DISA tests continuous multifactor biometric ID for mobile devices
- By Lauren C. Williams
- Feb 01, 2019
The Defense Department is testing mobile devices that use multiple biometrics to continuously authenticate users.
"Most mobile phones today you unlock them with your fingerprint or face," Stephen Wallace, systems innovation scientist for the Defense Information Systems Agency, told FCW, GCN's sibling site. "That's a point in time; I can unlock it, hand it to you or leave it on a park bench and someone can pick it up and become me."
The devices DISA is testing automatically lock when picked up or moved and stay locked until multifactor biometric criteria is met. The devices -- or more specifically, the chipsets embedded within them -- analyze a user's walking gait, location, facial structure and voice patterns to validate identity.
DISA now has 50 such devices in circulation among mission partners, including the Joint Interoperability Test Command, which is evaluating them against the test plan, Wallace said after a Jan. 30 presentation at the International Association of Innovation Professionals Disruption conference.
Continuous multifactor authentication has been a priority for DOD since at least 2016, when then-CIO Terry Halvorsen announced plans to move away from Common Access Cards. DISA later identified walking gait as a particularly important biometric because facial or fingerprint recognition in a tactical environment is challenging when warfighters are wearing gloves, goggles and helmets.
The chips are being tested in Android phones, but are fashioned to be compatible with laptops, wearables and other mobile devices. "We specifically went after hardware rather than software because it could get smaller" and provide a higher level of assurance, Wallace said. "If you do it at a software level, you're dependent on the hardware below it for your security."
The initiative is part of a 2018 innovation contract with Qualcomm. The pilot also folds into DISA's assured identity initiative that combines artificial intelligence and machine learning techniques with behavioral analysis.
Wallace said the 50 devices are in an "alpha testing" phase, which will run through the spring. (The original contract with Qualcomm was for 75 devices, but the number was cut to better focus the pilot, a DISA spokesperson told FCW via email.)
The vendor will produce a reference design and, once accepted, it can be integrated into commercially available products, he said, "which then the rest of DOD can consume."
"Our goal with this is that it gets turned out to commercial industry, and so your personal phone could end up with this technology," Wallace said. "It's not really just for our classified environment. We wanted something that was commercially viable so that we don't get driven down the route of high-cost, low-deployment devices."
"If you get a broad enough deployment, the cost comes down low enough that it's affordable for everybody," he added.
This article was first posted to FCW, a sibling site to GCN.
Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at firstname.lastname@example.org, or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.