DARPA Explores New Ways To Secure Our Lives Online
RACHEL MARTIN, HOST:
At this point, we all know the dangers of having a computer password that's something like 12345 or your birthday or the ever-generic password, password. But what if you could get rid of all the passwords altogether? That is what the Department of Defense is looking into, and it has tasked DARPA, or the Defense Advanced Research Projects Agency with finding a better way for computers to ID the humans using them. Angelos Keromytis is heading up the project which is known in the business as active authentication. He joins us now. Welcome to the program.
ANGELOS KEROMYTIS: Thank you.
MARTIN: So we know passwords are hacked or stolen all the time. But what about other mechanisms like fingerprints or iris scans? Aren't those supposed to be more secure?
KEROMYTIS: They generally can be, although people have been able to impersonate some of these biometrics, in particular fingerprints. The other problem is that many of the ways in which these biometrics are collected from the users are particularly invasive.
MARTIN: OK. So what is active authentication?
KEROMYTIS: Active authentication is a program that we started to look at the biometrics in a different way - that is instead of looking purely at the physical characteristics of a human being, try to, instead, look at some other inherent property of how we work, how we operate biomechanically.
MARTIN: Give me an example.
KEROMYTIS: Imagine how you type, how you put your thoughts into a keyboard.
MARTIN: You mean, like the pattern of the letters or the quickness with which I strike the keys?
KEROMYTIS: Certainly that is a part of it, but also you can consider how these vary as you type different parts of a phrase. For some things that you are very familiar with, you may be typing faster. For things that you are not as familiar with, you may be typing slower. And these are all highly dependent on your educational background, your exposure to language as a child - parameters that we, frankly, don't understand very well, but we can measure in very precise ways.
MARTIN: So you're saying that the way someone uses a keyboard could serve as a kind of password?
KEROMYTIS: Yes. That is correct. There are also the ways we walk. You can imagine something like one of those fitness trackers that captures the steps, the gait but with a lot more detail.
MARTIN: Although you're presuming that a person walks the same way no matter what mood they're in or what kind of day they're having.
KEROMYTIS: Very good question, so no. In all of these biometrics there is a certain degree of variation that you can have. That's why we're combining a number of different techniques and a number of different biometrics so that we can build the composite picture.
MARTIN: You're talking about collecting a lot of data about individuals, very personal data, which leads to privacy concerns. Right?
KEROMYTIS: You are right. And so this goes back to the heart of the point that we're not doing identification per se, we are doing authentication. For that, although we need to collect the information at the device that the user is using, we don't actually need to keep it. All we need to do is compute a single score by combining the technologies that will give us confidence as to how close or how far they are from their normal profile.
MARTIN: So you think this is possible? You can imagine a time where we don't have to remember a whole list of passwords anymore?
KEROMYTIS: Well, since I have used some of these prototypes, I can certainly imagine the day when this will be true. And I'm hoping that it will be sooner rather than later.
MARTIN: Dr. Angelos Keromytis of DARPA, thanks so much for talking with us.
KEROMYTIS: Thank you. Transcript provided by NPR, Copyright NPR.