jump to navigation

Biometrics and User Authentication September 30, 2013

Posted by markwhylie in Security.
trackback

In this day and age, one would think that password security concerns would be a thing of the past. However, as technology progresses we find that we introduce new loopholes to existing secured protocols, which yields research and discovery of new password security standards.

In a case study performed by Robert Morris and Ken Thompson on the UNIX system [1], they found that in early releases of the operating system, passwords were stored in plain text format in a password file. The problem with this approach was that it lacked any encryption and with many programs communicating authentication credentials to a remove server, it simple takes someone to be listening in on the connection to capture this information. This prompted new encryption techniques where passwords were essentially hashed and salted as a means of hiding the raw password string being accessed directly. Then just as expected, it was discovered that once could easily spoof the login script with one of their own to capture the users password.

However, as time has progressed we have seen various authentication techniques emerge to combat the never ending battle of hackers and security analysts exploiting protocols and standards. This includes the use of human biometrics, such as fingerprints, facial recognition, DNA, iris recognition or even an odor [2]. For instance, Fingerprint scanning is becoming a widely used method of verification, either to log into computer systems, at passport control, or premises entry control. Biometrics has even found their way to Disneyland in the US, where a system has been designed to deter visitors from buying fake tickets from scammers. iPhone manufacturer Apple, is also taking advantage of fingerprint technology; it is thought that the iPhone 5S and iPhone 6 handsets will be embedded with a fingerprint scanner for added security [3]. Other methods of authentication techniques involve token-based authentication systems such as driver’s license.

In what ways do you forsee hackers exploiting biometric methods of authentication and how does this affect users privacy?

[1] “Password security: a case history” by Robert Morris and Ken Thompson

[2] http://eandt.theiet.org/magazine/2013/08/bodies-of-evidence.cfm

[3] http://apple.com

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: