Breaking the Kubernetes Kill Chain: Host Path Mount
Beyond Passwords (Guidorizzi)
1. Richard Guidorizzi
Program Manager, Information Innovation Office
Beyond passwords
DARPA Cyber Colloquium
Arlington, VA
November 7, 2011
Approved for Public Release, Distribution Unlimited.
2. The Unintended Consequences of Passwords
Defcon 2010 Password Hacking Contest
Number of passwords cracked
Source: http://contest.korelogic.com/
Approved for Public Release, Distribution Unlimited.
3. Why will passwords always be a problem?
Keyboard
6tFcVbNh^TfCvBn
Keyboard
R%t6Y&u8I(o0P-[
Keyboard
#QWqEwReTrYtUyI9 Source: Visualizing Keyboard Pattern
Passwords, US AF Academy 11 Oct, 2009
Approved for Public Release, Distribution Unlimited.
4. How do we move from proxies for you to the actual you?
Approved for Public Release, Distribution Unlimited.
5. Biometric Identity Modalities
Fingerprint Mouse tracking Forensic authorship
Type-token ratio
Time over a
Ridge Ending single location
Drifting while Average
Ridge
reviewing topics word length
Bifurcation
Island Double
click Use of unique
words
Core
Use of
Punctuation
Hovering to
review alt-text
Source: epdeatonville.orgwp-content uploads2011 Source: google search for "real estate" with mouse tracking
` Source: The Mancurian Candidate, Robert Graves, P2, Amazon
04fingerprint.jpg provided by IOGraph Preview
Existing Repurposed New
Technology Technology Technology
Approved for Public Release, Distribution Unlimited.
6. Active Authentication Program
• Performer Day Announcement: DARPA-SN-12-13
• Contact Email: ActiveAuthentication@DARPA.MIL
• Performer Day: November 18, 2011
• URL: http://www.fbo.gov
• Richard.Guidorizzi@DARPA.MIL
Approved for Public Release. Distribution Unlimited.