Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Authentication Scheme Proposed

Posted by Soulskill on from the more-secure-less-portable dept.

jerel brings us a story about a prototype authentication system which approaches security from an atypical angle. It focuses on hiding identity challenges from attackers in addition to the responses. The system, Undercover [PDF], "uses a combination of visual and tactile signals in the authentication process." "The system displays a set of images to the user and asks if any belongs to the image portfolio that the user had previously selected. At the same time, the trackball sends the user a signal that maps each button on the case to a certain answer. The user's hand must cover the trackball for it to operate, so a sneaky observer wouldn't be able to see his or her selections, or answers. So a would-be attacker can't 'see' the tactile challenge presented by the trackball and therefore doesn't get the user's authentication data, even though he or she could see the image challenge on the display."

5 of 102 comments (clear)

  1. This is the way to use a blog properly by Xiph · · Score: -1, Offtopic

    I hate to be the first poster, but this is the way to use a blog properly.
    1. get lots of feedback.
    2. remove obvious trolls, flames and harrassing comments (they've done a lot of this).
    3. read what people are actually saying.
    4. use the knowledge you gain.
    5. inform people, so they feel that you listen.

    A company blog is an excellent tool, to get rid of the most visible forms of improper corporate behavior, and can generate a lot of goodwill.
    I hope that the TSA will use this to do more than just superficial changes, but for some of the causes it will require reversal of some seriously silly laws.

    --
    Blah blah sig blah blah blah irony blah blah
  2. Not only is it obvius how to crack it ... by tomhudson · · Score: 0, Offtopic

    ... but I HATE trackballs!

  3. The classic Encryption communication turned around by thomasdz · · Score: -1, Offtopic

    OK... so Alice wants to talk to Bob, right? Charlie, recognizing the classic "ABC" combination of names, immediately begins intercepting the data traffic and applying a hyperbolic curve decryption analysis with his pal, Doug. Edgar, who is a known friend of both Alice and Bob, is also aware of the decryption attempt so he sends Fred, a neutral third-party pre-selected from a random pool to a local restaurant to make reservations for Alice and Bob and thereafter asks both of them out for dinner. Alice and Bob arrive at the appointed time, have a few drinks, some appetizers and a WONDERFUL meal, while all the time talking about stuff that they wanted to talk about. Meanwhile Charlie and Doug are tryping to decrypt random noise.

    --
    Karma: Excellent. 15 moderator points expire sometime.
  4. slashdottagsmakemesmile by Dan+East · · Score: -1, Offtopic

    Who gets to set article tags that everyone sees? Slashdot's FAQ on tags does not explain how individual user's tags end up being assigned to the article for everyone. The system can't be based on frequency, because almost every article has a long tag that was obviously a one-of (like this article's "slashdottagsmakemesmile"). Do the Slashdot editors get to choose them? Do subscribers get more weight? Or is someone manipulating the system, and assigning tags through many accounts to reach whatever threshold is required to make the tag stick?

    --
    Better known as 318230.
    1. Re:slashdottagsmakemesmile by sam_paris · · Score: 0, Offtopic

      I was the person who tagged this "slashdottagsareamystery" and it showed up as a tag. I assume I was the only person who tagged it as this.. I guess i'm just special.. :)