Secure passwords and multi-stage authentication systems are more crucial than ever: nowadays we use the Internet to pay our bills, conduct business and manage many aspects of daily life. Unfortunately, many people tend to use the same password for all their accounts, despite the worrying global escalation in identity theft and cybercrime, as confirmed by Swisscom last week in its Security Report 2017.
A start-up founded by ETH researchers has developed a unique method for adding an extra layer of network security, at no inconvenience to the user. Futurae Technologies has just patented a novel product, -#SoundProof? that offers a quick and safe authentication procedure. All that is required is an app running on a smartphone or tablet, and another electronic device such as a laptop or desktop computer for the user to log into the required service.
The new concept is the brainchild of Claudio Marforio and Nikos Karapanos from System Security Group in ETH’s Department of Computer Science. ‘We developed the technology back in 2015 at ETH Zurich,’ says Marforio. Since the company was set up at the end of 2016, Sandra Tobler and Samuel Berger have joined Futurae’s management team.
App and browser compare surrounding sounds
Sound-Proof works with ambient sounds. If the user logs on from their device to a service that has Sound-Proof running, the computer and the mobile phone where the app is installed record the surrounding sounds of both devices for three seconds. An artificial intelligence algorithm then compares the two. If both sounds match - e.g. the babble of voices in a café, a loud TV or the bark of neighbour’s dog - the user is automatically logged in.
Unlike existing solutions, this authentication process does not require the user to interact using their mobile device: the mobile phone can stay in their handbag or trouser pocket. The technology even works when the smartphone is located in an adjoining room, as long as the door is left open. Anyone fearing an invasion of their privacy can rest assured: the recorded sounds never leave the device. ‘This means we cannot spy on users’, stresses Marforio.
This two-factor authentication (2FA) process has been around for quite a while. Some banks, for example, send their customers a code via SMS after the password is entered on the website. The user is not logged in until the relevant code has been entered on the website. Most users find the procedure too inconvenient, however, and there is a move away from SMS login authentication due to security issues. ‘Our system, on the other hand, performs this check inconspicuously in the background,’ says Tobler.
But what happens if a hacker knows the password and is sitting in the same room as the user, or happens to be listening to the same radio broadcast precisely at that time? The Futurae team has made provisions even for this eventuality. When logging in to a new browser or a new device for the first time, the app requires manual confirmation from the user.
Pilot projects with banks
This authentication process is simple to implement and costs companies on average 60 percent less than conventional methods, and is particularly attractive for use in the financial sector, e-commerce, e-health and insurance. Futurae already has a number of pilot projects running with Swiss banks and financial institutions.
While the Sound-Proof technology is the beating heart of the product family, Futurae also offers a complete authentication suite using techniques such as QR codes and ultrasound. Ultrasound comes into play when the surroundings are absolutely quiet. It transmits an encoded message from the browser to the mobile phone. The phone can pick it up and decode it, hence authenticating a user.
At the end of March, the Futurae team received a significant financial boost: as one of two winners of the Venture Kick competition, it received a prize of 130,000 Swiss francs. ‘By participating in the Venture Kick programme, we can focus our entire attention on the marketing and commercialisation of our products,’ says Tobler. To start with, Futurae wants to conquer the Swiss market, but then plans to expand in Europe and the United States.