Authentication: The Holy Grail of Information Security

Security seems to be the hot topic these days and this is yet one more important discussion in our recent focus on security topics.

Have you ever heard of the list of most needed inventions? These are the sorts of inventions that, if realized, would overcome technological hurdles that are preventing mankind from reaching our most cherished dreams. Room temperature super conductors, advanced nanotechnology and practical fusion power are just a few.There are a number of inventions like this that are needed to make information security a reliable, efficient and low-cost process. And chief among them is the Holy Grail of information security: an un-spoofable identity authentication mechanism.

Just think of it! A way for people and machines to know with a certainty that it is you and only you that they are communicating with. No more worries that someone will steal your identity and empty your bank accounts.No problems with cyber criminals impersonating IT personnel and stealing information or crashing systems. Think of the money and time you could save on complex intrusion detection and prevention systems and complicated processes.Despite years of concentrated thought and effort, nobody has a clue how to make it work!

There are just three ways known to authenticate identity:

  • Using something you know
  • Using something you have or
  • Using something you are

When talking about authenticating yourself to a computer system, something you know is typically a user name, a password or an encryption key. I think all of us know that despite all efforts to keep these mechanisms secret and secure, it doesn’t prevent intruders from getting them.

The problem is that people have to know them, they need to store them and they need to use them, and that makes them vulnerable. So something you know isn’t the answer.

Next: something you have. In the computer world this is usually a smart card, token. Combined with a user name and password, this mechanism provides another layer of security that can be very effective. But it is far from perfect. Smart cards and tokens can be stolen or misplaced.

Perhaps a certificate authority or token provider’s servers are compromised. Some mechanisms can be reverse engineered. So you can add something you have, to something you know and get better, albeit far from perfect, identity authentication. But the cost you pay in dollars and personnel hours has just gone way up.

So let’s go to the final possible authentication mechanism: something you are. For computer systems this is presently typically finger prints or retinal scans, although other possible mechanisms include facial recognition, voice recognition, heuristics (behavior matching) and DNA matching.

This mechanism, once again, provides added security to the identity authentication process, but still is not perfect. For one thing, this kind of authentication mechanism works best in person. If a fingerprint, for example, is transmitted it really travels as a series of electromagnetic signals and these can be spoofed. But even in person, this type of mechanism can possibly be spoofed.

So adding something you are to something you have and something you know once again makes it much more difficult to spoof identity, but still doesn’t render it impossible. And imagine the added burden in money and inconvenience using all three mechanisms would mean to your organization! Seems like way too much just to protect some financial data or health information, huh?

In conclusion, it will take a lot more planning and cooperation to come up with a good solution to help thwart thieves and eliminate most opportunities to get past security systems. And it will take a lot of training to get people to adopt any new plan.

Advertisements

About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: