Alternatives to Passwords

1
Alternatives to Passwords

• David Bohn

2
Password History

• The average working professional has 6 passwords
  to perform daily functions
• Passwords if used correctly are low risk, cost
  effective
• Most common source of security

3
Password Problem

• Users usually use weak passwords, because
  strong passwords are hard to remember.
• Passwords written down and not placed in a secure
  area.
• Sharing passwords.
• Most computer attacks

4
Current Solutions

• A few Solutions
• Biometrics
• Smart Cards
• Radio Frequency ID (RFID)

5
Biometrics Defined

• The automated use of physiological or behavioral
  characteristics to determine or verify identity.
• data derived from direct measurement of a part of
  the human body

6
Biometric Benefits

• Employer
• Reduced costs password maintenance Reduced
  costs no buddy punching Increased security
  no shared or compromised passwords Increased
  security deter and detect fraudulent account
  access Increased security no badge sharing in
  secure areas

7
Biometric Benefits

• Employees
• Convenience no passwords to remember or
  reset
• Convenience faster login Security
  confidential files can be stored securely
• Consumers
• Convenience no passwords to remember or
  reset Security personal files, including
  emails, can be secured Security online
  purchases safer when enabled by biometric
  Privacy ability to transact anonymously

8
Biometrics Leading Technologies

• Fingerprint (optical, silicon, ultrasound, touch
  less)
• Facial recognition (optical and thermal)
• Voice recognition (not to be confused with speech
  recognition)
• Iris recognition
• Retina-scan
• Hand geometry - Signature-scan

9
Biometrics Fingerprints

• Most common and used biometric approach
• Optical vs. Silicon vs. Ultrasound
• Main uses of fingerprints daily access to
  networks and PCs, enter restricted areas, and to
  authorize transactions

10
Biometrics Fingerprints

• Door locks are around 200 and up
• USB drive with fingerprint reader 80 and up

11
Biometric Fingerprints

• Optical reads
• Oldest and most widely used
• A charged coupler device converts image
• Focuses on dark ridges and light valleys.
• Transmitted as a digital signal.

12
Biometric Fingerprints

• Silicon reads
• Works as a DC capacitance. The plate as one
  capacitor and the finger is the other.
• Converts prints into an 8bit grayscale digital
  image.
• Better quality than optical, with less surface
  area than optical

13
Biometric Fingerprints

• Ultrasound
• Considered the most accurate of the three.
• Transmits acoustic waves and measures the
  distance bases on the impedance of the finger.
• Capable of penetrating dirt and residue.

14
Biometric Problems with Fingerprints

• Cold finger 
• Dry/oily finger 
• High or low humidity 
• Manual activity that would mar or affect
  fingerprints (construction, gardening) 

• Pressure of placement 
• Location of finger on platen (poorly placed
  core) 
• Cuts to fingerprint 
• Angle of finger placement

15
Biometrics Facial Recognition

• Feature analysis
• Feature analysis is robust enough to perform 1-1
  or 1-many searches
• Utilizes distinctive features of the face
• Verification time from system ready prompt 3-4
  seconds

16
Biometric Problems with Facial Recognition

• Change in facial hair 
• Change in hairstyle 
• Adding/removing hat, glasses 
• Quality and placement of camera
• Loud clothing that can distract face location 

• Change in weight 
• Angle at which facial image is captured
• Too much movement 
• Quality of capture device 
• Lighting conditions 

17
Biometric Voice Recognition

• Voice recognition vs. Speech Recognition
• Voice recognition verifies the identity of the
  individual who is speaking
• Utilizes the distinctive aspects of the voice to
  verify the identity of individuals

18
Biometric Problems with Voice Recognition

• Cold or illness that affects voice
• Different enrollment and verification capture
  devices
• Different enrollment and verification
  environments (inside vs. outside)
• Speaking softly
• Variation in background noise
• Poor placement of microphone / capture device 
• Quality of capture device 

19
Biometric Iris Scans

• Primary visible characteristic is the trabecular
  meshwork
• Other visible characteristics include rings,
  furrows, freckles, and the corona

20
Biometric Iris Scan

• Trabeculum of loose fibers found at the
  iridocorneal angle between the anterior chamber
  of the eye and the venous sinus of the sclera
  the aqueous humor filters through the spaces
  between the fibers into the sinus and passes into
  the bloodstream.

21
Biometric Problems with Iris Scans

• Too much movement of head or eye
• Glasses Colored Contacts
• Takes a long time for most people to before
  acquainted with the system
• User placed between 2-18 inches away. Capture and
  verification are nearly immediate.  Typical
  verification time from system ready prompt 3-5
  seconds

22
Biometric Retina Scan

• Verify blood vessel patterns on retina
• Typical verification
• time from system
• ready prompt
• 10-12 seconds.

23
Biometric Problems with Retina Scans

• Too much movement of head or eye
• Glasses

24
Biometric Hand Recognition

• Inferring the length, width, thickness, and
  surface area of the hand and fingers from
  silhouetted images projected within the scanner.
• Over 90 measurements are taken
• Some are based on the shape and characteristics
  of the index and middle finger.  
• Relatively accurate technology, but does not draw
  on as rich a data set as finger, face, or iris

25
Biometric Problems with Hand Recognition

• Jewelry
• Change in weight
• Bandages
• Swelling of joints
• Also very costly startup
• Cannot perform 1 to-many searches

26
Smart Cards

• Inside of a smart card usually contains an
  embedded 8-bit microprocessor
• The microprocessor on the smart card is there for
  security. The host computer and card reader
  actually "talk" to the microprocessor. The
  microprocessor enforces access to the data on the
  card. If the host computer read and wrote the
  smart card's random access memory,it would be no
  different than a diskette

27
Smart Cards

• Average Smart Card Specs.
• 1 kb of RAM
• 24 kilobytes of ROM
• 16 kilobytes of programmable ROM
• 8-bit microprocessor running at 5 MHz

• Uses of Smart Cards
• Credit cards
• Electronic cash
• Computer security systems
• Wireless communication
• Loyalty systems (like frequent flyer points)
• Banking
• Government identification

28
Problems with Smart Cards

• The United States still relies heavily on
  magnetic strips.
• Costly startup fee
• Codes can be found figured out by watching power
  consumption

29
Radio Frequency ID

• Works with radio frequency (RF) technology
• Uses low frequency and low power, it does not
  interfere with other telemetry equipment
• A user within the proximity of the computer, the
  user is allowed access to the system. When they
  leave the computer is locked again.

30
Radio Frequency ID

• From 3 to 30 Feet
• Passive (no battery) vs. Active

Problems with RFID Hard to read near metal or if
the transmitter has passed through water.
31
Up and Coming Biometrics

• DNA
• Ear Shape
• Odor (human scent)
• Vein-scan
• Nailbed Identification (ridges in fingernails)
• Gait Recognition (manner of walking)

32
Suggested Password Solutions

• Omit the last character or two.
• Add extra characters.
• Systematically change one character in the
  password (for example, the second character is
  always one more than what it should be, if the
  letter written down is B, then you actually type A

33
Passwords

• If used correctly passwords
• Provide a low risk
• Cost Effective
• Familiar interface to authenticate into systems.