Alternatives to PasswordsDEEPANSHU SAINI
Password : History
The average working professional has 6 passwords to perform daily functions
Passwords if used correctly are low risk, cost effective
Most common source of security
Password : Problem
Users usually use “weak” passwords, because “strong” passwords are hard to remember.
Passwords written down and not placed in a secure area.
Sharing passwords. Most computer attacks
Current Solutions
A few Solutions:
Biometrics
Smart Cards
Radio Frequency ID (RFID)
Biometrics : Defined
The automated use of physiological or behavioral characteristics to determine or verify identity.
data derived from direct measurement of a part of the human body
Biometric : Benefits
Employer
Reduced costs – password maintenance
Reduced costs – no buddy punching Increased security – no shared or compromised passwords Increased security – deter and detect fraudulent account access Increased security – no badge sharing in secure areas
Biometric : Benefits
Employees
Convenience – no passwords to remember or reset
Convenience – faster login Security – confidential files can be stored securely
Consumers
Convenience – no passwords to remember or reset Security – personal files, including emails, can be secured Security – online purchases safer when enabled by biometric Privacy – ability to transact anonymously
Biometrics : Leading Technologies
Fingerprint (optical, silicon, ultrasound, touch less)
Facial recognition (optical and thermal)
Voice recognition (not to be confused with speech recognition)
Iris recognition Retina-scan Hand geometry - Signature-scan
Biometrics : Fingerprints
Most common and used biometric approach
Optical vs. Silicon vs. Ultrasound Main uses of fingerprints: daily
access to networks and PCs, enter restricted areas, and to authorize transactions
Biometrics : Fingerprints
Door locks are around $200 and up
USB drive with fingerprint reader $80 and up
Biometric : Fingerprints
Optical reads
Oldest and most widely used
A charged coupler device converts image
Focuses on dark ridges and light valleys.
Transmitted as a digital signal.
Biometric : Fingerprints
Silicon reads
Works as a DC capacitance. The plate as one capacitor and the finger is the other.
Converts prints into an 8bit grayscale digital image.
Better quality than optical, with less surface area than optical
Biometric : Fingerprints
Ultrasound
Considered the most accurate of the three.
Transmits acoustic waves and measures the distance bases on the impedance of the finger.
Capable of penetrating dirt and residue.
Biometric : Problems with Fingerprints
Cold finger
Dry/oily finger
High or low humidity
Manual activity that would mar or affect fingerprints (construction, gardening)
Pressure of placement
Location of finger on platen (poorly placed core)
Cuts to fingerprint
Angle of finger placement
Biometrics : Facial Recognition Feature analysis Feature analysis is
robust enough to perform 1-1 or 1-many searches
Utilizes distinctive features of the face
Verification time from “system ready” prompt: 3-4 seconds
Biometric : Problems with Facial Recognition
Change in facial hair
Change in hairstyle
Adding/removing hat, glasses
Quality and placement of camera
‘Loud’ clothing that can distract face location
Change in weight Angle at which
facial image is captured
Too much movement
Quality of capture device
Lighting conditions
Biometric : Voice Recognition
Voice recognition vs. Speech Recognition
Voice recognition verifies the identity of the individual who is speaking
Utilizes the distinctive aspects of the voice to verify the identity of individuals
Biometric : Problems with Voice Recognition
Cold or illness that affects voice Different enrollment and verification
capture devices Different enrollment and verification
environments (inside vs. outside) Speaking softly Variation in background noise Poor placement of microphone /
capture device Quality of capture device
Biometric : Iris Scans
Primary visible characteristic is the trabecular meshwork
Other visible characteristics include rings, furrows, freckles, and the corona
Biometric : Iris Scan• Trabeculum of loose fibers found at the iridocorneal
angle between the anterior chamber of the eye and the venous sinus of the sclera; the aqueous humor filters through the spaces between the fibers into the sinus and passes into the bloodstream.
Biometric : Problems with Iris Scans
Too much movement of head or eye
Glasses – Colored Contacts Takes a long time for most people
to before acquainted with the system
User placed between 2-18 inches away. Capture and verification are nearly immediate. Typical verification time from “system ready” prompt: 3-5 seconds
Biometric : Retina Scan
Verify blood vessel patterns on retina Typical verification
time from “system
ready” prompt:
10-12 seconds.
Biometric : Problems with Retina Scans
Too much movement of head or eye Glasses
Biometric : Hand Recognition
Inferring the length, width, thickness, and surface area of the hand and fingers from silhouetted images projected within the scanner.
Over 90 measurements are taken Some are based on the shape and
characteristics of the index and middle finger.
Relatively accurate technology, but does not draw on as rich a data set as finger, face, or iris
Biometric : Problems with Hand Recognition
Jewelry Change in weight Bandages Swelling of joints Also very costly startup Cannot perform 1 –to-many
searches
Smart Cards
Inside of a smart card usually contains an embedded 8-bit microprocessor
The microprocessor on the smart card is there for security. The host computer and card reader actually "talk" to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory,it would be no different than a diskette
Smart Cards
Uses of Smart Cards Credit cards Electronic cash Computer security
systems Wireless communication Loyalty systems (like
frequent flyer points) Banking Government identification
Average Smart Card Specs.
1 kb of RAM• 24 kilobytes of ROM• 16 kilobytes of
programmable ROM• 8-bit microprocessor
running at 5 MHz
Problems with Smart Cards
The United States still relies heavily on magnetic strips.
Costly startup fee
Codes can be found figured out by watching power consumption
Radio Frequency ID
Works with radio frequency (RF) technology Uses low frequency and low power, it does not
interfere with other telemetry equipment A user within the proximity of the computer, the
user is allowed access to the system. When they leave the computer is locked again.
Radio Frequency ID
From 3 to 30 Feet
Passive (no battery) vs. Active
Problems with RFID
Hard to read near metal or if the transmitter has passed through water.
Up and Coming Biometrics
DNA
Ear Shape
Odor (human scent)
Vein-scan
Nailbed Identification (ridges in fingernails)
Gait Recognition (manner of walking)
Suggested Password Solutions
Omit the last character or two.
Add extra characters.
Systematically change one character in the password (for example, the second character is always one more than what it should be, if the letter written down is B, then you actually type A
Passwords
If used correctly passwords
Provide a low risk
Cost Effective
Familiar interface to authenticate into systems.