Alternatives to Passwords

standingtopAI and Robotics

Nov 17, 2013 (3 years and 9 months ago)

61 views

Alternatives to Passwords

David Bohn

Password : History


The average working professional has 6 passwords to perform daily
functions


Passwords if used correctly are low risk, cost effective


Most common source of security


Password : Problem


Users usually use “weak” passwords, because “strong” passwords are
hard to remember.


Passwords written down and not placed in a secure area.


Sharing passwords.


Most computer attacks

Current Solutions

A few Solutions:


Biometrics


Smart Cards


Radio Frequency ID (RFID)

Biometrics : Defined


The automated use of physiological or behavioral characteristics to
determine or verify identity.


data derived from direct measurement of a part of the human body

Biometric : Benefits

Employer


Reduced costs


password maintenance

Reduced costs


no buddy punching

Increased security


no shared or compromised passwords

Increased security


deter and detect fraudulent account
access

Increased security


no badge sharing in secure areas

Biometric : Benefits

Employees


Convenience


no passwords to remember or reset


Convenience


faster login

Security


confidential files can be stored securely


Consumers


Convenience


no passwords to remember or reset

Security


personal files, including emails, can be secured

Security


online purchases safer when enabled by
biometric

Privacy


ability to transact anonymously

Biometrics : Leading Technologies


Fingerprint (optical, silicon, ultrasound, touch less)


Facial recognition (optical and thermal)


Voice recognition (not to be confused with speech recognition)


Iris recognition


Retina
-
scan


Hand geometry
-

Signature
-
scan


Biometrics : Fingerprints


Most common and used biometric approach


Optical vs. Silicon vs. Ultrasound


Main uses of fingerprints: daily access to networks and PCs, enter
restricted areas, and to authorize transactions

Biometrics : Fingerprints


Door locks are around $200 and up


USB drive with fingerprint reader
$80 and up

Biometric : Fingerprints

Optical reads


Oldest and most widely used


A charged coupler device converts image


Focuses on dark ridges and light valleys.


Transmitted as a digital signal.

Biometric : Fingerprints

Silicon reads


Works as a DC capacitance. The plate as
one capacitor and the finger is the other.


Converts prints into an 8bit grayscale digital
image.


Better quality than optical, with less surface
area than optical

Biometric : Fingerprints

Ultrasound


Considered the most accurate of the three.


Transmits acoustic waves and measures the
distance bases on the impedance of the
finger.


Capable of penetrating dirt and residue.

Biometric : Problems with Fingerprints


Cold finger




Dry/oily finger




High or low humidity




Manual activity that would mar
or affect fingerprints
(construction, gardening)




Pressure of placement




Location of finger on platen
(poorly placed core)




Cuts to fingerprint




Angle of finger placement

Biometrics : Facial Recognition


Feature analysis


Feature analysis is robust enough
to perform 1
-
1 or 1
-
many
searches


Utilizes distinctive features of the
face


Verification time from “system
ready” prompt: 3
-
4 seconds

Biometric : Problems with Facial Recognition


Change in facial hair




Change in hairstyle




Adding/removing hat, glasses




Quality and placement of camera


‘Loud’ clothing that can distract face
location





Change in weight




Angle at which facial image is
captured


Too much movement




Quality of capture device



Lighting conditions


Biometric : Voice Recognition


Voice recognition vs. Speech Recognition


Voice recognition verifies the identity of the individual who is
speaking


Utilizes the distinctive aspects of the voice to verify the identity of
individuals


Biometric : Problems with Voice Recognition


Cold or illness that affects voice


Different enrollment and verification capture devices


Different enrollment and verification environments (inside vs. outside)


Speaking softly


Variation in background noise


Poor placement of microphone / capture device




Quality of capture device



Biometric : Iris Scans


Primary visible characteristic is the
trabecular meshwork


Other visible characteristics
include rings, furrows, freckles,
and the corona

Biometric : Iris Scan


Trabeculum of loose fibers found at the iridocorneal angle between
the anterior chamber of the eye and the venous sinus of the sclera;
the aqueous humor filters through the spaces between the fibers
into the sinus and passes into the bloodstream.

Biometric : Problems with Iris Scans


Too much movement of head or eye


Glasses


Colored Contacts


Takes a long time for most people to before acquainted with the
system


User placed between 2
-
18 inches away. Capture and verification are
nearly immediate.


Typical verification time from “system ready”
prompt: 3
-
5 seconds

Biometric : Retina Scan


Verify blood vessel patterns on retina


Typical verification


time from “system


ready” prompt:


10
-
12 seconds.

Biometric : Problems with Retina Scans


Too much movement of head or eye


Glasses

Biometric : Hand Recognition


Inferring the length, width, thickness, and surface area of the hand and
fingers from silhouetted images projected within the scanner.


Over 90 measurements are taken


Some are based on the shape and characteristics of the index and middle
finger.




Relatively accurate technology, but does not draw on as rich a data set as
finger, face, or iris

Biometric : Problems with Hand Recognition


Jewelry


Change in weight


Bandages


Swelling of joints


Also very costly startup


Cannot perform 1

to
-
many searches

Smart Cards


Inside of a smart card usually contains an embedded 8
-
bit microprocessor


The microprocessor on the smart card is there for
security
. The host
computer and card reader actually "talk" to the microprocessor. The
microprocessor enforces access to the data on the card. If the host computer
read and wrote the smart card's random access memory,it would be no
different than a diskette

Smart Cards

Uses of Smart Cards


Credit cards


Electronic cash


Computer security systems


Wireless communication


Loyalty systems (like
frequent flyer points)


Banking


Government identification

Average Smart Card Specs.

1 kb of RAM


24 kilobytes of ROM


16 kilobytes of programmable ROM


8
-
bit microprocessor running at 5
MHz

Problems with Smart Cards


The United States still relies heavily on
magnetic strips.


Costly startup fee


Codes can be found figured out by watching
power consumption

Radio Frequency ID


Works with radio frequency (RF)
technology



Uses low frequency and low power, it does
not interfere with other telemetry equipment


A user within the proximity of the
computer, the user is allowed access to the
system.

When they leave the computer is
locked again.

Radio Frequency ID


From 3 to 30 Feet


Passive (no battery) vs. Active

Problems with RFID

Hard to read near metal or if the transmitter
has passed through water.

Up and Coming Biometrics


DNA


Ear Shape


Odor (human scent)


Vein
-
scan


Nailbed Identification (ridges in fingernails)


Gait Recognition (manner of walking)

Suggested Password Solutions


Omit the last character or two.


Add extra characters.


Systematically change one character in the password (for
example, the second character is always one more than what
it should be, if the letter written down is B, then you actually
type A

Passwords

If used correctly passwords


Provide a low risk


Cost Effective


Familiar interface to authenticate into
systems.