In the desert, a dusty touchscreen might not recognize a soldier’s sand-covered gloves. There might be a way around that.
A soldier in a Humvee who needs access to a map of land mines does not have time to type in a 10-character password and insert a smartcard to prove to a device he is not a hacker.
But increasingly, this is the upshot as the military tightens cybersecurity to thwart adversarial snoops, as well as rogue insiders.
Touchpads could allow troops to sign on with the swipe of a finger. But in the desert, a dusty touchscreen might not recognize the soldiers' sand-covered gloves.
To ensure cybersecurity and national security do not become mutually exclusive, the Army is testing various biometric identification methods that can withstand battle terrain.
Options on the test table include tools for recognizing a user’s unique voice, keystrokes, or a combination of these and other identifiers, say Pentagon officials. Army technologists will experiment with many biometric-matching approaches on many device models to find a compatible login mechanism.
"The whole concept of authentication is a necessary evil from the soldier's standpoint," said Bob Fedorchak, tactical public key infrastructure technical lead at the Army Communications-Electronics Research, Development and Engineering Center.
For instance, logging in to a radio or other mobile device by hand can delay combat actions.
"If I could walk up to the computer and have the computer automatically recognize me, confirm my identity and provide me access without me even touching the keyboard, that's kind of the ideal situation," Fedorchak told Nextgov during an interview.
In fiscal 2017, the Army will design experiments for the "detection of insider threats based on biometric identification," according to a Defense Department budget submission.
Face Masks Might Trip Up Facial Recognition
Fedorchak is involved in the project through his role at the center, a branch component that builds and anticipates technologies crucial for soldier communications and for protecting troops from surprise attacks.
The endgame of the 2017 endeavor is to be able to identify all individuals on a network, when there are many different devices connected to it and many different people are swapping devices with each other.
Sharing computers opens up the whole insider threat risk, Fedorchak said, noting he has been tackling this problem since before ex-intelligence contractor Edward Snowden downloaded perhaps 60 gigabytes of data.
Fedorchak runs down the pros and cons of potential biometric identification techniques that could be used to spot deception.
An overarching aim of the project is to keep the number of false positives, or successful impersonation attempts, to a minimum.
One “big challenge is if I put a camera on the system, I have be able to stabilize that camera so I can take a good clear picture," he said. "I might not be able to do that if it's late at night, if it's dark out, if the soldier's wearing a face mask. We have to be cognizant that the environmentals are a bit different for the soldier than they are for someone standing in a brightly lit office."
With a fingerprint reader, there is the worry that debris on the glass could confuse the sensor. With an iris scanner, there is the concern about the amount of light in the area.
What if ‘George and I Sound Very Similar?’
The Army wants to try having soldiers walk up to a computer and talk to it, in essence entering a “voiceprint” for access.
But if a fellow soldier, say, for example, “George and I sound very similar when he speaks in a tactical environment and there is a lot of noise around, the voice recognition technology might say, 'That's Bob.’ That would give George my privileged access that he might not be entitled to," Fedorchak said
In addition, “tactical environments are fairly loud, so we have to be aware that we may not be able to pick up the voice very well. There are ways we can get around that. There are technologies that we are looking at for basically making that authentication a little stronger," he said.
The timeline for applying new biometric protections will be dictated by the acquisition cycle, how fast Fedorchak and his colleagues can analyze, and the commercial availability of the chosen tools. Some devices might be modified as early as 2018, he said.
Working out privacy protections also could affect the timing of biometric security enhancements.
The federal government recently lost the digital fingerprints of 5.6 million national security personnel to hackers with suspected Chinese military ties. No one wants that to happen again.
Fedorchak said there is no question the Pentagon must properly protect the identifying traits and personal information collected for military network access.
"Biometrics are not something that you can replace," he said. "I can replace my ID card. I can't replace my fingerprints."