Written by: Alexander De Luca, Emanuel von Zezschwitz, Heinrich HuBmann; all from the University of Munich
The VibraPass is an authentication style invented to help enhance security past just using a PIN. A user enters their PIN through a PDA or mobile phone linked to the terminal via bluetooth. The user is instructed to insert a false number while typing their PIN if their mobile device vibrates. This becomes very difficult to exploit because a perfect recording has to be made and video taken of the input for the original PIN to be found.
This style of input is new and very useful. PIN right now are very easy to exploit by simple observational tactics, this prevents simple shoulder hovering and pocket cameras from being all that is needed to steal a PIN. The only real problem I see with this is having the user need bluetooth to link to the terminal. I know that this is more looking at a new way to interface securely, but I cant help but wonder how easy it would be to spoof connections to this terminal. I think VibraPass has practical expansion in the future, perhaps by utilizing more secure personal area networks.
This is amazing. I didn't think anyone outside of the government cared about security. I've started messing with my signature on receipts because those are worthless. Pretty much every way we authenticate who we are for financial purposes relies upon security through obscurity. (Most questions asked for identification over the phone are matters of public record.)
ReplyDelete