Washington: Researchers, led by an Indian-origin scientist, are developing an easy-to-use, secure login protection that eliminates the need to use a password, says PTI. Researchers from the University of Alabama at Birmingham are working on a secure login protection known as zero-interaction authentication.
Zero-interaction authentication enables a user to access a terminal, such as a laptop or a car, without interacting with the device. Access is granted when the verifying system can detect the user’s security token – such as a mobile phone or a car key – using an authentication protocol over a short-range, wireless communication channel, such as Bluetooth. It eliminates the need for a password and diminishes the security risks that accompany them.
A common example of such authentication is a keyless entry and start system that unlocks a car door or starts the car engine based on the token’s proximity to the car. However, existing zero-interaction authentication schemes are vulnerable to relay attacks, commonly referred to as ghost-and-leech attacks, in which a hacker, or ghost, succeeds in authenticating to the terminal on behalf of the user by colluding with another hacker, or leech, who is close to the user at another location.