printer friendly version

Secured password management

As the use of Internet services surges, end users are required to have multiple passwords for everything from e-mail services to e-banking applications and corporate accounts. Additionally, they are required to have another set of pass codes for the different devices employed to connect to the Internet.

With the diverse combination of alphanumeric characters utilised to create these passwords aiming to add layers of identity theft protection, it has further rendered the whole process more complex for the user. Thus, there is a pressing need to have a secured application to adeptly manage and store all these passwords against foreign attacks.

In order to address the aforementioned need, researchers from Germany-based Fraunhofer Institute for Secure Information Technology (SIT) have developed an innovative security tool aimed to provide a more robust and secure platform to restore all passwords. The solution, termed MobileSitter, focuses on secure mobile management of authentic passwords and personal identification number (PINs) positioned on mobile phones. In situations, where such a device is stolen, each master password entered by the hacker will trigger the MobileSitter to return random decrypted results correlated with the entered master password.

Rather than indicating that a false entry has been entered, the solution continues to render results. Thus, the hacker will not be able to differentiate and ensure if the returned result is correct. Consequently, the hacker will apply the returned result and will eventually perceive that all the results are totally false. Therefore, the MobileSitter could efficiently avoid hackers from retrieving other stored critical pass codes on the mobile device.

Compared to competing password management solutions, the MobileSitter leverages a dynamic encryption algorithm in which the different passwords are computer generated. Frost & Sullivan believes this equips the MobileSitter to a higher grade of security and renders a different level of complexity for dictionary attacks provisioned to breach and decrypt the protected pass codes. It is commonly known that user-selected pass codes drastically reduce the set of keys utilised and thus expose them fairly easily to foreign dictionary attacks.

The MobileSitter is developed using the Java Platform, Micro Edition (ME), which is widely utilised for applications on mobile devices. Therefore, a key advantage of this solution is that it could be installed on devices that are much less sophisticated and have reduced capacity, for example, old mobile phones. The minimal requirement is that the mobile device can execute Java applications, which require very low processing functionality. Furthermore, the encrypted data could seamlessly interchange with different devices and thus enhance the utility value of this service for the user. With its simplistic characteristic and ease of implementation ability, this could empower the solution to provide a more viable password management platform and reach a large base of users.

Frost & Sullivan expects this technology to provide a new dimension for the mobile security industry that could gain significant acceptance in the next 2-3 years.

Share this article:

Further reading: