UPDATED 14:21 EST / JANUARY 24 2013

NEWS

Google Looking to Create Cryptographic Rings for Users. Are You Ready?

Two Google engineers have brought up the idea of creating cryptographic rings to help users securely log into websites and other services.Eric Grosse and Mayank Upadhyay, both Google bods have submitted the paper Authentication at Scale to the IEEE Security & Privacy Magazine for review.

The core point of the submission is that weak passwords are a bigger threat to online security than malware infection, hacker attacks, and other cyber espionage programs. This makes authentication a bigger issue, which can be overcome by a combination of risk-based checks, second-factor options, privacy-enhanced client certificates, and different forms of delegation.

This is not the Google’s first attempt to enhance authentication process for the online users, as it introduced a two-stage login process for its Gmail website two years ago. This optional two-factor verification adds an extra layer of security to Google accounts by linking them to a registered mobile phone number. Taking its efforts to the next level, the search and ad giant is now experimenting with Yubico cryptographic USB cards that generate one-time passcodes (OTP) for logging into websites. The YubiKey will combine a unique public ID number with a series of bytes generated on the fly to produce a one-time code which when used with an account username and password, will log the user into the service for that one particular session. This will add an extra layer of security for the users.

Interestingly, this Yubikey is supposed to be in the form of a finger ring that users will tap with their machines to authenticate themselves.

“We’d like your smartphone or smartcard-embedded finger ring to authorize a new computer via a tap on the computer, even in situations in which your phone might be without cellular connectivity,” Grosse and Upadhyay wrote.

“Others have tried similar approaches but achieved little success in the consumer world. Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites.”

This proposed finger gadget by Google actually sounds like a signet ring–a ring used by nobles during the Middle Ages to authenticate their identity on documents. The ring would be worn by the noble (the so-called account owner) who holds the family crest or seal. Dipped in hot wax, it would produce a “seal” or signature proving it was they (or perhaps someone else who’d stolen the ring.)

“We might even see Google call this project ‘Signet’ in honor of this practice,” says Kyt Dotson, HackANGLE editor. “Pure speculation right now, but the additional factor of a worn-dongle using NFC or Bluetooth to procure extra authentication could be used for people interested in more security on the ‘something you have’ front. Already keychain fob authenticators are common for MMORPG games such as World of Warcraft, it would be no surprise if Google got on a similar bandwagon with their services (although for a fee.)”


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU