Honeywords provide additional password security
Corporate data breaches seem to be on the rise, rarely a week passes without a company revealing that its database has been hacked and regrettably usernames, passwords, credit card details and its customers’ personal information has been leaked on to the open internet. A new protection, nicknamed Phoney, is reported in the International Journal of Embedded Systems.
Rong Wang, Hao Chen and Jianhua of Sun College of Computer Science and Electronic Engineering, Hunan University, Changsha, China, explain that once password files have been stolen, attackers can quickly crack large numbers of passwords. With their “Phoney” system which employs a threshold cryptosystem to encrypt the password hashes in the password file and honeywords to confuse attackers, even if the hackers have comprised a database, the phoney, honeywords, obfuscate and camouflage the genuine passwords. Moreover, if those honeywords are de-hashed and used in a login attempt, the hacked system will know to immediately block the fake user and lock down the account they tried to break into.
Scientists have discovered a way to authenticate or identify any object by generating an unbreakable ID based on atoms.
The technology, which is being patented at Lancaster University and commercialised through the spin-out company Quantum Base, uses next-generation nanomaterials to enable the unique identification of any product with guaranteed security.
The research published today in Nature’s Scientific Reports uses atomic-scale imperfections that are impossible to clone as they comprise the unmanipulable building blocks of matter.
First author Jonathan Roberts, a Lancaster University Physics PhD student of the EPSRC NOWNANO Doctoral Training Centre, said: “The invention involves the creation of devices with unique identities on a nano-scale employing state-of-art quantum technology. Each device we’ve made is unique, 100% secure and impossible to copy or clone.”
Current authentication solutions such as anti-counterfeit tags or password-protection base their security on replication difficulty, or on secrecy, and are renowned for being insecure and relatively easy to forge. For example, current anti-counterfeiting technology such as holograms can be imitated, and passwords can be stolen, hacked and intercepted.
The ground-breaking atomic-scale devices do not require passwords, and are impervious to cloning, making them the most secure system ever made. Coupled with the fact that they can be incorporated into any material makes them an ideal candidate to replace existing authentication technologies.
Writing in Nature’s Scientific Reports, the researchers said: “Simulating these structures requires vast computing power and is not achievable in a reasonable timescale, even with a quantum computer. When coupled with the fact that the underlying structure is unknown, unless dismantled atom-by-atom, this makes simulation extremely difficult.
“While inhomogeneity in the fabrication of nanostructures often leads to unpredictable behaviour of the final device, which is normally undesirable, we have proposed and demonstrated a potential use for the quantum behaviour of atomically irreproducible systems.”
The reported Q-ID device, which uses an electronic measurement with CMOS compatible technology, can easily be integrated into existing chip manufacturing processes, enabling cost effective mass-production. The new devices also have many additional features such as the ability to track-and-trace a product throughout the supply chain, and individual addressability, allowing for marketing and quality control at the point of consumption.
Dr Robert Young, the research leader at Lancaster University and co-founder of Quantum Base said: “One could imagine our devices being used to identify a broad range of products, whether it is authentication of branded goods, SIM cards, important manufacturing components, the possibilities are endless.”
The use of inexpensive nanomaterials and their ability to be produced in large quantities has resulted in smaller, more power efficient devices that are future-proof to cloning.