|
Rochester Institute of Technology Professor Recommends Tougher Computer Security Measures to Beat Hackers
ROCHESTER, N.Y., Dec 02, 2008 (ASCRIBE NEWS via COMTEX) --
Hackers
beware. A Rochester Institute of Technology professor knows
how to thwart sophisticated and determined intruders from
stealing personal and corporate information. His secret?
Anchor your online activities to the physical world.
RIT scientist and entrepreneur Roger Dube takes a close
look at user authentication and computer security in his
recently published book "Hardware-Based Computer Security
Techniques to Defeat Hackers: From Biometrics to Quantum
Cryptography" (Wiley).
Intended for information technology professionals and
others responsible for implementing computer security,
"Hardware-Based Computer Security Techniques to Defeat
Hackers" is a complete review of different types of hardware
technology that can protect computer systems.
"There are steps you can take to protect your computer so
you can be certain an application you bring up is authentic
and hasn't been replaced with something, for instance, that
contains a Trojan horse - a virus that masquerades as a
normal program," says Dube, research professor in RIT's
Chester F. Carlson Center for Imaging Science, and president
and chief scientist of Digital Authentication Technologies
Inc.
"The protection that is available today is largely based
on algorithms and secrets," Dube adds. "And the problem with
secrets is that they have to be shared before they can be
used. Poorly constructed secrets can be guessed, making
systems vulnerable to attack. And poorly protected secrets
can be stolen outright."
A recent example of this weakness made the news when a
hacker gained access to Gov. Sarah Palin's Yahoo! account,
weeks before the election, by pretending to be the
Republican vice presidential candidate. The hacker used
Palin's personal information reported in the news to answer
the security question protecting her e-mail account.
Software approaches to computer security provide limited
protection, Dube says. The problem is that encrypted
keystrokes hiding the password/secret are transmitted over
the Internet, and these passwords can be intercepted and
broken.
Pseudo random number generators, algorithms that are
often used to create passwords or disguise a password as a
jumble of symbols and numbers, are inherently predictable
and can be cracked. The commonly used two-factor form of
authentication - username plus password, PIN number or pass
phrase - is fragile. Today, more robust security systems
require users to present their name and password, and
something unique to themselves. The nation protects its top
secrets with software and hardware security technologies
considered to be astronomically difficult to break, Dube
notes.
"You cannot use an algorithm to generate a true random
number," Dube says. "It's going to be predictable because
it's a calculation. It will create a number that looks
random, but if a hacker commandeers the 'seed' condition,
they've broken the code completely."
According to Dube, only hardware-based security
applications can provide the strongest security systems
possible - pattern-free and unpredictable. These methods
connect a system or a person to the physical world, ensuring
confidentiality and authenticity of communication in ways
software applications cannot.
"We needed to tie our security system to something that
has its roots in the physical world, rather than to make it
purely algorithmic. The advantage is that you can find all
kinds of random sources in the physical world that are
completely pattern free, but the disadvantage is that they
typically involved a piece of hardware. Until recently
people have been reluctant to add another piece of hardware
or to carry something around. But when the loss becomes too
much, hardware-based protection becomes the answer."
In his book, Dube details security systems that generate
"passwords" from the physical world such as advanced
biometrics (fingerprint scanning and iris and retinal scans)
and tokens, such as smart cards embedded with a secure
electronic chip. He also discusses location technologies
that determine if remote servers are legitimate or carefully
constructed fakes commonly used in phishing attacks, as well
as geolocation technologies, such as global positioning
system technology. The book also discusses the potential
vulnerabilities of each of these technologies.
Dube's own computer-security research focuses on location
technologies and satellite timing signals. Contractors for
the U.S. Department of Defense tested the security system
Dube developed for Digital Authentication Technologies
Inc. and found it robust.
"The technology gives us location awareness, but doesn't
tell us where on the surface of the Earth we are," Dube
says. "It's double safe in that way."
A partnership between RIT and Digital Authentication
Technologies Inc. is supporting research to enhance this
security technology.
Rochester Institute of Technology is internationally
recognized for academic leadership in computing,
engineering, imaging technology, and fine and applied arts,in addition
to unparalleled support services for students
with hearing loss. Nearly 16,500 full- and part-time
students are enrolled in more than 200 career-oriented and
professional programs at RIT, and its cooperative education
program is one of the oldest and largest in the nation.
For two decades, U.S. News & World Report has ranked RIT
among the nation's leading comprehensive universities. RIT
is featured in The Princeton Review's 2009 edition of The
Best 368 Colleges and in Barron's Best Buys in
Education. The Chronicle of Higher Education recognizes RIT
as a "Great College to Work For."
- - - -
((AScribe - The Public Interest Newswire / http://www.ascribe.org))
[ Back To cable.tmcnet.com's Homepage ]
|