Prepare to say good-bye to passwords

saxena 1Passwords are a common security measure to protect personal information, but they don’t always prevent hackers from finding a way into devices. UAB researchers are working to perfect an easy-to-use, secure login protection that eliminates the need to use a password — known as zero-interaction authentication.

At UAB, this research is led by Associate Professor Nitesh Saxena, Ph.D., co-leader of the Center for Information Assurance and Joint Forensics Research.

In zero-interaction authentication, access is granted when the verifying system can detect the user’s security token — such as a mobile phone or a car key — using an authentication protocol over a short-range, wireless communication channel, such as Bluetooth.

However, existing zero-interaction authentication schemes are vulnerable to relay attacks, commonly referred to as ghost-and-leech attacks, in which a hacker, or ghost, succeeds in authenticating to the terminal on behalf of the user by colluding with another hacker, or leech, who is close to the user at another location, Saxena said.

The goal of UAB's research is to improve security measures that could protect against relay attacks without affecting usability.

The goal of UAB's research is to improve security measures that could protect against relay attacks without affecting usability. First, they examined four sensor modalities commonly present on devices: Wi-Fi, Bluetooth, GPS and audio. Second, they looked at ambient physical sensors: ambient temperature, precision gas, humidity and altitude. Each of these can help the system verify the two devices attempting to connect are in the same location and thwart a ghost-and-leech attack; when used in combination, they provide robust security, Saxena said.

Platforms that employ sensor modalities are available on many smartphones and they will likely become more commonplace in the near future, Saxena said.

“Users will be able to use an app on their phones to lock and unlock their laptops, desktops or even their cars, without passwords and without having to worry about relay attacks,” said Babins Shrestha, a UAB doctoral student and co-author on the papers.

Research & Scholarship

  • Graduate training to improve special education services gets a boost
    A $1.25 million grant from the U.S. Department of Education will fund scholarships, provide research opportunities and support collaboration between UAB's schools of Education and Health Professions to improve education services for young children with disabilities. Professor Jennifer Kilgo, Ed.D., who directs Project TransTeam, expects to train 70 scholars in five years.
    posted 11 days ago 162 views
  • Men and women process chronic pain differently
    Robert Sorge, Ph.D., assistant professor of psychology, is lead author of a paper published in Nature Neuroscience online that disputes the assumption that a common pain circuit exists in both sexes. New research shows males and females may use very different biological systems to process pain; the key difference appears to be in the immune system and under control of testosterone.
    posted a while back 367 views
  • Will your self-driving car be programmed to kill you?
    The computer brains inside autonomous vehicles will be fast enough to make life-or-death decisions. But should they? A member of UAB’s national championship-winning Bioethics Bowl team — and the team’s coach, a renowned bioethicist — weigh in on a thorny problem of the dawning robot age.
    posted a while back 572 views
  • “Extra costs of extra weight for older adults”


    UAB research, clinical services featured in PBS story that examines the high and rising costs of health care for obese adults as they age.
    posted a while back 931 views
  • Smartphones are learning new tricks
    sensomatic main imageYou may think your phone can already do everything, but UAB cybersecurity researchers are adapting accelerometers, GPS chips, gyroscopes and other sensors to make phones that can read your mood, eliminate passwords, protect your bank account and more.
    posted a while back 850 views
  • Renowned expert named inaugural director of UAB Informatics Institute
    James J. Cimino, M.D., will lead UAB's new Informatics Institute, which was established in June 2014. Cimino, who previously was the chief of the Laboratory for Informatics Development at the NIH Clinical Center and a senior scientist at the National Library of Medicine, is a national leader in the field of biomedical informatics and co-editor of the most influential textbook on the subject.
    posted a while back 1052 views
  • Research enters data-driven era
    During the past few years, technological innovations have opened up an entirely new way to approach scientific questions. Data-driven research starts with massive information sets — the genomic profiles of thousands of patients, for example, or millions of spam emails — and then searches for emerging patterns in that data. In the latest issue of the U.S. Chamber of Commerce’s "Business Horizon Quarterly", UAB President Ray Watts, M.D., explains the way data-driven research at UAB is being applied to find novel treatments for disease, create new products and businesses and train the next generation of innovation-savvy students.
    posted a while back 1189 views
  • Fulbright scholar here to improve health care in Ukraine

    Iryna Mazhak, Ph.D., a Fulbright Visiting Scholar from Ukraine, is developing a medical sociology course and textbook materials during her nine months at UAB. No such course or textbook exists in her homeland, she says. 

    posted a while back 2953 views
  • How safe are you on the Internet?
    Participate in a brief, large-scale survey of Internet users that will help UAB researchers design strong authentication systems for securing information privacy.
    posted a while back 2520 views