US Government Funds Mobile Device Security Solutions

US Government Funds Mobile Device Security Solutions

This post is also available in: heעברית (Hebrew)

Mobile device security evolved rapidly over the last few years to address the new challenges and requirements of a mobile workforce.

User authentication has moved from simple four- to six-digit passcodes to fingerprint-based biometric authentication. Managing weak, forgotten, and stolen passwords for enterprise mobile devices is especially complex, due to their small form factors and the fact that they support myriad mobile apps, each requiring their own password.

The need for secure and transparent user and device authentication is even more pressing as mobile device users increasingly store and access sensitive data through their mobile devices.

A new technology is excpected to address emerging security risks in both the private and government sectors. Innovators have created the ability to enable users—through their unique behavioral patterns—to authenticate users to mobile devices and mobile devices to network resources.

According to the website of the US Department of Homeland Security (DHS), the Defense Advance Research Project Agency (DARPA) Active Authentication Program and the DHS Science and Technology Directorate (S&T) Cyber Security Division (CSD) are collaborating actively to make enterprise-grade mobile security solutions commercially available to government agencies and the broader community.

The new behavior-based authentication and trust-based access control mechanisms were developed by researchers at Kryptowire—funded by DARPA and DHS S&T— in order to strengthen mobile user and device authentication. These new technologies are supported by a forthcoming Google application program interface and take advantage of the onboard sensors of mobile devices including touch, pressure, movement, and power to recognize users based on the way they interact with the device and mobile applications.

Through the new model, a user’s phone or mobile application is embedded with a continuous authentication algorithm that creates a model of the user’s behavioral patterns (e.g., the pressure applied with touch, the way they hold the phone, etc.). The user can be granted access to sensitive information or resources using the level of trust established from this constant behavioral analysis. Moreover, this technology makes it possible to detect imposters. A proof of concept has been demonstrated successfully on more than 100 Android devices, but as the government workforce increasingly adopts other mobile technologies, CSD anticipates the technology will be transitioned to support Apple iOS devices as well.