Featured Research

from universities, journals, and other organizations

Passwords No More? Mechanisms Enables Users to Log in Securely Without Passwords

Date:
June 4, 2014
Source:
University of Alabama at Birmingham
Summary:
Passwords are a common security measure to protect personal information, but they don't always prevent hackers from finding a way into devices. Researchers are working to perfect an easy-to-use, secure login protection that eliminates the need to use a password -- known as zero-interaction authentication. An innovative solution for safeguarding personal information relies on your proximity instead of your memory.

Passwords are a common security measure to protect personal information, but they don't always prevent hackers from finding a way into devices. Researchers from the University of Alabama at Birmingham are working to perfect an easy-to-use, secure login protection that eliminates the need to use a password -- known as zero-interaction authentication.

Related Articles


The research is led by Nitesh Saxena, Ph.D., associate professor in the Department of Computer and Information Sciences and co-leader of the Center for Information Assurance and Joint Forensics Research. The work, in collaboration with the University of Helsinki and Aalto University in Finland, was recently presented during the International Conference on Pervasive Computing and Communications and the Financial Cryptography and Data Security conference.

Zero-interaction authentication enables a user to access a terminal, such as a laptop or a car, without interacting with the device. Access is granted when the verifying system can detect the user's security token -- such as a mobile phone or a car key -- using an authentication protocol over a short-range, wireless communication channel, such as Bluetooth. It eliminates the need for a password and diminishes the security risks that accompany them.

A common example of such authentication is a passive keyless entry and start system that unlocks a car door or starts the car engine based on the token's proximity to the car. The technology also can be used to provide secure access to computers. For instance, an app called BlueProximity enables a user to unlock the idle screen in a computer merely by physically approaching the computer while holding a mobile phone that has been set up to connect with it.

However, existing zero-interaction authentication schemes are vulnerable to relay attacks, commonly referred to as ghost-and-leech attacks, in which a hacker, or ghost, succeeds in authenticating to the terminal on behalf of the user by colluding with another hacker, or leech, who is close to the user at another location, Saxena says.

"The goal of our research is to examine the existing security measures that zero-interaction authentication systems employ and improve them," Saxena said. "We want to identify a mechanism that will provide increased security against relay attacks and maintain the ease of use."

The researchers examined two types of sensor modalities that could protect zero-interaction systems against relay attacks without affecting usability. First, they examined four sensor modalities that are commonly present on devices: Wi-Fi, Bluetooth, GPS and audio. Second, they looked at the capabilities of using ambient physical sensors as a proximity-detection mechanism and focused on four: ambient temperature, precision gas, humidity and altitude. Each of these modalities helps the authentication system verify that the two devices attempting to connect to each other are in the same location and thwart a ghost-and-leech attack.

The research showed that sensor modalities, used in combination, provide added security. "Our results suggest that an individual sensor modality may not provide a sufficient level of security and usability," Saxena said. "However, multiple modality combinations result in a robust relay-attack defense and good usability."

Platforms that employ sensor modalities to prevent relay attacks in mobile and wireless systems are available on many smartphones or can be added using extension devices, and they will likely become more commonplace in the near future, Saxena says.

"Users will be able to use an app on their phones to lock and unlock their laptops, desktops or even their cars, without passwords and without having to worry about relay attacks," said Babins Shrestha, a UAB doctoral student and co-author on the papers. "Our research shows that this can be done while preserving a high level of usability and security."


Story Source:

The above story is based on materials provided by University of Alabama at Birmingham. Note: Materials may be edited for content and length.


Cite This Page:

University of Alabama at Birmingham. "Passwords No More? Mechanisms Enables Users to Log in Securely Without Passwords." ScienceDaily. ScienceDaily, 4 June 2014. <www.sciencedaily.com/releases/2014/06/140604202907.htm>.
University of Alabama at Birmingham. (2014, June 4). Passwords No More? Mechanisms Enables Users to Log in Securely Without Passwords. ScienceDaily. Retrieved November 27, 2014 from www.sciencedaily.com/releases/2014/06/140604202907.htm
University of Alabama at Birmingham. "Passwords No More? Mechanisms Enables Users to Log in Securely Without Passwords." ScienceDaily. www.sciencedaily.com/releases/2014/06/140604202907.htm (accessed November 27, 2014).

Share This


More From ScienceDaily



More Computers & Math News

Thursday, November 27, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

Predictions Of Tablets' Demise Sound Familiar

Predictions Of Tablets' Demise Sound Familiar

Newsy (Nov. 26, 2014) The tablet's days are numbered, at least according to a recent IDC report. The market-research firm paints a grim outlook for tablets. Video provided by Newsy
Powered by NewsLook.com
Today's Prostheses Are More Capable Than Ever

Today's Prostheses Are More Capable Than Ever

Newsy (Nov. 26, 2014) Advances in prosthetics are making replacement body parts stronger and more lifelike than they’ve ever been. Video provided by Newsy
Powered by NewsLook.com
FCC Forces T-Mobile To Alert Customers Of Data Throttling

FCC Forces T-Mobile To Alert Customers Of Data Throttling

Newsy (Nov. 25, 2014) T-Mobile and the FCC have reached an agreement requiring the company to alert customers when it throttles their data speeds. Video provided by Newsy
Powered by NewsLook.com
Symantec Uncovers Sophisticated Spying Malware Regin

Symantec Uncovers Sophisticated Spying Malware Regin

Newsy (Nov. 24, 2014) A Symantec white paper reveals details about Regin, a spying malware of unusual complexity which is believed to be state-sponsored. Video provided by Newsy
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:

Strange & Offbeat Stories


Space & Time

Matter & Energy

Computers & Math

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins