Even as the amount of sensitive data stored on mobile devices increases, encompassing everything from banking information to confidential communications, the standards for smartphone security remain minimal. Most devices are protected only by short passphrases, which may be relatively easily cracked or even bypassed, as a recent iOS security flaw showed. To improve endpoint protection, more comprehensive solutions may be needed, according to DARPA, which recently announced a funding initiative aimed at developing behavioral biometric security tools for smartphones.
“DARPA’s Active Authentication program is addressing this problem by adding additional ways to validate a user’s identity beyond the password based on user behavior,” the agency announced on its website. “The program focuses on the development of new types of behavioral biometrics focused on the user’s cognitive processes – usage patterns or habits of individuals that, in combination, can serve as an online fingerprint and identity check.”
In its request for proposals, DARPA noted that the program goals include expanding research in the area of computational behavioral traits and developing an application that integrates behavioral, cognitive and physical biometrics to provide identity validation without the use of an additional hardware sensor. While traditional biometrics focus on factors such as physical traits and interactive behavior such as keystroke patterns and mouse movement, behavioral and cognitive biometrics look to expand the factors being tracked to include structural semantic analysis and computational linguistics (how people construct sentences and use language, respectively).
Inside the program
The mobile program kicks off a second phase of the Active Authentication program, which initially focused on developing similar behavioral biometrics tools for desktop users. While that program is ongoing, the submission of several promising approaches has encouraged DARPA to expand into mobile options, according to program manager Richard Guidorizzi.
The end goal of such technologies will be to serve as an authentication solution for the Department of Defense (DOD). To ensure viability, the technologies will be subjected to testing and source code analysis prior to implementation. Developing a secure tool has significant implications.
“For the DoD, warfighters need to download software, reports, maps, mission-specific software and receive orders in the field,” DARPA explained. “This versatility cannot be provided at the cost of network security, however, and behavioral biometrics are being developed to add layers of defense without burdening the user.”
Building in holistic software security will be essential to the development of such an application, and vendors will want to deploy tools such as static analysis to meet the stringent protection needs facing the DOD. Developers interested in submitting proposals have until noon on April 2, 2013. They can find more information at www.fbo.gov, where the project is listed under the identification number DARPA-BAA-13-16.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.