Why I Like Hardware Auth

Подробнее о видео

Why I Prefer Hardware-Based Authentication E045 2024 12 02
A Bit of Security for December 2, 2024
When I first joined Gartner, I had the pleasure of meeting Chuck Stuckey in Stamford. He opened his briefcase and showed me his SecurID card. I was captivated!
The card generated a key every 60 seconds, and was synched with a similar process on the host you wanted to connect to. When you wanted to log in, you had to provide that key in the specified time interval to make a secure link.
One problem with the mechanism was that it tended to drift a bit over time. So if you didn’t use it every once in a while it would become desynchronized with the host side. Each time you did use it, the clocks would reset. And if you lost it, you have to get a replacement and re-enroll to establish your new credentials. There were no duplicates hanging around you could just pick up and use.
Earlier, at IBM, I was in the software lab when the mainframe hardware folks were developing the cryptographic TCM (thermal conduction module). They worried that someone could get their hands on one and read out the private key stored inside. The company put together a competition between a team of engineers tasked with getting the key, and another team to make the key inaccessible. The innovations they came up with were mind-boggling.
Pack the TCM with a tarry goop that you had to wash off to get to the circuits – and print the circuits in a material what was soluble in any solvent that would remove the tar. Clean the TCM and the circuit was gone!
Chill the module and slowly raise the temperature so you could detect tiny electrical circuits – so put a thermally sensitive component in the device that would erase the key if the temp dropped below a certain threshold.
Use a thermal camera to detect electrical activity? Shielding that would diffuse temperature nonlinearly.
You see, if you have the code, the software, lying on the table in front of you, you see everything -every one, and every zero. It’s just a matter of time before you can figure out what it means. Maybe you could use AI to suggest possible interpretations of bit strings, but regardless, the code will reveal itself to a discerning examiner.
You can trust everything to software if you want, but baby, hardware is where it’s at.
That’s our Bit of Security for Monday, December 2, 2024. I’m William Malik. Be safe!
Why I Prefer Hardware-based Authentication
A Bit of Security for December 2, 2024
I like hardware-based authentication – when it’s done right. Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #SecureID #hardwaresecurity #authentication #identification #accesscontrol #BitofSec