Northrop Grumman Corporation was awarded a contract from the Department of Homeland Security (DHS) Science and Technology Directorate to develop advanced biometric solutions that will enhance mobile security for users while virtually eliminating the need for a password.
Northrop Grumman will combine advanced behavioral sensing and modeling techniques, derived from two of its university research projects, to authenticate user identity. Instead of a password or pin, behavioral characteristics gathered by sensors on a device will authenticate user identity. Simply put, how a user picks up and handles a device – a highly secure and irreproducible function – will permit access.
"As the government moves to a more mobile business model, this new technology mitigates risk so users can take advantage of the newest mobile applications in a trusted state," said Shawn Purvis, vice president and general manager, cyber division, Northrop Grumman Information Systems. "From the warfighter to the civil servant, we are integrating solutions to optimize ease and performance while layering our defense-in-depth approach to protect everything from the perimeter to the data."
Under a $1.7 million Mobile Technology Security (MTS) research and development (R&D) award, Northrop Grumman is leveraging a research project on threat behavior modeling originally developed through its Cybersecurity Research Consortium partner Carnegie Mellon University's (CMU) cybersecurity institute, CyLab. In this approach, sensors on the device track and capture user behavior and compare that data against a user profile automatically derived through machine-learning techniques. This technology has since spun off into a company called Zense Inc. (www.zense.io), now a teammate on this project.
Enhancing this feature is another project on mobile challenge response techniques that the company sponsored at Iowa State University through the Security and Software Engineering Research Center (S2ERC), an NSF-sponsored Industry/University Cooperative Research Center. To authenticate a user, the device simply generates a curve on the display that the user must then trace on the touch screen. As the user swipes across the screen, unique pressure points are calibrated that cannot be replicated across users, thus ensuring another level of security and authenticity. If a user is not able to authenticate, the device will lock or, in extreme situations, be wiped automatically.
Added Purvis, "This project is an example of how we are working with our academic research partners to integrate next-generation technologies in an innovative way to address a national security imperative."
Northrop Grumman's Cybersecurity Research Consortium includes Carnegie Mellon University, Massachusetts Institute of Technology, Purdue University and the University of Southern California. Formed in 2009, the consortium aims to advance research and develop solutions to counter the complex cyber threats that face our economy, our freedom of information, and our national security.