Hristo Bojinov of Stanford has come up with a way to thwart a “rubber hose” attack that tries to force an individual to give up a password. No, it's not training in pain tolerance – it's a different way to authenticate.
The basic idea is that you can learn subconciously (in fact, this is the way we learn most things), without even realizing that you've learned something. Passwords are not like this; those we very conciously learn (memorize).
The new technique involves learning how to play a special game. In the process of doing this, you learn – subconciously – a 30 character password made up of just six characters. This is a very secure password. If someone asked you to recite it, you wouldn't be able to do it – not even if they gave you the rubber hose treatment, and not even if you wanted to give them the password. You are not concious of it at all. To actually authenticate yourself to a computer, you have to play a round of their game. In doing so, you demonstrate to the computer that subconciously you really do know the password.
You might ask yourself (I certainly did) “But how does this help with the rubber hose attack? The trained authenticator could still be forced to play the little game!” The authors of the paper assert that there must be a “liveness test” – in other words, you can't use their method for remote authentication, but rather only for authentication when physically present at the system you're trying to authenticate to. Presumably someone would then notice if you were being beaten with the rubber hose. There are some problems with that, as there are ways to coerce people that don't require the coercer to be physically present with the coerced (for example, your spouse or child could be held hostage until you authenticate). Worse, I think, is that if you subject a password authentication system to a liveness test, then its security is enhanced in the same way. In other words, it seems to me that a large part of the benefit of this new system is derived from the liveness test, rather than the method itself.
But all that carping aside, there are some genuinely interesting security ideas in here. How practical they are is another matter altogether, but the general notion of using subconcious memory strikes me as worth exploring.
Authentication to a computer system is a really tough problem, far harder than most people realize. It's the basis for many of the kinds of computer security that average people run into every day (like, say, access to your bank account) – and yet we are still lacking good, secure, reliable solutions. Passwords are by far the most common approach, and they are demonstrably feeble. Biometric authentication (fingerprints, iris patterns, etc.) are stronger, but are defeatable and less reliable than most people consider acceptable. So I'm always interested in anything that might improve the situation...
No comments:
Post a Comment