New security system could do away with passwords

A Swedish company with Carlow-man Neil Costigan at the helm is shaking up online security.

BehavioSec, a spinout from the Luleå Technical University, at the gateway to Lapland, has invented a new way to identify online users through behavioural biometric fingerprinting.

The company has developed a system which can verify that someone online is who they are supposed to be by recognising not just what they are inputting to a computer or smartphone but by how they're inputting it.

Behind the scenes
BehavioSec's security system works behind the scenes to analyse the speed, pressure and directional swipe of the user's key strokes.

According to Darpa (the US Defence Advanced Research Projects Agency) it is an "Active Authentification" system which figures out that the person typing into a phone or computer is who they are supposed to be.

The system is shaking up the security and antifraud business worldwide.

To date the company has received €1.5 million in funding through Conor, a Finnish venture capital firm, and from the Swedish government through a similar body to Enterprise Ireland.

The company has secured contracts with the major banks in Sweden and some other Scandinavian banks.

Samsung is a client and there is interest from defence sources, while phone handset manufacturers in North America also have research contracts with the company, to look at adopting their technology in the next generation of smartphones.

Invisible to end user
The beauty of the BehavioSec machine-learning algorithm, says CEO Neil Costigan (45), is that it is invisible to the end user.

He says that for the likes of banks, which have complex internet security measures that require their customers have absolute faith in their security systems, the intention would ultimately be to do away with complex passwords in favour of a system which is easier to use, yet more secure.

So while the banking password may become less taxing than is now the case for home users, behind the scenes BehavioSec’s system (along with other existing technologies which for example, verify the location of mobile phones or IP addresses) verifies their identity when they log on to pay a credit card bill or shop online.

At the moment the company’s system is used as an extra layer of authentication, but ultimately it could do away with the need for lengthy passwords, as well as scratch cards, tokens or online banking card-readers.

Costigan, who has a PhD in elliptic curve cryptography (applied cryptography) from Dublin City University, is a globally recognised expert in security and encryption.

He lives in north Sweden with his wife and daughter, and taught at Luleå Technical University before working with BehavioSec.

It’s is not his first university spinout, nor is it likely to be his first major business success story.

Costigan is former co-founder of Celo Communications, another security start-up business which he took to Silicon Valley in 1999 at the height of the dot-com boom.

Headquartered in Dublin but with an office in California, the company was innovative in its approach to online security and was acquired by Gemplus (now GemAlto), a leader in chip and pin technology.

Costigan then moved to Aix-en-Province in France where he was vice president of research and development in banking and security.

He was directly responsible for R&D over a global team of engineers and oversaw the development strategy of the company.

With five start-ups under his belt, he's not a bad guy to have on board.

Struck by potential
This latest project essentially saw him come out of retirement as an academic three years ago.

Asked to speak to undergraduate students at the Luleå University of Technology, Costigan was all set to warn them of the perils of start-ups: of the long hours, the quest for funding and the stress of getting a technology idea recognised by big business.

He emerged from the meeting “blown away” by the potential of what this young crew had proposed – a novel security system that would shake up online security and a development that, he says, gives him the sense of Celo déjà vu.

He is however circumspect about the difference between today’s tech market and that of the late 1990s and he says that the sector has become less maverick.

“Less like the Wild West – more mature. A crazy idea on a white board won’t get you money these days,” says Costigan, who admits that 15 years ago he was inventing solutions to problems that hadn’t been solved.

Now, he says, a strong business plan is just as important as an innovative idea.

He acknowledges that now there are less “empty spaces” to fill in the technology industry aside from disruptive industry shakers such as music streaming service Spotify or online communications tool Skype and that now a lot more time must be spent honing the research before attempting to bring a product to market.

According to Costigan, ambition and a good team are what drive a start-up to success.

Costigan jokingly says that he's been called "half a geek" – an apparent business-enhancing quality that he brings to BehavioSec.

Entrepreneurial experience
As an expert in security, he not only understands the product in depth but can also convey its importance to potential investors.

While he is considered world-class among his peers he also brings a breadth of entrepreneurial experience and an easy-going manner that other boffins may fail to bring to business.

Despite having lived in many countries, he completed all his education at Dublin City University, on the one hand because he believes it offers specialisation in his chosen subject, but also because he chose to work closely with his mentor there – Prof Michael Scott – who he describes as "a world-leader in his field and an inspiring, modest man".

Over the years, Costigan has hired many DCU graduates believing them to have the edge over other applicants in terms of their studies, work experience and “office readiness and ability to fit into a team”.

BehavioSec is one of several companies participating in the FinTech Innovation Lab in London – an annual mentorship programme in the City for start-ups and young businesses developing “cutting-edge technologies for the financial services sector”.

From an office at Canary Wharf, Costigan is showcasing BehavioSec's technology to the British banking sector – obvious targets given the success it has had with banks in Scandinavia.

Other targets are the German banking industry and the global phone handset manufacturing industry: Costigan often crosses to Atlantic for meetings.

The excitement of being with a start-up is partly a David and Goliath thing: "I was politely chatting at a conference a few weeks ago in California with a competitor.

“We are both chasing a competitive contract and both actively bidding on it.

“‘So how many are you now?’ I asked him.

“‘Eight, with about four subcontractors,’ he replied.

“‘Same with BehavioSec,’ I said. But he meant 8,000!”

For Costigan it’s about being the underdog, punching above your weight.

For those with the great ideas and the right business acumen it’s about the modest start-up pitching to the big guns against companies with massive budgets and huge numbers of staff.

It's about how, by having the right product and a quality team, the small fry can still be in the running.

behaviosec.com