Entries Tagged "authentication"

Page 12 of 28

Butt Identification

Here’s a new biometric: how you sit:

…researchers there developed a system that can recognize a person by the backside when the person takes a seat. The system performs a precise measurement of the person’s posterior, its contours and the way the person applies pressure on the seat. The developers say that in lab tests, the system was able to recognize people with 98 percent accuracy.

Posted on December 28, 2011 at 11:40 AMView Comments

Plasmonics Anti-Counterfeiting Technology

This could be interesting:

NOtES exploits an obscure area of physics to accomplish its bright and sharp display, known as plasmonics. Light waves interact with the array of nano-scale holes on a NOtES display—which are typically 100-200 nanometers in diameter—in a way that creates what are called “surface plasmons.” In the words of the company, this means light “[collects] on the films surface and creates higher than expected optical outputs by creating an electromagnetic field, called surface plasmonic resonance.”

[…]

And security, surprisingly, is one of the major applications of these light-amplifying tiny holes. Compared with things like holograms, NOtES has a number of advantages. For one, the technology consists of nothing more than an array of tiny holes, which means it can literally be stamped into anything. Nanotech Security is in talks with the Bank of Canada, whose new plastic bills are a perfect candidate for security measures embedded using NOtES.

[…]

Using a physical stamp, Nanotech Security can imprint its minuscule holes into bills even after they’ve been printed, instantly transforming the area of the bill that’s been stamped into something that resembles a tiny LED. It’s just like the old-school printing process that yields embossed invitations and business cards, except that instead of pressing “save the date” into cardstock, a nickel stamp covered with nano-scale bumps presses corresponding holes into a material.

The results aren’t just visually crisp, they’re also good for keeping things top secret. That’s because the NOtES process yields a surface that reflects light from ultraviolet all the way into the far infrared, or wavelengths outside what we can see, but which can easily be read by machines. This opens up the potential for NOtES to be used to create watermarks on bills that counterfeiters can’t even see.

Anti-counterfeiting technologies have a difficult set of requirements. They need to be cheap for legitimate currency printers, and at the same time expensive for counterfeiters. That this technology can encode unique serial numbers—or even digital signatures of unique serial numbers—onto paper currency would be a big deal.

Posted on December 19, 2011 at 6:48 AMView Comments

New Lows in Secret Questions

I’ve already written about secret questions, the easier-to-guess low-security backup password that sites want you to have in case you forget your harder-to-remember higher-security password. Here’s a new one, courtesy of the National Archives: “What is your preferred internet password?” I have been told that Priceline has the same one, which implies that this is some third-party login service or toolkit.

Posted on September 8, 2011 at 6:14 AMView Comments

Counterfeit Pilot IDs and Uniforms Will Now Be Sufficient to Bypass Airport Security

This seems like a really bad idea:

…the Transportation Security Administration began a program Tuesday allowing pilots to skirt the security-screening process. The TSA has deployed approximately 500 body scanners to airports nationwide in a bid to prevent terrorists from boarding domestic flights, but pilots don’t have to go through the controversial nude body scanners or other forms of screening. They don’t have to be patted down or go through metal detectors. Their carry-on bags are not searched.

I agree that it doesn’t make sense to screen pilots, that they’re at the controls of the plane and can crash it if they want to. But the TSA isn’t in a position to screen pilots; all they can decide to do is to not screen people who are in pilot uniforms with pilot IDs. And it’s far safer to just screen everybody than to trust that TSA agents will be able figure out who is a real pilot and who is someone just pretending to be a pilot.

I wrote about this in 2006.

Posted on August 12, 2011 at 6:59 AMView Comments

GPRS Hacked

Just announced:

Nohl’s group found a number of problems with GPRS. First, he says, lax authentication rules could allow an attacker to set up a fake cellular base station and eavesdrop on information transmitted by users passing by. In some countries, they found that GPRS communications weren’t encrypted at all. When they were encrypted, Nohl adds, the ciphers were often weak and could be either broken or decoded with relatively short keys that were easy to guess.

The group generated an optimized set of codes that an attacker could quickly use to find the key protecting a given communication. The attack the researchers designed against GPRS costs about 10 euros for radio equipment, Nohl says.

More articles.

Posted on August 10, 2011 at 4:11 PMView Comments

RAND Corporation on Trusted Traveler

New paper: “Assessing the Security Benefits of a Trusted Traveler Program in the Presence of Attempted Attacker Exploitation and Compromise“:

Current aviation security procedures screen all passengers uniformly. Varying the amount of screening individuals receive based on an assessment of their relative risk has the potential to reduce the security burdens on some travelers, while improving security overall. This paper examines the security costs and benefits of a trusted traveler program, in which individuals who have been identified as posting less risk than others are allowed to pass through security with reduced security screening. This allows security resources to be shifted from travelers who have been identified as low risk, to the remaining unknown-risk population. However, fears that terrorists may exploit trusted traveler programs have dissuaded adoption of such programs. This analysis estimates the security performance of a trusted traveler program in the presence of attacker attempts to compromise it. It finds that, although these attempts would reduce the maximum potential security benefits of a program, they would not eliminate those benefits in all circumstances.

Posted on June 20, 2011 at 7:01 AMView Comments

Dropbox Security

I haven’t written about Dropbox’s security problems; too busy with the book. But here’s an excellent summary article from The Economist.

The meta-issue is pretty simple. If you expect a cloud provider to do anything more interesting than simply store your files for you and give them back to you at a later date, they are going to have to have access to the plaintext. For most people—Gmail users, Google Docs users, Flickr users, and so on—that’s fine. For some people, it isn’t. Those people should probably encrypt their files themselves before sending them into the cloud.

EDITED TO ADD (6/13): Another security issue with Dropbox.

Posted on May 23, 2011 at 6:47 AM

Medieval Tally Stick Discovered in Germany

Interesting:

The well-preserved tally stick was used in the Middle Ages to count the debts owed by the holder in a time when most people were unable to read or write.

“Debts would have been carved into the stick in the form of small notches. Then the stick would have been split lengthways, with the creditor and the borrower each keeping a half,” explained Hille.

The two halves would then be put together again on the day repayment was due in order to compare them, with both sides hoping that they matched.

Note the security built into this primitive contract system. Neither side can cheat—alter the notches—because if they do, the two sides won’t match. I wonder what the dispute resolution system was: what happened when the two sides didn’t match.

EDITED TO ADD (5/14): In comments, lollardfish answers my question: “One then gets accused of fraud in court. In most circumstances, local power/reputation wins in fraud cases, since it’s not about finding of fact but who do you trust.”

Posted on May 10, 2011 at 1:47 PMView Comments

Extreme Authentication

Exactly how did they confirm it was Bin Laden’s body?

Officials compared the DNA of the person killed at the Abbottabad compound with the bin Laden “family DNA” to determine that the 9/11 mastermind had in fact been killed, a senior administration official said.

It was not clear how many different family members’ samples were compared or whose DNA was used.

[…]

Also to identify bin Laden, a visual ID was made. There were photo comparisons and other facial recognition used to identify him, the official said. A second official said that in addition to DNA, there was full biometric analysis of facial and body features.

EDITED TO ADD (5/5): A better article.

Posted on May 5, 2011 at 12:52 PMView Comments

1 10 11 12 13 14 28

Sidebar photo of Bruce Schneier by Joe MacInnis.