CSULB's First Phone Security App: Sesame
BY: JAYZELLE MATA
Dr. Mehrdad Aliasgari, assistant professor at Cal State Long Beach’s Department of Computer Engineering and Computer Science, has developed a password managing application with the help from his students in his security lab ECS 307. The application is now available to the public via the Android market, and aims to aid the problem of hackers gaining access to accounts due to poorly thought of passwords. Q: What is "Sesame"?
Sesame is a secure, voice-activated and cloud-based password manager application. It encrypts each password with a new key and the encrypted passwords are backed up in your cloud so you can access them at anytime from anywhere. The keys are themselves encrypted and stored on our servers. To access your password, all you need to do is to utter the name of the service you are looking for and we'll authenticate you using your voice and only send the key for that particular service. It is more secure than existing password managers that use a low-entropy key derived from a master password for all of your passwords. It is also very convenient due to voice recognition.
Q: What inspired you and your students to begin working on such an interesting project?
I was bothered by the fact that most people only have three or four passwords for all of their online services and reuse them all. Most hacks happen by recovering a victim's easy-to-guess few-existing passwords. With Sesame, you can set really hard passwords, one for each of your online services and never have to remember them. All you need to keep same is your voice, although Sesame offers an alternative to voice for situations when voice isn't the ideal approach. We call that peek view and you can test it on the app right now.
Q: Since the application is on your phone and generates a password for each website, does that mean that the user would still have to memorize the generated password when signing in to websites from a web browser?
If you are using your laptop to log-in to, say, Facebook then you need to have access to your phone. Just launch Sesame from your phone or tablet and talk to the phone by saying "Facebook." The app will send your voice to our servers and you'll be authenticated and speech recognition will be applied to extract the service you said (in this case, Facebook). The key for Facebook will be sent to your phone or tablet and your device will show you the saved password that you have for your Facebook. All you need is to look at the password that is shown to you and type it in your browser. No need to remember anything at all.
Q: Was the application released to CSULB students for download? Where can we download it?
The application is available for anyone in the US for free right now on Android platform. We are working on adding more features and developing the iOS version very soon. iPhone and iPad users have to wait but Android users can give it a go right now. We'll make it global very soon as well.
Q: How has the response been from those that have downloaded it?
So far, everyone has been very pleased with it. We'll be looking into experience of users as more people download and start using it.
Q: What are your plans for Sesame in the future?
In the future, we want to have the option of entering the passwords on your behalf. For example, in phase II of Sesame, we'll have the option to apply voice command to the app. If a user says, “Go to Bank of America,” then the app will capture your voice, our server will authenticate you and extract your command, then the app will extract your password for Bank of America, automatically authenticate you and extract your command, and the app will extract your password for anything. We want it to be as convenient as possible. Just give commands by your voice to Sesame and it will take you there in a secure fashion.
Q: Will you allow your future classes to add on to the design of this application?
Our Security Lab in ECS-307 is open to all students and currently many projects are running. We intend to expand our work in future. We are open to new ideas and are looking for interested and motivated students to work with.
Q: How do you hope this application will affect the public, or at least the students and faculty at CSULB?
I hope Sesame will help people manage their passwords in a much better way than before. Security doesn't have to come at the expense of convenience. Sesame shows that you can have them both. I want everyone to have multiple strong passwords instead of a couple of weak passwords that are used everywhere. Sesame can manage to safely keep your strong passwords for all of your online services.