News From USJFCOM: USJFCOM partners with industry to develop new authentication technology

Information security USJFCOM partners with industry to develop new authentication technology

U.S. Joint Forces Command's Joint Futures Laboratory's work with an industry partner puts it at the forefront of a new authentication technology designed to provide enhanced security for sensitive information.

By JO1(SW/AW) Chris Hoffpauir
USJFCOM Public Affairs

(SUFFOLK, Va. - May 23, 2005) - U.S. Joint Forces Command's (USJFCOM) Joint Futures Laboratory (JFL) is partnering with industry to develop a new, cutting edge authentication technology to enhance security and protect the military's sensitive information.

According to a 2004 House Science Committee hearing on cyber security, overt attacks through the Internet, including e-mail, cost federal government an estimated $226 billion a year.

Traditional systems use mathematical formulas, called algorithms, as keys for authentication and encryption. Most use random number generators to "seed" the algorithm. As a result, it's possible that these systems can be hacked by anyone who is sufficiently skilled and has access to the system.

"There is a common misperception that random number generators are random," said Tony Cerri, who leads JFL's engineering department. "They really aren't. And random number generators are at the heart of many authentication algorithms. We need something that's truly random to seed authentication algorithms."

The system JFL is working on, in partnership with Digital Authentication Technologies Inc. (DAT) in Boca Raton, Fla., uses a physics-based system re-keying the algorithms at every use based on radio waves surrounding the user's location.

The system, called Location Specific Digital Fingerprint (LSDF), uses the surrounding radio frequency (RF) environment to not only produce random numbers, but also to locate the user within a three cubic foot area.

Since the random number is generated by the surrounding environment, the system can't be "spoofed" or tricked by a hacker. A user has to log in at a specific location, at a specific time and have the proper key to access a secure system. A hacker would have to gain access to a device, and then recreate the RF signature to gain access from a different location.

Cerri said JFL initial test of 100 prototype units was successful, although the devices were a little ungainly.

"It worked," Cerri said. "Unfortunately, you had to plug a long antenna into your computer's USB port, and I can't convince mobile users to carry it around with them. We're trying to get into an entirely mobile unit the size of a typical key ring fob. It will have an integrated antenna, an onboard RF chipset and about 100 megabytes of storage."

Combining those factors will allow users to protect data based at varying levels and provide access based on who created it, on what device, and when and where they were when they created it. It will also allow for more secure wireless networks, by limiting access based on the user's location.

Another capability the system provides is the ability to create audit trails, enabling users to track location at various points around the world. The capability is again based on the surrounding environment, rather than fixing position by satellite.

Other commands and agencies working in partnership with USJFCOM on this technology include Naval Air Systems Command, the U.S. Army Intelligence Center and School and Fort Huachuca, Ariz., the U.S. Army Research, Development and Engineering Command and the Homeland Security Advanced Research Projects Agency.