Thursday, May 3, 2007

Distributed Password Security

Passwords are very important to protect access to a secured entity. The entity may be any system, device, file or any piece of information. Passwords are often personal codes set by individual. Everyone uses his own way to set the password by adhering to certain standards defined.

As for as the security is concerned the entire security is with that person who owns the password. This is a one person to one password security scenario for the entire given system. The drawback here is that the entire security is with that person. Due to this one person owning the security there will be problems like

1. Risk of misusing the secured entity by the person holding the password.
2. Stealing of the password by other.
3. Threat to the password holder to disclose the password.

Whatever may be the length and strength of the password chosen the above problems still remain.

What if this password security is distributed to multiple people as a team? Definitely the security can never be misused. This password can never be stolen by anybody. Also the chances of misusing the password or the risk of entire team getting threatened will never arise.

Distributed password scenario

In this case the team of n members hold the entire password so that the security is distributed to the team. Here ‘n’ sub strings S1, S2…Sn, form the password string ‘S’. It is the concatenation S1+S2+S3+…+Sn, which forms the whole password. Each member of this team holds the sub string, Si. He treats that as his own password with its own length. The login process will be successful if, all team members enter their strings S1 to Sn, correctly in order.

There is no separate implementation required for the login process to authenticate the entry except that all members should be present while login. The entire team will be the authorized users group and will be required while login.

When the entire team logs in the actual user needs to be identified. With the whole team entering the password there should be a way for the system to determine who is going to access the system and uses the system further. Any one can use the system. So the next level can be another login screen where any one member ‘Mi’ from that team can enter inside with his sub string password Si. This solves the problem of identifying the actual person going to work on that system. To change the main distributed password again the entire team is required.

This is the better approach than the multiple level logins or multiple levels of securities. It fits for the areas like military, finance and various highly secured systems, where the security is under threat.

Save Water and Save Life

Save Water and Save Life