Especially radio and wireless.
But also networks. The brain itself is a network. Quite possibly even the mind. Oops, drifting from tech!
Uh oh, here comes a shallow dive into extreme tech!
I spent a couple decades in forward error correction (FEC) coding of digital communication channels. So, without apology, I offer a short glimpse into the decoding of FEC convolutional codes. Yes, there is such a thing as coding gain! You may first want to research FEC. The basic idea is here in Wikipedia. Why would you care? FEC is how all communications today, from mobiles to WiFi to cable to satellite to Mars to the heliopause and beyond, control (i.e., reduce) errors. Without effective, efficient FEC, there would be radically less mobility (we're talking 10+ times) to take the web with us most everywhere we go.
I gave a talk at IEEE San Diego COMSOC back in 2019 just for fun by revisiting the subject, even the site, of my early career.
My IEEE talk was about a revolution in FEC in the '60s. I once built FEC codecs, designing one of the very first LSI codecs. Here are my talk slides on the Viterbi Algorithm, a dynamic programming procedure for discovering hidden Markov states.
Viterbi's algorithm is still in vibrant use. A guy who studies algorithms ranks Viterbi's among the most important ever invented. That list is in alphabetical order, so people, #32 is just for the "V." How often do you get to work for a guy on such a list? It was pure luck, and the graciousness of a well-connected professor I had fifty years ago, one Martin Hellman, who has fought some good fights in his interesting life. A talk Marty gave to a bunch of Nobel laureates seems to conclude that sometimes, when the stakes are high, it's better to fight the good fight than to just give in. That may not be tech, but it might be wisdom.
This is an old Blog Topic from 2024, on: Security Keys (SK)
Yep, it keeps on coming up, every day as you wake up: Web Security.
Most of us don't want to study the thing, but just to be aware and use the best tech.
So here I consider the latest wrinkle in the weave of our web-powered lives
I wrote this because ham friends I talk with "on the air" wanted an explanation.
User Authentication and the Security Key (SK) - a Primer
First off, SK is a dedicated, device-oriented method for Two-Factor Authentication
So we must first talk about Two-Factor Authentication, which has been around a while now
Two-Factor Authentication (or 2FA, for short) is the objective. 2FA improves your network security.
User authentication is the providing of trustworthy assurance to a server, vetting that "you are you."
Every internet transaction is susceptible in principle to some kind of malware or hacking.
(And, apologies in advance, but "acronym stew," e.g. 2FA, pervades everything in networking.
And, that the terrible verbosity below is needed to deliver assured understanding in plain english.)
So, while almost nothing is "plain english" about user network security, we can say this:
2FA is a very general, higher level Multi-factor Authentication method of protection.
Yet, 2FA is today pretty much for free, and ordinary users everywhere are using it.
Hey, I've got a username and password, why should I care about this 2FA thing?
2FA is a powerful step beyond password. It almost requires you to be present at login.
You surely want 2FA for your most important accounts, such banking or online purchasing.
(What to pick up on here is accounts involving money or personal information of any kind.)
(Yes, 2FA involves more effort to get into an account. Some consider this a nuisance.
Others come to consider it essential after getting hacked, even just once!)
Now, a word about definitions
Above, "susceptible" means your account might be "vulnerable."
That doesn't mean it is vulnerable, just that it could be if facing a real threat!
When a threat materializes, your account moves from susceptible to vulnerable.
While that doesn't mean that an attack will happen, let alone succeed, it does imply something:
That something being a web security defense upgrade, and better now than too late!
2FA is the industry-wide defense upgrade recognized by experts as useful, even dependable.
Alas, not every important service is 2FA compatible at present. But most are "going 2FA."
What's driving 2FA?
Network (think web) security is only getting more complicated, year by year. Unavoidably.
You are probably getting more and more dependent on web services for everything, year by year.
The bad guys are definitely getting better at breaking into service systems, year by year.
No end is in sight. You don't want to fall behind this curve!
OK about all that, but how does this SK thing relate to 2FA?
(An) SK is an option for 2FA where it is supported, and it is now commonplace
Let's say it simply: SK is a convenience option, because that's pretty much exactly all it is.
Even if "plain vanilla" 2FA is free, you may want convenience using it, and that's where SK comes in.
Just like plain vanilla 2FA, SK supports the "OTP" method of authenticating your access to an account.
OTP = One-Time Passcode, highly secure. Note: a passcode is not to be confused with a password!
So, before we move on to SK, how does OTP work?
You start your login to your web server. Username and password, just like ever.
But now, in plain vanilla 2FA, an OTP arrives, typically as a text message sent promptly to you.
Maybe your computer or your smartphone, or whatever device you asked the server to use.
(This happens immediately after you ask for the OTP, though there may be a slight delay to its arrival.)
The OTP you get this way is usually a 6-digit code you will then enter onto the service access webpage.
(Here, your web account may be accessed on a PC, or it could even be done on the same smartphone.)
OTP is a non-biosecurity "secondary secret" that supplements your ordinary secret password.
(You still need to enter your username and password, just as before, but now with the follow-up OTP.)
So why do I need 2FA if I've got a really good password, like one that cannot be guessed?
This is a major aside, but worth reading if you don't know why.
First off, security experts consider a username totally non-secure, with only your password a bit secure.
(Usernames are frequently just email addresses, all of which are assumed known to the bad guys.)
So you depend on secrets like a password, but these are stored data that can and are sometimes stolen.
You've read about all these mass "break-ins" at huge systems with user data stolen or compromised.
(We assume here that the bad guys cannot change data at the service provider, data like your mobile #.)
Using 2FA simply makes it quite hard, if not infeasible*, for a crook to steal access to your account.
* "Impossible" is a word no one uses these days with respect to security, so we say infeasible at best.
* But there's no doubt that 2FA is much harder to "break" than the mere one secret password access.
That's because the OTA to your smartphone is not controlled by a crook under almost all circumstances.
* A hacker has a really big obstacle to overcome to additionally capture your opened smartphone!
Nevertheless, expect biosecurity, e.g. a face or finger scan, etc., to be added to 2FA eventually.
Network security is an on-going battle of the good guys and the bad guys. It will never end!
But we still want our online accounts!
So let's get on with SK - it's a small physical device, usually sporting a USB-C plug
An SK often resembles the humble USB "memory stick."
USB = Universal Serial Bus, -C being the latest plug type.
An SK physical device may also support a wireless connection
So further, if supported, the SK can be an "NFC" device in addition to plug-in use.
NFC = Near Field Communications
With NFC, you needn't plug it in ... it only needs to be very nearby, like a credit card at the supermarket.
Does SK have an industry standard?
Yes, there is an industry standard for 2FA OTP via SK.
It is the FIDO Universal 2nd Factor (U2F) standard. Go to https://www.fidoalliance.org on any browser.
There are good explanations of all this on that website. Probably better than this blog. Anyway ...
Be sure to check any SK offering you're considering for U2F compatibility.
You should also look for SK capability in your PC (or Mac) OS, on its "service app" Utility settings.
No SK capability in your PC or smartphone? No SK possible, period! Your devices are too old! ;-)
Do all of this investigating before investing in SK. SKs cost money. Don't be disappointed.
So does your PC (or Mac) support SK?
Ignoring NFC for the moment, SK early on has been aimed mainly at MS Windows 10 (Copyrights).
Recent Apple (Copyright) devices may support SK, but this is not assured!
Re: Mac, macOS 14 (Copyrights) onward supports SK on most web browsers.
iPhone iOS 13 (Copyrights) onward is more tricky than macOS, but likely does.
NFC is yet another issue, but you can still use SK without using NFC.
How can I find an SK vendor?
There are (at least) several SK device providers.
To find some, just type "Security Keys for Multi-Factor Authentication" into any browser.
Many links will come up, reflecting the several commercial providers of SK.
What follows below is not an ad or recommendation, or representation, of any particular provider!
But we need an example to proceed, so Yubico (Copyright) is one such device provider.
It is strongly suggested that you look at a couple providers, not just Yubico.
Here's what the Yubico SKs basically do
Yubico has a fairly simple typical installation procedure. An ordinary person can do it.
As it is for most of these SKs, Yubico SKs (it offers several) employ a “touch button.”
(Caution: This “touch button” should not be mistaken for a biosecurity button; it isn't that.)
When tapped (by anyone!), the SK’s button starts up a "handshake" process for account access.
Handshake sets things up between the device (e.g., a PC) accessing the account and the SK.
This handshake process happens each and every time it's used to get into a desired account.
And a single SK device can store multiple (even many) different account access credentials.
("Credentials" are your username and ordinary password, protected after setup inside the SK.
Each account, with its username and ordinary password, is setup with the SK in advance.)
While nominally quick, bear in mind that the SK is just automating what you would do manually!
This is the convenience that an SK is all about. It's what you paid for and expect to get.
The touch feature is also used to initially set up your new SK with your PC. Follow instructions!
This is true whether the SK-to-user device (i.e., the PC, etc.) connection is plug-in, or NFC or both.
If NFC, then after setup the touch button is then no longer needed in regular use.
Are there other things to know about SK, speaking practically?
Yes.
Experts advise obtaining two SKs to safeguard against the physical loss of one!
From an independent, no "single-point-of-failure" perspective, you might even consider this:
Obtain SKs from two different SK vendors. You can set both of them up, independently.
And you will need habits to protect the SK(s) against theft, or loss by your own misplacement.
SK convenience comes with an initial cost and the need for (possibly new) beneficial habits.
It's also important to remember that SK does not improve on the inherent security of 2FA!
It simply automates what some users think of as an inconvenient thing requiring a phone.
You don’t get something for nothing with an SK! You do get convenience, day to day.
What particular popular service accounts are using SK?
Online services accepting SK vary, and it is fairly new. It will grow.
Google (Copyright) is one cloud service that accepts SK for account accesses.
Others include social networks and other cloud memories, not to name specific ones.
Whatever and wherever your account is, the service must accept SK in order for you to use it.
Not all services will, maybe not even most at present!
Bottom Line: SK is fairly recent, costs money, but can be a useful convenience.
