Researchers, led by an Indian-origin scientist, are developing an easy-to-use, secure login protection that eliminates the need to use a password. Researchers from the University of Alabama at Birmingham are working on a secure login protection known as zero-interaction authentication.
Zero-interaction authentication enables a user to access a terminal, such as a laptop or a car, without interacting with the device. Access is granted when the verifying system can detect the user’s security token — such as a mobile phone or a car key — using an authentication protocol over a short-range, wireless communication channel, such as Bluetooth. It eliminates the need for a password and diminishes the security risks that accompany them.
A common example of such authentication is a keyless entry and start system that unlocks a car door or starts the car engine based on the token’s proximity to the car. However, existing zero-interaction authentication schemes are vulnerable to relay attacks, commonly referred to as ghost-and-leech attacks, in which a hacker, or ghost, succeeds in authenticating to the terminal on behalf of the user by colluding with another hacker, or leech, who is close to the user at another location.
“The goal of our research is to examine the existing security measures that zero—interaction authentication systems employ and improve them,” said Nitesh Saxena, associate professor in the Department of Computer and Information Sciences and co—leader of the Center for Information Assurance and Joint Forensics Research.
“We want to identify a mechanism that will provide increased security against relay attacks and maintain the ease of use,” said Saxena, who led the research. The system is presently being perfected and could soon be launched, as per PTI.