BACKGROUND: Along with the rise of wireless networks is rising concern about securing networks against fraud and identity theft. Researchers at Indiana University have devised a new cryptographic security scheme to protect individual passwords from prying eyes.
WIRELESS IS VULNERABLE: The most common forms of wireless network hacking include methods for secretly intercepting passwords or other sensitive information by posing as a trusted network point. Such an attack is particularly effective against wireless networks that let users relay messages for one another. These so-called "ad-hoc" networks are useful in emergency situations, when the normal networks are overwhelmed or not working, but they are also more vulnerable to security breaches.
HOW IT WORKS: Delayed password disclosure works something like this. Let's say that you enter your password at an ATM to check your bank account information. If your password is "banana5," you would only need to type "b." The machine would then display a picture, which you have previously agreed goes with the "b." To verify, you move on to the next letter, "a," and the machine will display a second, agreed-upon picture to validate your password. There are an infinite number of picture possibilities for password verification.
BENEFITS: Existing security protocols concentrate on securing the link between two machines, but any hacker can use a computer as a fake access point, stealing information secretly. Delayed password disclosure counters this by allowing both parties to use a pre-arranged password or PIN for authentication that is not revealed during communications. Whenever a user initiates a wireless link, the agreed code is turned into a string of incoherent bits by a mathematical algorithm, while at the other end of the link, another algorithm is applied to the string and sent back to the user. In this way, the code can be checked mathematically to confirm that the person at the other end of the link shares the same secret password or PIN.