cards to be canceled immediately. After further investigation, the Estonian software was rewritten to compensate for the problem. (For more information, see, for example, https://news.postimees.ee/4236857/id-card-tip-from-czech-scientists
.) While the fundamental technology appears sound and the cards practical, you can expect many more vulnerabilities and alarms in the future as these hardware-based devices, impossible to perfect and resistant (in their current forms) to patching, proliferate in number and increase in importance in our careers and in our everyday life.
Security Tokens
Security tokens such as key fobs are small electronic devices that can be used as part of physical facilities access control or as part of a user login and authentication process. The simplest form of such a token or key fob uses NFC readers to detect the presence of the fob and validate its use as part of granting access through external or internal doors. The provisioning process can tailor the access privileges for each fob for the individual user—for example, allowing guests to freely enter or exit through some doors, but not through others, and only during business hours plus or minus a small margin.
Another common use of a security token is to provide users with an additional identification factor to be used during authentication. Some of these security tokens use an onboard pseudorandom number generator, which is initialized with a seed during provisioning; the same seed is used by a matching generator function in the access control system, which means that the token and the access control system generate the same sequence of numbers as they are repeatedly used. In effect, this provides a limitless one-time pad of secret keys, which can then be used by the chosen authentication protocol. These tokens can either be synchronous, with both the token device and the host access control system moving to the next one-time pad value at controlled time intervals; or asynchronous, which usually requires the user to push a button or activate the token to have it generate and display the next key value in the sequence. Asynchronous token systems often use a login counter value in both the token and the host as part of their synchronization and error detection processes. In either case, users typically must bring the security token physically to the provisioning facility if the token gets out of sync or no longer functions properly. The result of using the security token either can be an additional authentication step or can be appended or prepended to the normal “what you know” password or passphrase and then submitted (suitably hashed, one hopes) to the server for validation.
Security tokens are frequently implemented via mobile device apps. Such so-called soft tokens can provide the same functionality as the physical hard token-based systems do but often can provide important additional benefits. Deployment of multifactor authentication using soft tokens can be a significant cost savings and—with the right mobile device management (MDM) systems approach—be easier to administer. More importantly, such an integrated management of soft tokens and the devices they are associated with allows for more real-time response when a device is reported or suspected to be missing, lost, or stolen (or if its user's privileges are being suspended for other reasons).
Although adding “something you have” to the security stack of authentication is generally sound practice, physical items such as smart card, badges, and tokens can be lost or stolen. Security architectures, policies, and procedures should take this possibility into account and deal with notification and revocation in the wake of such events.
Another concept related to soft tokens is that of an authenticator. Sometimes used synonymously with soft token, the term can also refer to a special onetime code sent to a pre-vetted smartphone. Such authenticators are sometimes invoked in the middle of a login sequence—for example, when a login is attempted by a device unfamiliar to the authentication service. In this case, the code, when read from the phone and typed into the login software, provides a separate, out-of-channel means (such as a separate email to an address on file) of authenticating the request.
Still more complex authenticator schemes involve a challenge-and-response method, whereby the login sequence displays a “challenge.” The user then types the challenge string into an authenticator app on the phone, the app displays a response (often a string of digits), and the user relays the response string back into the challenging software to complete that extra stage of authentication. Amazon, Google, and many Microsoft websites routinely provide this additional challenge-response means as part of authenticating a subject before they can modify their account profiles, for example.
Type III: Something You Are
Human memory has limitations as a reliable, unique, and secure authentication factor. Physical characteristics of a human being, however, remain reasonably constant over time and are not prone to being lost, stolen, or counterfeited in quite the same way that Type I or Type II authentication factors can be. Biometric identification systems make real-time measurements of a select set of physical characteristics of a person, which an authentication process can then compare with measurement data taken during the provisioning process.
Using personal recognition as part of an identity verification process is nothing new. Human beings have identified each other by face and by voice for millennia. Footprints have helped to implicate or rule out criminal suspects for centuries. Fingerprints have been acceptable as evidence in a court of law since 1910, and the use of human DNA in criminal proceedings became accepted in 1988. In all cases, it was the development of automated measurement, characterization, storage, comparison, and retrieval systems to make any of these or other biometric identification means become practical and affordable.
Biometric methods offer a wide range of choices for the security architect, each with different degrees of reliability, practicality, and cost considerations. End-user acceptance and ease-of-use factors may also need to be taken into account, as well as any legal or cultural constraints (real or perceived) pertaining to a particular biometric method. These methods can be either static methods, which characterize the subject at a particular moment in time, or behavioral methods, which measure the subject as they perform a sequence of actions.
Static biometric methods include the following:
Body Weight Measuring a subject's body weight provides a simple, noninvasive, and oftentimes affordable second authentication factor. Although an individual's body weight does vary seasonally, with age, and with health and fitness conditions, day by day these variations are slight. Simple body weight biometric systems compare one moment's weight measurement with the value established during identity provisioning; more advanced systems trend measurements across recent history and flag anomalous changes as potentially worthy of investigation prior to granting access. Weight measurement is often used in high-security environments, in conjunction with mantrap, turnstile, or other single-person entry and exit control techniques (for example, when a second person tries to “tailgate” through a mantrap with the subject). Weight measurement devices can easily be built into the floors or floor coverings in entry vestibules or corridors, where they can be an unobtrusive, often-unnoticed component of physical area access control processes.
Fingerprint More than 100 years of experience supports our use of fingerprints as reliable and repeatable forms of identification. Fingerprint recognition technologies now are built into many consumer-grade smartphones, phablets, laptops, and other devices. Fingerprint scanning and verification is routinely done as part of immigration (and emigration) checks at airports and other border control points. The complexities of the science of fingerprint measurement, characterization, and matching have been commoditized at this point, although individual scanning units can need frequent cleaning or wipe-down between users.
Palm Print Palm prints are at least as old as fingerprints as an authentication method and may actually be older. The larger surface area makes possible more detailed differentiation, and palm prints do have some technical advantages over fingerprints. Still, palm prints have never been as popular for everyday authentication. Today, two relatively new technologies have brought the palm back into the mainstream as an authentication element. Palm vein recognition is a biometric method that uses near-infrared illumination to see (and record for comparison) subcutaneous vascular patterns, which are the pattern of blood vessels beneath the skin that is unique to each individual.