<div><br>Hi Dennis,<br><br>There are three parts to this problem:<br>First, there is identification of the problem and understanding the<br>ramifications.<br>Second, there is analyzing the existing approaches -- learning what works
<br>and what does not. This includes comparing the solution to other scenarios.<br>Finally, there is proposing, adopting, and revising a new solution.<br><br>None of these steps happen over night.<br>It was my impression that the discussion thread focused on the first two
<br>parts (identification and evaluation), but let's proceed to the third part:<br>solutions.<br><br>The current SSN system was flawed from the start. Identify theft is not<br>new and neither is social security fraud.
<br><br>However, the SSN system was never intended for use as a national<br>identification system. It was intended for taxes and -- yes -- social<br>security accounts. The adoption of an SSN in place of a universal ID<br>
occurred because a universal ID did not exist AND because it was convenient.<br>This is a similar oversight that allows spam to proliferate -- email was<br>never designed for security and not to fit a corporate/business need. The
<br>lack of authentication and wide-spread use permits it to be abused.<br><br>But I digress...<br><br>We need to adapt known-good security practices to personal authentication.<br><br>The first thing people need to realize is that a single, universal ID will
<br>never work. This is the same situation with using one password on every<br>system. If it ever becomes compromised, then everything is lost.<br><br>The second thing people need to realize is that authentication is provided
<br>by an authority and not the other way around. We should not start with a<br>government issuing an ID. This is a flawed start because the initial<br>authentication starts from an assumption about the identified individual.
<br>Instead, we need to start the authentication process at the individual, since<br>only you know that you are you.<br><br>Third, we need to realize that authentication is not transitive. If I am<br>authenticated with my bank, then my bank authentication should only work
<br>at my bank.<br><br>You want a solution? How about this:<br><br>- Start with a random unique key per person. This is used to seed a<br> system that generates additional keys.<br> For sanity, we can make this biometric. For example, DNA -- it's costly
<br> and time consuming right now, but rarely needs to be done.<br> Fingerprints would be find for people with fingers (not amputees).<br> Iris or retina patterns for people with eyes, etc.<br> Heck, even the government could issue some or all of the unique seed.
<br> NOTE: They do NOT keep a copy -- they just generate it.<br><br>- For each service, combine this biometric with something the person<br> knows (2-part authentication) and something provided by the service.<br> Together, this becomes 3-part authentication.
<br> E.g., combine my DNA seed with my password and the bank's keys.<br> This creates a unique identifier and can generate a public/private<br> key pair. Only myself and my bank can authenticate a transaction.<br>
I will have a different key pair for government passports, taxes,<br> hotel reservations, etc.<br><br>What about theft?<br>Even if they copy my biometric values, they still need to know my<br>password. Also, there are plenty of biometric values -- I should be
<br>able to change from fingerprint to iris if someone copies my data.<br><br>What if they get my password?<br>They compromised one authentication system, but not any other.<br>Cross-validation between multiple sources can be used to reclaim a
<br>compromised account.<br>This type of cross-validation is already in use today. E.g., you cannot<br>get a phone line without having a bank account or some other utilities.<br>And you cannot get a credit card unless you have bills in your name
<br>(or can show that you are too young to pay off the card).<br><br>What if I forget my password?<br>This is no different than having a compromised password.<br>Between still having my original biometric values, and being about to
<br>cross-validate, I should be able to reclaim and reset keys for any accounts<br>that are missing passwords.<br><br>Will this work?<br>Sure it will! Network administrators and security folks do this all the<br>time! Want to enter a secure government building? You need multiple
<br>IDs. Even my car uses a different key from my house.<br>This is a known, time-tested solution.<br><br>What about implementation?<br>I'm a programmer; the software is easy.<br>The hardware exists today, but is expensive. But if everyone needed it,
<br>then the costs would drop and demand increases.<br>Usability is not too difficult as long as people get past the initial<br>shock of not having a centralized authentication system.<br><br>What about the banks needing to report taxes?
<br>The bank can hold only the public-key component from my tax authentication<br>keys. They can use this to link my account to my taxes. However, since<br>they don't have my seed, nor my tax password, nor the tax key component,
<br>they cannot recreate my private tax key. Even if the bank loses all of<br>their customer data in a horrible compromise, my tax identify is secure.<br><br>And that's just one solution that I rattled off the top of my head.
<br>I'm sure if I sit and think about this a little more, I can come up with<br>many other options. This solution may not be perfect (since I didn't<br>ponder it very long), and I look forward to discussions about limitations,
<br>variants, and alternatives.<br><br> -Neal<br>--<br>Neal Krawetz, Ph.D.<br>Hacker Factor Solutions<br><a href="http://www.hackerfactor.com/">http://www.hackerfactor.com/</a><br>Author of "Introduction to Network Security" (Charles River Media, 2006)
<br>and "Hacking Ubuntu" (Wiley, 2007)<br><br> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div> </div>
<div>
<div>To mangle a line from your previous missive</div>
<div> </div>
<div>> > Excellent rant, I fully agree, and hardly a soul could have said it any better.</div>
<div> </div>
<div>Thanks Doc.</div>
<div><br>Dennis</div><br> </div>