NPR logo
DARPA Explores New Ways To Secure Our Lives Online
  • Download
  • <iframe src="https://www.npr.org/player/embed/391619540/391619541" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
DARPA Explores New Ways To Secure Our Lives Online

Digital Life

DARPA Explores New Ways To Secure Our Lives Online

DARPA Explores New Ways To Secure Our Lives Online
  • Download
  • <iframe src="https://www.npr.org/player/embed/391619540/391619541" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

The Defense Department has asked DARPA find a better way for computers to ID the humans using them. NPR's Rachel Martin talks with project head Angelos Keromytis about a future without passwords.

RACHEL MARTIN, HOST:

At this point, we all know the dangers of having a computer password that's something like 12345 or your birthday or the ever-generic password, password. But what if you could get rid of all the passwords altogether? That is what the Department of Defense is looking into, and it has tasked DARPA, or the Defense Advanced Research Projects Agency with finding a better way for computers to ID the humans using them. Angelos Keromytis is heading up the project which is known in the business as active authentication. He joins us now. Welcome to the program.

ANGELOS KEROMYTIS: Thank you.

MARTIN: So we know passwords are hacked or stolen all the time. But what about other mechanisms like fingerprints or iris scans? Aren't those supposed to be more secure?

KEROMYTIS: They generally can be, although people have been able to impersonate some of these biometrics, in particular fingerprints. The other problem is that many of the ways in which these biometrics are collected from the users are particularly invasive.

MARTIN: OK. So what is active authentication?

KEROMYTIS: Active authentication is a program that we started to look at the biometrics in a different way - that is instead of looking purely at the physical characteristics of a human being, try to, instead, look at some other inherent property of how we work, how we operate biomechanically.

MARTIN: Give me an example.

KEROMYTIS: Imagine how you type, how you put your thoughts into a keyboard.

MARTIN: You mean, like the pattern of the letters or the quickness with which I strike the keys?

KEROMYTIS: Certainly that is a part of it, but also you can consider how these vary as you type different parts of a phrase. For some things that you are very familiar with, you may be typing faster. For things that you are not as familiar with, you may be typing slower. And these are all highly dependent on your educational background, your exposure to language as a child - parameters that we, frankly, don't understand very well, but we can measure in very precise ways.

MARTIN: So you're saying that the way someone uses a keyboard could serve as a kind of password?

KEROMYTIS: Yes. That is correct. There are also the ways we walk. You can imagine something like one of those fitness trackers that captures the steps, the gait but with a lot more detail.

MARTIN: Although you're presuming that a person walks the same way no matter what mood they're in or what kind of day they're having.

KEROMYTIS: Very good question, so no. In all of these biometrics there is a certain degree of variation that you can have. That's why we're combining a number of different techniques and a number of different biometrics so that we can build the composite picture.

MARTIN: You're talking about collecting a lot of data about individuals, very personal data, which leads to privacy concerns. Right?

KEROMYTIS: You are right. And so this goes back to the heart of the point that we're not doing identification per se, we are doing authentication. For that, although we need to collect the information at the device that the user is using, we don't actually need to keep it. All we need to do is compute a single score by combining the technologies that will give us confidence as to how close or how far they are from their normal profile.

MARTIN: So you think this is possible? You can imagine a time where we don't have to remember a whole list of passwords anymore?

KEROMYTIS: Well, since I have used some of these prototypes, I can certainly imagine the day when this will be true. And I'm hoping that it will be sooner rather than later.

MARTIN: Dr. Angelos Keromytis of DARPA, thanks so much for talking with us.

KEROMYTIS: Thank you.

Copyright © 2015 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.