BEACON Researchers at Work: In Search of The Perfect Password

This week’s BEACON Researchers at Work post is by NC A&T graduate student Joshua Adams.

Passwords are a problem. They are easy to forget and if you write them down, they can be stolen. If you’re like me, you probably have more passwords than you could ever hope to remember. Not only do you have too many passwords, you are required to change them almost weekly and you can’t reuse them. They have to be more than 8 characters long, and they have to include uppercase characters, lowercase characters, symbols, and numbers. If you think this is bad, just wait… As computers get faster, our passwords will get longer and more complex. Is this the price of security in the digital age? Is there a better way? Before we get to that, a little background about me and how I got here.

CIMG2096My name is Joshua Adams. I am a graduate student majoring in computer science at NC A&T State University. Growing up, I loved to build things. It started with Lincoln Logs and then Legos as I got a little older. As I approached my teenage years, I started to build less and play more. Most of my attention turned to video games and computers. Much to my parents’ surprise, some good came out of it: I started a business in high school building and selling computers. Fortunately, the business didn’t work out. Costs were too high and profits were too low. Why is this fortunate? All of this helped me to realize that I wanted to go to college to learn how to develop software.

I was lucky to get involved with research as an undergraduate. As chance would have it, I started doing research with biometrics (unique physical and/or behavioral identifiers). Different biometric modalities are featured in TV shows and movies all of the time. Crime shows frequently use fingerprints, face recognition, and DNA to catch criminals. In the latest OO7 movie, James Bond was given a gun that used palm recognition and would only fire if he was holding it. These are all good examples of physical biometrics. Could biometrics like these be the solution to our password problem? That question is a major part of my research.

[Reference: http://www.sans.org/security-resources/policies/Password_Policy.pdf]

[Reference: http://www.sans.org/security-resources/policies/Password_Policy.pdf]

Physical biometric systems are great because they deal with who you are. Unlike passwords, they can’t be guessed or forgotten. They also can’t be lost or stolen like RFID cards and USB keys. Best of all, these biometric recognition techniques have made their way from the realm of sci-fi to reality. Many laptops now have fingerprint readers than can be used to log in. Newer Android phones can use face recognition to be unlocked. So what’s the catch?

While these techniques are a step in the right direction, we don’t have the solution yet. One disadvantage is that many physical biometric modalities (fingerprint, iris, face, etc…) require additional hardware that can be quite expensive. Another disadvantage is that additional hardware can increase failure rates. Because they sometimes fail, many current biometric systems allow you to bypass them completely and continue to use a password. Is there a way we can use biometric recognition techniques without these shortcomings?

Behavioral biometrics could be a solution. Behavioral biometric techniques involve measuring a user’s actions with respect to time such as movement or language choice. There have recently been techniques developed to identify someone based on how they use a computer. Unfortunately, these techniques haven’t matured enough to be used on a large scale.

Is there a way to improve these biometric techniques so they can completely replace passwords? In my research, I use a form of artificial intelligence called genetic and evolutionary computations (GECs) to solve this question. These techniques simulate the process of natural selection to find previously unknown solutions, essentially evolving biometric systems. Not only can we improve an individual biometric system, we can evolve ways to combine both physical and behavioral biometric techniques so that they work together. By creating new biometric recognition techniques, we can start moving away from our current password predicament.

The ultimate goal of this research is to create a system that automatically authenticates you without the need for passwords. Imagine logging into a computer by typing a simple phrase or moving your mouse. Not only could this be used to log you in, it could be used to log you out as well. If someone were to start using your computer while you were away, your computer could automatically log you out. There is still a lot of work to be done, but the future is bright.

For more information about Joshua’s work, you can contact him at jcadams2 at aggies dot ncat dot edu.

This entry was posted in BEACON Researchers at Work and tagged , , , , . Bookmark the permalink.

Comments are closed.