

In the commercial space, companies like Yahoo! are offering users a way in to their mobile email without one. White House Cybersecurity Coordinator Michael Daniel once said he’d “really love to kill the password dead as a primary security method — because it’s terrible.” 

In the next breath, however, Daniel hit on the central password paradox: “when we think about replacing it, it  has to be replaced with something that’s actually easy for people to use.”

To that end, Northrop Grumman will be working to develop advanced biometric solutions to enhance mobile security and virtually eliminate the password while keeping users connected on the go via a contract from the Department of Homeland Security (DHS) Science and Technology Directorate. 

This is not your  “standard” biometrics like fingerprint or facial recognition, nor is it a simple password or a PIN. The Northrop Grumman’s solution will combine modeling techniques with behavioral characteristics gathered by sensors on a device — such as how a user picks up and handles a device, a highly secure and irreproducible function — to authenticate user identity. 

"As the government moves to a more mobile business model, this new technology mitigates risk so users can take advantage of the newest mobile applications in a trusted state," said Shawn Purvis, vice president and general manager of Northrop Grumman’s cyber division. "From the warfighter to the civil servant, we are integrating solutions to optimize ease and performance while layering our defense-in-depth approach to protect everything from the perimeter to the data." 

The $1.7 million Mobile Technology Security (MTS) research and development (R&D) award leverages a research projects from two of Northrop’s university research partners.

The project is chiefly based on threat behavior modeling originally developed through its Cybersecurity Research Consortium partner Carnegie Mellon University's (CMU) cybersecurity institute, CyLab.

At CyLab, researchers investigated how sensors on a device track and capture user behavior and compare that data against a user profile automatically derived through machine-learning techniques.

(This technology was commercially spun off into a company called Zense, now a teammate on this project.)

Enhancing this feature is another project on mobile challenge response techniques that the company sponsored at Iowa State University through the Security and Software Engineering Research Center (S2 ERC), an NSF-sponsored Industry/University Cooperative Research Center. To prove a user is who they say they are, the device simply generates a curve on the display that the user must then trace on the touch screen. As the user swipes across the screen, unique pressure points are calibrated that cannot be replicated across users, thus ensuring another level of security and authenticity. If a user is not able to authenticate, the device will lock or, in extreme situations, be wiped automatically.

“This project is an example of how we are working with our academic research partners to integrate next-generation technologies in an innovative way to address a national security imperative,” Ms. Purvis said.

Northrop Grumman's Cybersecurity Research Consortium includes Carnegie Mellon University, Massachusetts Institute of Technology, Purdue University and the University of Southern California. Formed in 2009, the consortium aims to advance research and develop solutions to counter the complex cyber threats that face our economy, our freedom of information, and our national security.

Northrop Grumman is a leading global security company providing innovative systems, products and solutions in unmanned systems, cyber, C4ISR, and logistics and modernization to government and commercial customers worldwide. Please visit www.northropgrumman.com for more information.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Can the federal government kill the password?
Read this article in
https://www.csmonitor.com/World/Passcode/2015/1104/Can-the-federal-government-kill-the-password
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe