@Ankita Katdare • 05 Jun, 2014 • 2 likes
Moving beyond passwords for authentication when logging in to a system, an app, an online service was a long-time calling. Largely because of the increase in incidents of passwords getting hacked or stolen, getting rid of passwords and coming up with an even more effective and secure solution has been a challenge for the University of Alabama at Birmingham (UAB) has come up with a new mechanism called " zero-interaction authentication" that eliminates the need of passwords, is easy-to-use and provides secure login protection. Nitesh Saxena, Ph.D., associate professor in the Department of Computer and Information Science, who leads this research is working in collaboration with the University of Helsinki and Aalto University in Finland on this project.

The new method of zero-interaction authentication works a lot like the passive 'keyless entry' system that is becoming popular in cars. It lets user access a PC, tablet or a car without interacting with it. Using wireless channels such as Bluetooth, the system detects the user’s security token such as a mobile phone and then depending on it, verifies and grants access to the user. This works the same way as the BlueProximity app - that can be used for automatically locking and unlocking the screen when you and your phone leave/enter the desk.

passwords-not-needed-uab-researchers

Before we go on to label this new mechanism as a plain proximity detector, we have to consider the fact that the zero-interaction authentication in use today are vulnerable to relay attacks (also called "ghost-and-leech attacks"). These attacks normally have a hacker or ghost who authenticates to the terminal on behalf of the user by colluding with another hacker or leech, who is close to the user at another location.

To counter such attacks, the UAB research team studied two types of sensor modalities - First included four sensor modalities that are commonly present on devices: Wi-Fi, Bluetooth, GPS and audio and Second involved the capabilities of using ambient physical sensors as a proximity-detection mechanism and focused on four: ambient temperature, precision gas, humidity and altitude. The second method was clearly a winner. By employing multiple modality combinations, the researchers were successful in delivering a robust relay-attack defense as well as good usability.

password-not-needed-uab-research-2
What are your thoughts on zero-interaction authentication mechanism? Share with us in comments below.
Source: UAB Research
@awasthi.nishant01 • 05 Jun, 2014 Idea is awesome but second approach doesn't seem to be explained much. If you can provide any link where the details of second approach can be found.
@Ankita Katdare • 05 Jun, 2014 @awasthi.nishant01 Sure. You can study these two papers published by the UAB researchers -

Comparing and Fusing Different Sensor Modalities for Relay Attack Resistance in Zero-Interaction Authentication
https://www.cis.uab.edu/saxena/docs/tgssan-percom14.pdf

Drone to the Rescue: Relay-Resilient Authentication using Ambient Multi-Sensing
https://www.cis.uab.edu/saxena/docs/ssta-fc14.pdf
@Satya Swaroop Dash • 06 Jun, 2014 The authentication method too many parameters to make sure it is foolproof but this also means investing more money for hardware. So is the cost of the hardware for this system worth the money ?
To answer this question we have to find out what will its commercial equivalent cost ?.

Related Posts

I thought of compiling a list of the coolest and the best whatsapp group names that you've been using for your respective groups. For the sake of convenience, we'll stick...
A simple good bye email or last working day mail ain't cool! We've some awesome templates that you can use. If you're looking for an amazing Last Working Day email...
Hello CEans, How to convert CGPA (10 Point Scale) to Percentage? Please help!
I heard many students are having a trouble registering on the TCS Portal, when it's quite straightforward actually. If you have problem in attaching photos or CV, Use internet explorer...
What is IES or Indian Engineering Services Exam? Union Public Services Commission (UPSC) conducts the Engineering Services Exam or ESE 2016 is an entrance exam for graduates who wish to...