NFC Mouse (input device)
I had an idea for a mouse / input device, which had NFC capabilities built in that could "talk to" the NFC ring, which could contain a username and/or password to allow a user to logon to a computer.
This feels similar to how the unlock is meant to work on phones, but with a specific input device for a computer.
I really like this idea
Definitely a good idea, I was thinking something along this line also. NFC reader teamed with a microduino or similar inside a mouse? Alternatively for a desktop setup it might be easier to set aside a portion of the desk with a reader below/inside the desk surface. I'd put one close to where my left hand normally rests as I'll be using one on my left little finger and one on my right ring finger.
Except, how do you ensure that you're not letting your data be compromised when someone else has an NFC-reading mouse?
Admittedly someone else posted a commercial Asus device that lets you log in to Windows 8 just by swiping a fob, so the industry is willing to push stuff that is susceptible to replay attacks, but that doesn't make it the most complete and secure solution :)
I'm still trying to work out what the best option is for something like this with minimal complexity.
I think the only real way to treat this is as an ease of use device, one of the other posts I replied to was getting wildly complicated with protecting the data on the ring, but most of those ideas while good in certain aspects were only increasing the difficulty of using it. In this case better to have a swipe card which is locked in a metal box that is handcuffed to your leg...
Besides, if you're using my computer, all expectations of privacy go out the window. :-)
That Asus thing is um, not very fun..... I had to hack on one today, I finished work very late after replacing the whole insides of the case with an arduino based solution..
Thanks for that, John. I'll back away from the Asus unit swiftly, I was going to get one today!
Arduino was my first preference anyhow - did you use a pre-built shield or have you hacked your own?
I feel I should press this point rather strongly:
A security-conscious user would never use this ring as the only means of unlocking a system containing potentially sensitive information (including your phone or PC). But if you make this part of multifactor authentication to computers, phones, etc, you'd have one hell of a security device which would sell amazingly well in security conferences the world over.
I understand convenience is highly marketable, but with recent events in the news, you'd better believe personal security is also a major market. A system that combines traditional username/password requirement with an NFC token (such as an NFC ring embedded with a unique "signature"... perhaps even a Public Key within a networked PKI environment) all but ensures you are protected against potential damage caused by password interception.
This effectively would protect you against:
- Packet sniffing on an untrusted/unencrypted network
---Wireless cafe's or even at work/school, either of which can monitor your traffic.
- Compromised third-party password vault services
- Compromised local-based password vault apps.
- Compromised banking web sites which may have been hijacked by man-in-the-middle attack.
- Session hijacking (where sessions frequently fail to regularly poll the presence of the NFC token)
- Brute Force attacks
- Dictionary attacks
- Password "recovery" attacks
- ... need I go on?
This ring could become a serious competitor as a piece of information security jewelry IF you allow security geeks the ability to adapt this product for two-factor authentication.
@DanielAC "IF you allow security geeks the ability to adapt this product for two-factor authentication." You realize everything is open source right? We're not blocking anyone from doing anything :)
Agreed with your implementation proposal.. However imho a decent single access control for convenience would be ample security for a large portion of computer users. Not everything needs to be over-engineered.
Anyway security aside we'd love to see an NFC Enabled Mouse! :)
Looks like the market for them is really dead, perhaps someone should bump power7tech to see if they are stocking them :)