Alternatives to Paswords

Alternatives to PasswordsDEEPANSHU SAINI

Password : History

The average working professional has 6 passwords to perform daily functions

Passwords if used correctly are low risk, cost effective

Most common source of security

Password : Problem

Users usually use “weak” passwords, because “strong” passwords are hard to remember.

Passwords written down and not placed in a secure area.

Sharing passwords. Most computer attacks

Current Solutions

A few Solutions:

Biometrics

Smart Cards

Radio Frequency ID (RFID)

Biometrics : Defined

The automated use of physiological or behavioral characteristics to determine or verify identity.

data derived from direct measurement of a part of the human body

Biometric : Benefits

Employer

Reduced costs – password maintenance

Reduced costs – no buddy punching Increased security – no shared or compromised passwords Increased security – deter and detect fraudulent account access Increased security – no badge sharing in secure areas

Biometric : Benefits

Employees

Convenience – no passwords to remember or reset

Convenience – faster login Security – confidential files can be stored securely

Consumers

Convenience – no passwords to remember or reset Security – personal files, including emails, can be secured Security – online purchases safer when enabled by biometric Privacy – ability to transact anonymously

Biometrics : Leading Technologies

Fingerprint (optical, silicon, ultrasound, touch less)

Facial recognition (optical and thermal)

Voice recognition (not to be confused with speech recognition)

Iris recognition Retina-scan Hand geometry - Signature-scan

Biometrics : Fingerprints

Most common and used biometric approach

Optical vs. Silicon vs. Ultrasound Main uses of fingerprints: daily

access to networks and PCs, enter restricted areas, and to authorize transactions

Biometrics : Fingerprints

Door locks are around $200 and up

USB drive with fingerprint reader $80 and up

Biometric : Fingerprints

Optical reads

Oldest and most widely used

A charged coupler device converts image

Focuses on dark ridges and light valleys.

Transmitted as a digital signal.

Biometric : Fingerprints

Silicon reads

Works as a DC capacitance. The plate as one capacitor and the finger is the other.

Converts prints into an 8bit grayscale digital image.

Better quality than optical, with less surface area than optical

Biometric : Fingerprints

Ultrasound

Considered the most accurate of the three.

Transmits acoustic waves and measures the distance bases on the impedance of the finger.

Capable of penetrating dirt and residue.

Biometric : Problems with Fingerprints

Cold finger 

Dry/oily finger 

High or low humidity 

Manual activity that would mar or affect fingerprints (construction, gardening) 

Pressure of placement 

Location of finger on platen (poorly placed core) 

Cuts to fingerprint 

Angle of finger placement

Biometrics : Facial Recognition Feature analysis Feature analysis is

robust enough to perform 1-1 or 1-many searches

Utilizes distinctive features of the face

Verification time from “system ready” prompt: 3-4 seconds

Biometric : Problems with Facial Recognition

Change in facial hair 

Change in hairstyle 

Adding/removing hat, glasses 

Quality and placement of camera

‘Loud’ clothing that can distract face location 

Change in weight  Angle at which

facial image is captured

Too much movement 

Quality of capture device 

Lighting conditions 

Biometric : Voice Recognition

Voice recognition vs. Speech Recognition

Voice recognition verifies the identity of the individual who is speaking

Utilizes the distinctive aspects of the voice to verify the identity of individuals

Biometric : Problems with Voice Recognition

Cold or illness that affects voice Different enrollment and verification

capture devices Different enrollment and verification

environments (inside vs. outside) Speaking softly Variation in background noise Poor placement of microphone /

capture device  Quality of capture device 

Biometric : Iris Scans

Primary visible characteristic is the trabecular meshwork

Other visible characteristics include rings, furrows, freckles, and the corona

Biometric : Iris Scan• Trabeculum of loose fibers found at the iridocorneal

angle between the anterior chamber of the eye and the venous sinus of the sclera; the aqueous humor filters through the spaces between the fibers into the sinus and passes into the bloodstream.

Biometric : Problems with Iris Scans

Too much movement of head or eye

Glasses – Colored Contacts Takes a long time for most people

to before acquainted with the system

User placed between 2-18 inches away. Capture and verification are nearly immediate.  Typical verification time from “system ready” prompt: 3-5 seconds

Biometric : Retina Scan

Verify blood vessel patterns on retina Typical verification

time from “system

ready” prompt:

10-12 seconds.

Biometric : Problems with Retina Scans

Too much movement of head or eye Glasses

Biometric : Hand Recognition

Inferring the length, width, thickness, and surface area of the hand and fingers from silhouetted images projected within the scanner.

Over 90 measurements are taken Some are based on the shape and

characteristics of the index and middle finger.  

Relatively accurate technology, but does not draw on as rich a data set as finger, face, or iris

Biometric : Problems with Hand Recognition

Jewelry Change in weight Bandages Swelling of joints Also very costly startup Cannot perform 1 –to-many

searches

Smart Cards

Inside of a smart card usually contains an embedded 8-bit microprocessor

The microprocessor on the smart card is there for security. The host computer and card reader actually "talk" to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory,it would be no different than a diskette

Smart Cards

Uses of Smart Cards Credit cards Electronic cash Computer security

systems Wireless communication Loyalty systems (like

frequent flyer points) Banking Government identification

Average Smart Card Specs.

1 kb of RAM• 24 kilobytes of ROM• 16 kilobytes of

programmable ROM• 8-bit microprocessor

running at 5 MHz

Problems with Smart Cards

The United States still relies heavily on magnetic strips.

Costly startup fee

Codes can be found figured out by watching power consumption

Radio Frequency ID

Works with radio frequency (RF) technology Uses low frequency and low power, it does not

interfere with other telemetry equipment A user within the proximity of the computer, the

user is allowed access to the system. When they leave the computer is locked again.

Radio Frequency ID

From 3 to 30 Feet

Passive (no battery) vs. Active

Problems with RFID

Hard to read near metal or if the transmitter has passed through water.

Up and Coming Biometrics

DNA

Ear Shape

Odor (human scent)

Vein-scan

Nailbed Identification (ridges in fingernails)

Gait Recognition (manner of walking)

Suggested Password Solutions

Omit the last character or two.

Add extra characters.

Systematically change one character in the password (for example, the second character is always one more than what it should be, if the letter written down is B, then you actually type A

Passwords

If used correctly passwords

Provide a low risk

Cost Effective

Familiar interface to authenticate into systems.