海角大神

Imagine a world with no passwords, where Internet users are freed from memorizing jumbles of characters and numbers that are usually either too simple to crack by today鈥檚 sophisticated attackers or too complex to remember by the people who need to use them.

In the commercial space, companies like Yahoo! are offering users a way in to their听听without one. White House Cybersecurity Coordinator Michael Daniel听once said听he鈥檇 鈥渞eally love to kill the password dead as a primary security method 鈥� because it鈥檚 terrible.鈥澨�

In the next breath, however, Daniel hit on the central password paradox: 鈥渨hen we think about replacing it, it 听has to be replaced with something that鈥檚 actually easy for people to use.鈥�

To that end, Northrop Grumman will be working to develop advanced biometric solutions to enhance mobile security and virtually eliminate the password while keeping users connected on the go via a contract from the Department of Homeland Security (DHS) Science and Technology Directorate.听

This is not your 听鈥渟tandard鈥� biometrics like fingerprint or facial recognition, nor is it a simple password or a PIN. The听Northrop Grumman鈥檚 solution will combine modeling techniques with behavioral characteristics gathered by sensors on a device 鈥� such as how a user picks up and handles a device, a highly secure and irreproducible function 鈥� to authenticate user identity.听

"As the government moves to a more mobile business model, this new technology mitigates risk so users can take advantage of the newest mobile applications in a trusted state," said Shawn Purvis, vice president and general manager of Northrop Grumman鈥檚 cyber division. "From the warfighter to the civil servant, we are integrating solutions to optimize ease and performance while layering our defense-in-depth approach to protect everything from the perimeter to the data."听

The $1.7 million听leverages a research projects from two of Northrop鈥檚 university research partners.

The project is chiefly based on threat behavior modeling originally developed through its听partner Carnegie Mellon University's (CMU) cybersecurity institute, .

At CyLab, researchers investigated how sensors on a device track and capture user behavior and compare that data against a user profile automatically derived through machine-learning techniques.

(This technology was commercially spun off into a company called听, now a teammate on this project.)

Enhancing this feature is another project on mobile challenge response techniques that the company sponsored at Iowa State University through the Security and Software Engineering Research Center (S² ERC), an NSF-sponsored Industry/University Cooperative Research Center. To prove a user is who they say they are, the device simply generates a curve on the display that the user must then trace on the touch screen. As the user swipes across the screen, unique pressure points are calibrated that cannot be replicated across users, thus ensuring another level of security and authenticity. If a user is not able to authenticate, the device will lock or, in extreme situations, be wiped automatically.

鈥淭his project is an example of how we are working with our academic research partners to integrate next-generation technologies in an innovative way to address a national security imperative,鈥� Ms. Purvis said.

Northrop Grumman's听Cybersecurity Research Consortium听includes Carnegie Mellon University, Massachusetts Institute of Technology, Purdue University and the University of Southern California. Formed in 2009, the consortium aims to advance research and develop solutions to counter the complex cyber threats that face our economy, our freedom of information, and our national security.

Northrop Grumman is a leading global security company providing innovative systems, products and solutions in unmanned systems, cyber, C4ISR, and logistics and modernization to government and commercial customers worldwide. Please visit听for more information.