Inspiration
I'm a Sr. software developer. Few years ago I watched a PBS TV show called "Rise of the Hackers", in which it talked about the vulnerability of the Internet and said traditional password is a weak link in cyber security. That inspired me to do something about it and fix this problem, so I came up with a solution called GATE : Graphic Access Tabular Entry.
There is a hacker attack every 11 seconds. Hacked passwords cause 81% of data breaches. Projected cost of cyber-attacks in 2021 is $6 trillion. Average total cost of a data breach is $ 3.92 million.
As of July 2020, there are 15 Billion Credentials Currently Up for Grabs on Hacker Forums. World population is now 7.8 Billion, if you take out half of it from poor countries that don't have a lot of computers, there will be around 4 Billion left in developed countries with computers and online accounts, so that means averagely speaking, we all have 3 or 4 accounts breached !
Passwords have been used for thousands of years. Since the days of the Arabian Nights fables when Ali Baba overheard the Forty Thieves commanding 'Open Sesame' to access their riches, through PIN privacy at ATM machines, to server to server cyber capture of personal and financial information in our high-tech world, password interception has been recognized as a fundamental threat to account security. A single capture, whether decrypted or not, can lead to complete account infiltration.
Because of the password problems, there is a trend to use bio-metrics to replace passwords, yet a lot of places are starting to ban bio-metrics. Bio-metrics also compromises your privacy.
Therefore password is still a better option IF WE CAN OVERCOME ITS WEAKNESS. The problem with traditional passwords is their obviousness, and this obviousness can easily lead to interception during the login process [ peek over the shoulder, key logging, video recording ... ].
Here are a few examples of easy interception for tradional passwords : [1] https://www.youtube.com/embed/IgBIaZgoAQc?autoplay=1 [2] https://www.youtube.com/embed/9lxHZs2G3eU?autoplay=1 [3] https://www.gatecybertech.com/20150604_I_See_Your_Password_1.mp4 [ Chinese ] [4] https://www.gatecybertech.com/20150604_I_See_Your_Password_2.mp4 [ Chinese ] [5] https://www.youtube.com/watch?v=5xeNeQa_qSY [6] https://www.youtube.com/watch?v=47rYvw1e2Go
To overcome this shortcoming, there is a new category of user authentication systems that hides user pins during the authentication process therefore protecting user pins from exposure. Among them is a system called GATE [ Graphic Access Tabular Entry ], it not only hides user pins among other symbols, but it took one step further to protect user pins by introducing the concept of missing pins.
What it does
The GATE system overcomes the weaknesses of traditional passwords. Special characters are part of the GATE design. It uses tokens [ groups of symbols, displayed on buttons ] to let user enter user pins from passcode, each token has several symbols, some randomly selected user pins are included in these tokens. It is impossible to tell which symbols in the tokens are valid user pins, which are non-user pins, thereby increasing password strength exponentially. Some user pins might not even appear in the tokens, in that case user can and must enter random tokens in place of those pins, and this uncertainty makes guessing your passcode much harder.
This approach is like hiding a needle in a haystack. Instead of entering one digit at a time like the traditional approach, the GATE system enters multiple symbols at a time as a token. Only someone with knowledge of the passcode will be able to tell if the token entered is valid or not.
The symbols used to create the passcodes are of different types that are preferably grouped into 4 groups that will be referred to herein as "dimensions". Each dimension containing 36, 50 or 100 symbols [customizable]. During a login process, 9, 10, 16 [customizable] tokens are displayed for the user in a tabular format, with each token containing a symbol from each of the four dimensions of symbols. A given symbol is preferably displayed in only one token (i.e., if the symbol appears in one token it does not appear again in another token).
In order to prevent a hacker from finding out the pins in the passcode over time, the number of randomly generated tokens presented to the user is preferably less than the number of symbols in each dimension. For example, if each of the 4 dimensions contain 36 symbols, one could choose to only present 9 tokens to the user in a 3 x 3 table, or in a 2 x 5 table [ more suitable for mobile display ] with 10 tokens. The result of this is that there is no guarantee that a user pin will even appear in a token. In this embodiment, if the user is attempting to login and one or more pins in the user’s passcode is not present in any of the tokens, then the user selects any token as a "wildcard" token for the pins that are not present in any of the tokens (such that the pin position of the selected wildcard token corresponds to the pin position of the missing passcode pin). This makes a hacker's guess work much more difficult, because there may be a randomly chosen token in place of one of the user’s pins that does not actually contain the pin.
Another benefit of using less tokens than the number of symbols in the 4 dimensions (e.g., using 16 tokens when the number of symbols in the 4 dimensions is 36) is that it makes it easier for users to quickly find out whether the pre-selected pins are in the tokens or not, and the screen looks simpler to the user.
How we built it
GATE has been implemented in 3 versions with Java : [1] Desktop app using Java Swing. [2] Web app using Java servlets. [3] Android mobile app using Android Studio.
Challenges we ran into
Finding real world customers.
Accomplishments that we're proud of
GATE has won several international cybersecurity innovation awards : [1] GATE won "Cybersecurity Innovation Award" at 2017 International Cyber Security and Intelligence Conference [ ICSIC ] on November 7th - 8th, 2017 in Toronto, Canada. [2] GATE won "Global Excellence Awards" at 2018 Info Security Products Guide on April 16, 2018 in San Francisco. [3] Frank Ni won "Cyber Excellence Award" at 2018 National Cyber Summit on June 7, 2018 in Huntsville AL. [4] GATE won "Innovation Award In Cyber Security" at IET on 14 November 2018, in Brewery, London. [5] GATE won "Global Excellence Award" at 2020 Info Security Products Guide. [6] GATE has been selected to the top 100, among more than 2800 technologies collected from all over the world at 2021 ZGC International Technology Trade Conference.
GATE has been granted 2 patents in the US, one for user authentication, another one for data encryption. GATE is also patented in over 30 nations worldwide.
What we learned
Password problems CAN BE SOLVED !
What's next for GATE [ Graphic Access Tabular Entry ] A Passcode System
Protect us all over the world !
Log in or sign up for Devpost to join the conversation.