IDENTIFICATION AND AUTHENTICATION AT THE FRONTIER: WHO ARE YOU? PROVE IT.

Domain

Security

Assertion 135

Syllabus

The use of biometrics for identification is viable in many, but not all, situations. Long in the lab, recognition of specific individuals through the matching of fingerprints, retina or iris scans, voice recognition, face recognition, or even writing analysis has proved reasonably effective.

No method is flawless; some techniques are more likely to yield false positives (incorrectly identifying an impostor as someone else) and false negatives (incorrectly identifying an individual as someone other than who he or she truly is). Some techniques require the assistance of the subject.

The issues appear to center on the question "What cost for what value?" How much will an organization pay for greater certainty in authenticating individuals before those people gain access to information and other valuable assets? How much security intrusion will the public accept in order to conduct business transactions in daily life?

Contents

• Opinion by Tim Lister
  
• Concurrence by Rob Austin
  
• Concurrence by Lou Mazzucchelli
  
• Concurrence by Ken Orr
  
• Concurrence by Lynne Ellyn
  
• Concurrence by Tom DeMarco
  
• Concurrence by Peter O'Farrell
  
  
  

OPINION BY TIM LISTER

All I Know Is That the Person at the ATM Knows the PIN

Let's not forget, passwords existed long before computers. Remember the gangster movies where a little window would open on an exterior door, and a gruff voice would ask, "Who sent ya?" The answer: "Bugsy." The door would open to reveal a lavish speakeasy complete with a jazz band. The speakeasy bouncer didn't know the identity of the person entering, just that the person knew that night's password.

As of this morning, I have 93 passwords encrypted on my desktop. Even though they are encrypted, it probably isn't a great idea to store all my passwords there. But where do I safely, yet easily, store them? I have passwords for everything from gaining access to the IEEE library to shopping online at L.L. Bean. I share some passwords with my wife, others with my family. It works the other way, too. As a favor, I sometimes go to the ATM for my wife. She must love me; she trusts me with her bank card and her PIN.

Passwords are very simple weak identifiers of an individual. They are weak because a password is no guarantee whatsoever that the person using it is the person who created it or received it. In many situations, the weakness allows for some convenience. I can do banking for my wife. I give my car keys, another form of pass access, to a friend in town on a visit so he can run an errand. By simple, I mean easily revealed. Once a password is guessed, sniffed, ¹ or hacked, ² the thief is in. Not only does the thief have access to certain information and activities, if you are the typical user, the thief probably has access to all sorts of sites. ³ Come on, think of that one password you use for all sorts of accesses. It's just too much of a nuisance to create and remember 93 unique passwords.

Biometrics for the Masses

Obviously, in certain situations this simplicity and weakness is pure liability. There are times when authentication -- proving the identity of the person requesting some form of access -- must be strong. In the US, the closest we have to a national identity card is a driver's license, issued by one's state of residence. All 50 states require photos on a license, so it has become the default photo ID at airports. (My first driver's license, albeit issued many years ago, had no photo at all.) Yes, today's licenses act as a photo ID, but does security personnel at Logan Airport in Boston know how to determine whether a Louisiana license is a counterfeit? As for using the US passport as an ID, it is estimated that only 20% of US citizens own a current passport.

There are alternatives to using picture ID for identification. Biometric systems are now in play, along with passports for foreigners arriving in the US. All those holding foreign passports, with the exception of those holding Canadian passports, are now being fingerprinted and digitally photographed every time they enter the US. It is interesting to note that with advances in biometrics, the US has chosen time-consuming fingerprinting and human recognition of photo information.

Why not use retina, iris, or photo recognition systems? For the most part, the answer appears to be cost and legacy data. The most accurate method (that is, the method yielding the lowest false rejection rate [FRR] and false acceptance rate [FAR]) is iris scanning. It also turns out that the equipment for iris scanning is at the top of the range in terms of price. Since fingerprinting has been around since approximately 1900, there are databases of millions of fingerprints, and not just of criminals. I have been fingerprinted several times for security clearance, so my prints are listed in a database somewhere even though I have yet to be convicted of a felony. Iris scanning has no such database; it could be built up only over time or with some form of extraordinary legislation.

Biometrics for Your Organization

Most of us don't work in the problem space of identifying millions of people from around the world who may not be interested in helping us out. Most of us are in the business of trusting specific people or roles with access to certain facilities and information. The price you are willing to pay must somehow equate with the cost of system failure or a breach in access. Further, the key is the phrase "specific people or roles." If security is acceptable at the role level, then biometrics may be expensive and constraining. If any customer agent can log on to any available machine when he or she arrives at the service center, then authenticating which specific rep is on which machine may be expensive overkill. On the other hand, in certain environments, knowing exactly who is where and who is doing what when is a true security need. The great advantage here is that we can identify who is authorized to do what under what conditions. These people are employees or contracted personnel who want their identification and authentication to occur so they can receive the authorization to do their work. Biometrics is in play today to reliably service a willing constituency. Here the problem is not "Who are you?" but the simpler question "Are you who you claim to be?" Iris recognition systems have proven to be incredibly accurate. The probability of two people having identical irises is 10⁷², and the chance of a false positive recognition is 10⁴⁸. ⁴

Again, this technology comes with a price tag. The alternative biometric methods are considerably cheaper and more prone to FRR and FAR, but they are quite helpful in some situations. The T40 series of IBM's ThinkPad came out last fall with a fingerprint scanner built in beside the keyboard. Not a bad idea for someone who carries around a laptop in public that contains sensitive information. Remember back in the 1990s when CIA Director John Deutch carried around a laptop with classified information?

Pairing up security identification and authentication also increases reliability. Having your fingerprint scanned and compared with the stored data on your smart card employee badge requires two parts: identification (you have your employee badge) and authentication (your newly scanned fingerprints match the information stored on the badge). The bonus here is that no central database of fingerprints must be securely maintained.

Biometrics in Your Town

At first glance, one would think that biometric identification and authorization are a perfect fit for banking and retail. Why worry about losing your ATM card? Just stare into the camera or place your index finger on a swiper.

In actuality, though, progress has been slow. Currently, few companies are doing more than testing the technology. Krogers, a grocery store chain, and Blockbuster, the video and DVD rental chain, are testing biometric payments. Palm Beach Tan, a chain of 67 tanning salons, uses fingerprint identification as its customer membership cards. ⁵ And in 1998, the Nationwide Building Society in Britain replaced PINs with iris recognition at its cash dispensing machines.

Why are biometrics so slow to take off? Again, most people are happy to swipe their credit cards at the market or their ATM cards at the bank. There is concern that biometrics involve some permanent personal information that many folks may be loath to give to their local supermarket. And again, there is cost. Iris recognition appears to be the only method that can reliably deal with millions of identifications. How many ATMs are in your country? What would be the cost of converting them all to iris readers?

Whenever the biggest barrier is the cost of technology, we need to remember that technology cost moves in only one direction: down. As the price decreases and with identity theft on the rise, it is only a matter of a year or two until you will have the opportunity to have your iris scanned.

Recommended Actions

• Remember, passwords in 2005 are about as effective as luggage locks: it makes it a bit harder to get into the bag, but anyone determined to get in is past the lock in seconds. Did you know that for years there was one Samsonite key that opened all Samsonite bags? (It may still be true; I'm not sure.) I thank safecracker Tom DeMarco for proving this to me at a baggage carousel. Walk around your workplace, look for passwords on Post-its and whiteboards. If you can't find any, you're not looking hard enough.
  
  
• What is the cost of your current security system, even if it consists of just passwords? That is your minimum budget.
  
  
• Identify and map each employee with permitted access of asset. Beef up security wherever there is just cause for tight access or where the asset value is high.
  
  
• Identify fast, reliable methods to authenticate your staff.
  
  
• Train your staff in security measures, and establish acknowledged, ongoing measures of compliance.
  
  
• No system is completely secure. Fundamentally, every system is built on trust of some authorized individuals. A highly reliable biometric-based identification, authentication, and authorization system cannot stop misbehavior of trusted individuals. How many people have heard you read your credit card name, number, and expiration date over the telephone? Other security measures must be in place to monitor behavior.
  
  

¹See "One Sniff and Your Password Is Stolen" for an explanation of how someone can sniff your ID and password off a network (www.washington.edu/computing/windows/issue21/password.html).

²See "ID Theft Mastermind Gets 14 Years" for a recent example of password theft. Some 30,000 passwords were stolen, causing an estimated loss of between US $50 million and $100 million (http://news.bbc.co.uk/1/hi/world/americas/4163237.stm).

³See Ives, Blake et al. "The Domino Effect of Password Reuse." Communications of the ACM, Vol. 47, No. 4, April 2004.

⁴See Hudspeth, Dory L., and Sarah J. Spinks. "Iris Scan Technology." Faulkner Information Services, 2001 (http://ccrma.stanford.edu/~jhw/bioauth/andre/IrisscantechSep01.pdf to download a pdf file on iris recognition).

⁵Augstums, Ieva M. "Retailers Using Biometrics to Put Payment at Your Fingertips." The Dallas Morning News, 28 July 2004 (www.biometricgroup.com/07_28_04.html).

Back to Table of Contents

CONCURRENCE BY ROB AUSTIN

Not long ago, I toured some "highly secure" data centers. I was taking part in a demonstration of expensive services, so those giving the tour were eager to impress. At a moment clearly intended as a high point of the tour, we huddled around a biometric device to watch it grant access to a secured area. "State your name," boomed a robotic voice. The person attempting to gain access did so. "Place hand against reader," said the voice. The person did so.

A moment later, the door clicked open, and the person entered. We weren't ready to enter the secured area yet, but we stood with our tour guide and exchanged looks that said, "Not bad." But just as the door had nearly closed, a voice from down the hall called out, "Hold the door!" A technician rushed toward us, and the person who had just entered reflexively reached back and propped the door open. As the technician arrived and grabbed the door, he realized that a tour was in progress. The person who propped the door -- who was actually helping to run the demo -- realized what he had done. The two paused for a moment and looked at us sheepishly, their faces turning red. Then they dashed through the door and vanished. The door clicked shut behind them. "Hmmm," I recall saying. It was the most polite thing I could think of to say. I was embarrassed for our tour guide.

On another tour at a different company, a similar biometric device mounted next to a door didn't work. The door wouldn't open. The security guard who was supposed to be manning the station near the door had stepped away for a few minutes, so there was no one to help us. The tour guide tried to reach other employees on his cell phone, but no one answered. Fortunately, the guard had left open the bulletproof sliding glass window above his desk when he stepped away. Mumbling some words about scheduled training for security staff, our guide leaned through the window opening and pressed a button on the wall above the desk. A buzzer sounded, and the door opened. We entered and continued our tour.

I relate these stories to make a simple point: biometrics are not a silver bullet. The problem is not a technical problem, and the solution won't be technical either. Bad guys figure out ways to get around new approaches to security, and they have an easier time when the good guys place too much faith in a technological solution to a business problem.

Biometric solutions have a role to play in a more secure future, but it would be a mistake to be seduced by the siren song of technology previously alluded to. If you are considering working biometrics into your company's security systems, do careful research. Employ multilevel defenses. And make sure you address the social system in which the technology is embedded. If supporting human systems aren't in place, a biometric device just provides a false sense of security.

Some problems with human systems arise from technical difficulties with the devices themselves. If a reader isn't reliable, those who need to get their jobs done will work around it. After the second product tour described above, we learned that the biometric reader had been behaving erratically, so the security guard had begun leaving the window open to allow an electrician who was doing important work on-site to come and go. For these reasons and more, I agree with Tim: biometric devices will take time and involve missteps before they combine with social systems in a way that produces real security.

Back to Table of Contents

CONCURRENCE BY LOU MAZZUCCHELLI

Tim has laid out some of the biometrics basics, and Rob offers some telling anecdotes reinforcing the humbling reality that humans remain the weak link in any security chain. We can be reasonably certain of two things: (1) biometrics technology will continue to improve and fall in price, and (2) humans will remain the weak link in security systems.

As for technology, iris scanning seems to have the lead today, but I wouldn't necessarily bet on it in the long term. Why? The cost of any biometric security system is limited on the low end by the cost of the human-machine interface. Currently there is a big tradeoff between cost and efficacy, with iris scanning leading the latter and trailing the former. Iris scanning systems are not foolproof -- no, you can't use someone else's eyeball (live and dead tissue react differently to the scan), but you can coerce someone to stick his or her eye in the machine. Preventing this kind of security breach takes additional infrastructure (pressure pads, temperature sensors, etc.), human guards, or both. This drives up costs and doesn't fix the problem of humans as the weak link in the chain.

If we look to low-cost technology, we invariably get to electronics. Can we imagine a comparable alternative to iris scanning (from a statistical standpoint) that can replace the optics-based human-machine interface? I can think of at least two.

One comes from developments in biotechnology. We have already seen rapid development of integrated circuits that act as microlaboratories for analytical chemistry. It is reasonable to posit that these will advance to full-scale DNA-matching capability in the future. For biometric security, the problem is still the interface: how does the ATM get your DNA? And it turns out that this approach would still be vulnerable to coercive exploits (explored most creatively in the film Gattaca, for example).

Another electronics-based alternative to iris scanning comes from the world of medicine. Researchers are excited about "functional scanning" -- in other words, using MRI, CT, or other scanning techniques while a subject is performing a task and others observe the behavior of a target internal system, typically the brain. Unfortunately, this technique has already shown that many brain responses are generalizable, and it has escaped from the laboratory. It is being used in advertising research and will probably be used to shape political advertising in the next presidential campaign.

However, if we can discern other individual brain behavior traits, there may be a less Orwellian role for this technology in biometric security. Using a near-field scanner, it might be possible for the apocryphal ATM to literally read your mind to determine that you are, in fact, you. Furthermore, the fact that someone may be behind you holding a gun to your back would be detectable through your altered pattern of brain behavior.

OK, back to this decade. In the near term, the biggest issues are deciding what is worth protecting and at what price (measured in dollars and effort). Yes, Tim's driver's license has his picture on it, but I can buy one with his name and my picture on it on the Internet. We can argue about how hard it is to spoof an ATM, but how hard is it to hack the database behind it?

For the foreseeable future, I believe that mass-market information security will continue to be equal parts sincere effort and eyewash, with biometrics contributing to both.

Back to Table of Contents

CONCURRENCE BY KEN ORR

Tim's opinion deals with one of the most important subjects in IT right now: identification and authentication. As the Internet becomes a darker and darker place, it becomes increasingly important for us to ensure that people are who they say they are and that they have the right to do what they've asked to do.

As Tim points out, biometrics will continue to improve at identifying people and at the same time become cheaper. The danger, of course, is that those in charge of IT security will become complacent and forget that most of the dangers, and certainly most of the major fraud, that occur in major organizations come from within, from those who have every right to be on the system, but not to do what they're doing.

One of the greatest data security authorities that I've ever met, the late Robert Courtney, used to explain that building secure data centers and leaving the use of the systems open was idiocy. Today, we worry about outsiders trying to attack our systems. It turns out to be a serious concern because there are in fact hundreds, if not thousands, of people and systems attacking our systems every day. And each time we get better at protecting ourselves, the bad guys find new ways to attack.

But identifying people is only a small portion of the security problem. In a few years, securing computers attached by wires to other computers will seem absolutely trivial. As more and more of our traffic becomes wireless, a whole range of security measures -- measures we currently can't imagine -- will be necessary.

In data security, we discovered many years ago that data that isn't used systematically won't be correct. The same is true of security. If we don't constantly check to see that individuals physically are who they say they are, and punish those who are caught publicly, our security profiles won't change.

In the case of Robert Hanssen (an FBI agent who sold US secrets to Russia), the FBI discovered that Hanssen had the perfect right to access the systems he did. But he didn't have the right to use the systems to check on himself and his cases and to observe those responsible for internal security. Biometrics would not have helped in Hanssen's case, nor would it in many others.

Passwords are a joke. If they're too simple, they can be easily broken; if they're too hard, people find a way around them by posting them on their desktop or storing them in a file. Most people have a small group of passwords that they rotate. While they have some long encrypted passwords that are provided to them by their operating systems, these are the exception. If they are required to create a password on their own, most resort to one they can remember.

Bad security is very expensive. It adds overhead to everything we do. Given the effects of 9/11 on airline safety, it is clear that we have created a far more laborious system, but not necessarily a safer one. To be successful in creating a more secure environment, we have to study the problems and the pathologies underlying the real world.

We are all both owners and users of security systems. As owners, we need to take a proprietary interest to ensure that our systems are not violated. As users, we need to ensure that the systems we devise are not so difficult and so punitive that no one, not even the most conscientious among us, abides by them.

Back to Table of Contents

CONCURRENCE BY LYNNE ELLYN

I'm not a gambler, but I would feel comfortable placing a bet that most large corporations will be using biometric security identification in the next 10 years. Growing security concerns are fueling a keen interest in better security technologies. Methods to accurately identify who has access to a corporate network or to a sensitive facility are definitely moving toward biometrics. Having three methods of authentication (verifying your identity by something you have, something you know, and something you are) is currently the tightest access security possible, and it requires biometrics (something you are). Today, most companies require passwords (something you know), and many use token-based devices (something you have). For some companies, adding biometrics makes sense; for others, replacing token cards and passwords with biometrics makes sense.

While biometric identification is not a perfect technology, the false positive error rate is very low. Biometric identification can be used to do away with the use of passwords and eliminate the threat from password-cracking hackers. Encrypted laptops and desktops that require a thumb-print scan or other biometric identification will remove virtually all danger posed by stolen or lost computers. Critical systems or functions can be readily secured with less reliance on people, thus minimizing human tendency to become sloppy about security. For example, many server engineers share a root password on servers. This is a dangerous practice and prevents an audit trail of who did what. Because server engineers often answer midnight calls to reboot a server or fix a problem, engineers resist tighter but inconvenient security methods like fire keys. For systems control purposes (i.e., compliance with Sarbanes Oxley), companies must know who is accessing critical functions on the server. Replacing all passwords with biometric authentication provides identity management with certainty.

For control systems, biometric identification can be used to identify who was at the helm and actually submitting control commands. Real-time control systems must operate 24/7, and authentication techniques that rely on passwords do not work adequately because operators cannot log in and log off to pass control to other operators. Biometrics can provide accurate identification and smooth transitions.

For IT departments to move forward with deploying biometric authentication, it is necessary to justify the expenditures. For some companies, improved security is justification enough. Companies in financial services or those producing classified products are examples of companies with an obvious imperative to require the tightest security. For other companies that would like to deploy biometric security but lack the budget, a review of current security expenditures can provide tradeoffs. Here are some considerations when justifying biometric technology:

• What will you save in help desk costs for password resets? In many companies, the savings are significant.
  
  
• If you deploy biometric authentication, can you eliminate tokens like secure ID cards? At an annual cost of roughly $60 per user, many companies can save an ongoing expense.
  
  
• If all your applications and servers required biometric authentication for access, could you save on intrusion detection processes and technology?
  
  
• How much could you save on your annual incident response costs if you deployed biometric identification?
  
  

There are also some soft side benefits of biometrics: unless both passwords and biometrics are required, users won't have to remember passwords (in most cases, biometrics are adequate for authentication); security and help desk personnel can be redeployed to higher-value, less mundane activities.; and auditors will be happier with the controls on user access and have an easier time verifying compliance with security standards.

Of course, the most important benefit of biometrics is a genuine increase in security. Unauthorized access to a network is much more difficult to gain if biometrics are required. Today, it is quite easy to gain access to most networks if one is truly motivated to get in. Biometrics can also provide an audit trail of who is doing what inside the company, potentially discouraging insiders from unethical activity.

Biometric identification for system access is a technology whose time has come. The next 10 years will see a real uptake in large corporations' use of biometrics.

Back to Table of Contents

CONCURRENCE BY TOM DEMARCO

Tim's opinion treats the problem of ambiguous identity as though it were something new to our information age. But of course it isn't.

A few years back, there was a Thomas Demarco (a slight variation of the spelling of my own name) arrested in our town for speeding. The item appeared the next week in the local paper: "Thomas Demarco cited for 50 in a 35 mph zone." Since nearly everyone in a small Maine town reads the police log (everyone but me, I guess), people started teasing me about my heavy foot. Maine humor is always a bit indirect: "It appeahs that Tom DeMahco is more in a hurry than evah." Gales of laughter as everyone but me understood the joke. But after a while, I caught on. Since I hadn't been speeding, I followed up with the newspaper. It turns out the local police had supplied a bit more information to the paper. The driver was a Thomas M. Demarco, he was 31, and he lived in Morrill, Maine. The newspaper had truncated all the information that would have alerted my neighbors that the offender was not myself. I wrote a snippy letter to the publisher suggesting that the paper publish the entirety of each police log item. The letter also stated flatly that if the paper ever again deleted known information to make it appear that I had committed a crime, I would sue them.

Middle initial, age, and town of residence would have helped in my case, but not in all cases. In the neighboring town of Rockland, Maine, there are two gentleman with the same name, including middle initial, of almost exactly the same age. One is a pillar of the community, while the other is a notorious drunk. The news about the second is frequent and always bad, and it tars his more respectable peer with the same brush.

We depend on our appearance to identify us, through the use of photo IDs, for example. But appearance is also an imperfect identifier. Consider that somewhere on this earth is a person who looks so much like you that even you would be fooled by a close-up, high-resolution photo. If that person ever decides to seek you out and use the resemblance to damage you, you are toast. The ambiguity of appearance is common enough that it has become a literary device: think of A Tale of Two Cities, Daphne Du Maurier's The Scapegoat, The Lizzie McGuire Movie, or the Kevin Kline film Dave.

What's different today is our greater capacity and need to act at a distance and in real time. That requires that we figure out how to identify ourselves quickly and in some digital form to assure a distant participant of who we are. However important this is today, it promises to be many times more important in the years ahead, since traffic requiring positive identification is ever increasing.

I suspect that positive identification is subject to some of the kind of analysis that Nancy Leveson has advocated for safety critical systems. The recurring lesson of Leveson's work is that no single measure will suffice. Applying this idea to the current question suggests that no single technique will ever be enough to achieve secure identification. I look to paired technologies (a fingerprint scan and a voiceprint, for example) to become something of a norm. Of course this means that the "solution," whatever it is, is likely to be at least twice as expensive as any of the single alternatives we're currently studying. Fortunately or unfortunately, there will soon be sufficient value at stake that the price will be acceptable.

Back to Table of Contents

CONCURRENCE BY PETER O'FARRELL

At the Cutter Summit 2002, Cutter Consortium Senior Consultant Mark Seiden put everyone on edge with his assertion that many of the traditional approaches to security issues, particularly personal identification, were "broken" (that is, the methods no longer provided any of the presumed security they were designed to afford). Among the dysfunctional were passwords, credit and ID cards, and even the effectiveness of security guards when confronted by auditors of great wile and sophistication. Mark's overriding message was the need for alternative methods and, barring this possibility, the need to confront alternative expectations. The realists among security managers, he argued, must confront a world in which intrusion detection might no longer be attainable and some new "security paradigm" might need to be applied.

Another Summit contributor, Dan Geer, suggested one such framework in his remarks on the panel that followed Mark's address. Dan referred to "an Orwellian sense of freedom" in contrast to absolute prohibitions preventing unauthorized access to or misappropriation of others' property, whether it is physical, human, information, and so forth. Dan's alternative world was one in which all individuals have the "freedom" to act in any way they choose with the understanding that if they break a law in the course of these actions, they will most assuredly be identified, caught, and punished. In some sense, that's an ex post facto security in that no one gets away with illegality, but irreparable damage can't necessarily be rectified and would have been better to be prevented.

This Orwellian world substitutes certain punishment for certain prevention of wrongdoing and would most assuredly fail to satisfy either the wronged or their tormenters in many instances. But, as Tim tells us, it appears to be well within the capability of current, proven (if expensive) technology, particularly iris scanning. So for those firms in possession of good metrics for the cost of security administration and of security breaches, the biometric approach has particular merit. Initially, it would seem that unauthorized access and intrusions are vastly less likely for the moment until today's hackers find a way around biometric identification. And escape from positive identification would not seem possible in this world of Orwellian freedom although physical apprehension and punishment by the authorities might still be circumvented. (There are some exceptions to the uniqueness of identification, however, as in the case of identical twins who share identical DNA signature. A recent Boston Globe article reports a hung jury in a rape trial where the suspect was positively identified with DNA recovered at the crime scene. The problem? The suspect has a twin brother.)

For the ever ingenious hacker or thief, however, there is at least one area ripe for exploitation, where even the scrupulous company can still be thwarted by the irresponsible individual in possession of a portable computing device. Until cell phones, PDAs, laptops, and so forth can be equipped with iris scanners at a reasonable price, they'll remain a vulnerability to a firm whose employees use these devices. Most critical IT infrastructure receives both physical and electronic protection. Not so for the portable device, as a recent survey on the frequency of lost laptops, reported by taxi drivers worldwide, attests. ⁶

It's an amusing story, but it has really scary implications (at least to me). The security firm conducting the survey determined some ratios based on the sample data of reported lost portable devices and extrapolated these numbers to the universe. So the survey counted only those portable devices that were reported lost as being ripe for intrusion at leisure, were they not returned. Then, of course, there are the unreported lost devices that may be cracked at leisure or perhaps perversely modified into the Manchurian Candidate after cracking and before graceful restoration to their proper owners.

Apparently the US Armed Forces have anticipated such a possibility for the portable devices that are used in communication of real-time battlefield conditions via satellite observation and communication. The satellite-based communication is purportedly able to delete all information stored on the device in an instant if there's suspicion of a prospective security breach or unauthorized possession (I have no evidence of this fact other than from a knowledgeable colleague). I can picture a scenario like that in the introduction to the Mission Impossible television series, in which the tape and its recorder self-destruct after relaying a secret message to the appropriate secret agent. Better yet, the device doesn't self-destruct but mounts a malicious intrusion of its own into the system or the individual attempting access.

Tim's assertion that biometrics present the most technically effective, if not the most cost-effective, approach to serious security architecture seems obvious from his review of the technologies and the issues. As Tim asserts, all that remains is development of some reasonably plausible cost-benefit methods to justify one technology or another.

⁶"Taxis Hailed as 'Black Hole' for Lost Cell Phones and PDAs, as Confidential Data Gets Taken for a Ride." Pointsec press release, 24 January 2005 (www.pointsec.com/news/news_pressrelease.asp?PressID=2005_January_24).

Back to Table of Contents