DISA developing prototype to verify mobile user identity based on life patterns
The U.S. defense department is developing a prototype within the next year that aims to authenticate the identity of mobile users through their life patterns, such as how fast they walk to their office or the locations they regularly visit, according to a report by AFCEA.
The pilot project is designed to authenticate military personnel who may not otherwise have the time to routinely submit fingerprints, facial recognition scans or other forms of traditional biometrics.
Defense Information Systems Agency (DISA) officials have remained tight-lipped about the project’s details because they expect to award a contract soon, but they confirmed that a prototype could potentially be created in as soon as six months.
“We’re looking to prototype a specific type of technology as we go forward here, and … we’re trying to do it in a fairly rapid fashion,” said Jeremy Corey, DISA’s assured identity program manager and leader of the agency’s Cyber Development Innovation Cell. “So in the next 12 months, I think you’re going see that technology really evolve.”
In addition to authenticating mobile user identities, the system is also expected to generate a trust score to help determine the user’s level of access. However, the department has not yet determined the trust score process.
“From an authentication and authorization standpoint, it provides a means of developing a trust score with a very high probability that you are who you say you are,” said Capt. Jeffrey Buss, USN, chief technology officer for DISA’s Cyber Development Directorate. “From an authentication standpoint, it greatly aids us in our ability to identify users on the network.”
By examining the user’s life patterns, the DISA’s cyber hunters will also be able to more effectively track threats, said Roger Greenwell, DISA’s chief of cybersecurity and authorizing official, Office of the Risk Management Executive.
“It moves even beyond the concept of biometrics in many ways, when you think about how a person writes out something—how they hold a device, how they type, the speed at which an individual enters information,” Greenwall said. “All of these things are essentially patterns of life that can then be used as indicators of who is actually using that device.”
Corey said patterns-of-life authentication will simplify the authentication process for military personnel because they will no longer have to enter a six- to eight-digit personal identification number up to 50 times per day.
Corey said that biometrics can still complement patterns-of-life analysis, while DISA officials also emphasize the need to supplement the patterns-of-life authentication process with strong encryption.
The Defense Department has already made significant investments in public key infrastructure and has no plans to move away from the technology in the near future, he added.
“It’s really how we can better utilize these biometrics and these patterns of life and … maybe supplementing that public key infrastructure credential or using that credential to access resources on the Department of Defense Information Network [DODIN],” Corey said.
Capt. Buss said the agency could use industry’s help in “trying to figure out how to establish that trust, identity, authentication and authorization.”