It took me a while to realize that security in the Internet and related gadgets in use today is an arms race that will keep security consultants perpetually at work. This stance came to me after reading the analytical model that Bruce Schneier adopts to discussions on security. That notwithstanding, I was impressed with the idea expressed in this article by Randall Stross of the NYT. It correctly identifies that most people use very sloppy passwords by not giving much thought to it in addition to the fact that really strong passwords will be difficult to remember. In recognition of this human weakness, the Defense Advanced Research Projects Agency (DARPA) has commenced thinking to go beyond passwords as known today.
This project seeks to design a mechanism that allows for use of a a connected device by detection of an individuals' user signature, which he calls "Cognitive Signature". This means that access and use of computers and devices will be left to software that has the ability to detect the individual's unique interaction pattern with the keyboard. "Keystroke Dynamics" are actions that are undertaken repeatedly and therefore not subject to deliberate thought. I sense that they would build a profile which will authenticate the user of the device.
This is without doubt an extremely clever approach as the tests show that it is very difficult to consciously bypass. This will raise the threshold for those who would breach security but it also means that it will be difficult to log in people who are authorized to share a machine unless their "Keystroke Dynamics" is embedded in the system. Unlike Randall Stross who speaks of the password free environment as providing a near perfect environment, I remain less sanguine. The requirement for simplicity of systems is part of the reason why securing computer systems remains difficult. I do not see how this password-free system makes it disappear.
No comments:
Post a Comment