DISA testing multi-biometric chipsets with gait, face, and voice for mobile authentication
The U.S. Defense Department’s Defense Information Systems Agency (DISA) is testing chipsets that provide continuous authentication of a device user with multi-factor biometrics to improve data protection, FCW reports.
DISA Systems Innovation Scientist Stephen Wallace points out that most mobile phones are unlocked with finger or face biometrics, but that the authentication has limited security value. “That’s a point in time; I can unlock it, hand it to you or leave it on a park bench and someone can pick it up and become me,” Wallace told FCW.
New devices being tested by DISA lock automatically if they detect enough differences in the user’s gait, face, location, or voice pattern for the trust score to fail. Once locked, the device must be unlocked through multi-factor authentication, and a mobile device manager can be used to remotely wipe its memory if necessary. DISA has been reported to be working on a multi-factor mobile authentication platform for some time, and revealed that gait recognition was under consideration a year ago.
Mission partners are currently testing 50 Android devices, and Joint Interoperability Test Command is performing evaluations.
“We specifically went after hardware rather than software because it could get smaller” and provide a higher level of assurance, Wallace said. “If you do it at a software level, you’re dependent on the hardware below it for your security.”
Qualcomm is a partner on the project under a 2018 innovation contract which originally called for 75 devices, FCW reports, and also includes DISA’s assured identity initiative, which uses life pattern analysis as a mobile identification factor.
“Our goal with this is that it gets turned out to commercial industry and so your personal phone could end up with this technology,” Wallace says. He also notes that the scale of deployments could make the technology generally affordable. “It’s not really just for our classified environment. We wanted something that was commercially viable so that we don’t get driven down the route of high-cost, low-deployment devices.”