Passwords could soon be obsolete

DARPA’s purpose is to sponsor “revolutionary, high-payoff research” for military use.

Sydney: Computer experts are looking forward to ways through which people can start working right away by just typing their user name - no password required.

This is the vision of Defence Advanced Research Projects Agency, part of the Defence Department. It will distribute research funds to develop software that determines, just by the way you type, that you are indeed the person you say you are.

DARPA’s purpose is to sponsor “revolutionary, high-payoff research” for military use. But technology developed under DARPA’s auspices - the internet itself being only one among many achievements traceable to its initiatives - eventually tends to find its way into the civilian world.

Passwords like “6tFcVbNhTfCvBn” meet the Defence Department’s definition of “strong,” said Richard Guidorizzi, a program manager at DARPA.

“The problem is, they don’t meet human requirements,” he said.

“What I’d like to do,” Guidorizzi said, “is move to a world where you sit down at a console, you identify yourself, and you just start working, and the authentication happens in the background, invisible to you, while you continue to do your work without interruptions.”

No biometric sensors, such as thumb print or iris scanners, would be used.

Instead, he is looking for a technology that depends solely on an individual’s distinct behavioural characteristics, which he calls the cognitive fingerprint.

Academic experts are trying a number of approaches to determine users’ identities only through their computer behaviour.

Roy Maxion, a research professor of computer science at Carnegie Mellon University in Pittsburgh, supervises research on “keystroke dynamics,” including the length of time a user holds down a given key and moves from one particular key to another.

Motions that we’ve performed countless times, Maxion says, are governed by motor control, not deliberate thought.

“That is why successfully mimicking keystroke dynamics is physiologically improbable,” he said.

He asserted that there is some evidence that a user’s emotional state affects typing rhythms.

But just as people can recognise a familiar song even if it is mangled by inept musicians, so, too, he hypothesizes, could software recognise one’s distinct “core rhythm,” which would be “perceptible even through the noise of emotion, fatigue or intoxication.”

He adds that the notion of core rhythm has not been experimentally confirmed.

Charles C. Tappert, a professor of computer science at Pace University in New York, has also carried out research on the keystroke biometric, verifying identities by looking at the way students type their answers to questions on online tests.

His research group has come up with a software that analyses the distinctive pattern of keyboard pressure; it accurately confirms the claimed identity of a test taker in 99.5 per cent of cases, he said.

The situations that DARPA has in mind would require a system that quickly authenticates the user, without waiting to collect data on hundreds of keystrokes. But Tappert says an intruder’s movement within an internal network would show telltale irregularities and that his software would be able to detect them.

Research overseen by Salvatore J. Stolfo, professor of computer science at Columbia University, has led to the development of software that uses a simple means of detecting an intruder: placing decoy documents on the computer.

Because of the conventional password-based systems used today, the agency insisted, there is now no way “to verify that the user originally authenticated is the user still in control of the keyboard.”


By continuing to use the site, you agree to the use of cookies. You can find out more by clicking this link