funsec mailing list archives
Re: [privacy] U.S. Senators Propose Repeal of National ID
From: "Dennis Henderson" <hendomatic () gmail com>
Date: Tue, 19 Dec 2006 07:56:38 -0600
Hi Dennis, There are three parts to this problem: First, there is identification of the problem and understanding the ramifications. Second, there is analyzing the existing approaches -- learning what works and what does not. This includes comparing the solution to other scenarios. Finally, there is proposing, adopting, and revising a new solution. None of these steps happen over night. It was my impression that the discussion thread focused on the first two parts (identification and evaluation), but let's proceed to the third part: solutions. The current SSN system was flawed from the start. Identify theft is not new and neither is social security fraud. However, the SSN system was never intended for use as a national identification system. It was intended for taxes and -- yes -- social security accounts. The adoption of an SSN in place of a universal ID occurred because a universal ID did not exist AND because it was convenient. This is a similar oversight that allows spam to proliferate -- email was never designed for security and not to fit a corporate/business need. The lack of authentication and wide-spread use permits it to be abused. But I digress... We need to adapt known-good security practices to personal authentication. The first thing people need to realize is that a single, universal ID will never work. This is the same situation with using one password on every system. If it ever becomes compromised, then everything is lost. The second thing people need to realize is that authentication is provided by an authority and not the other way around. We should not start with a government issuing an ID. This is a flawed start because the initial authentication starts from an assumption about the identified individual. Instead, we need to start the authentication process at the individual, since only you know that you are you. Third, we need to realize that authentication is not transitive. If I am authenticated with my bank, then my bank authentication should only work at my bank. You want a solution? How about this: - Start with a random unique key per person. This is used to seed a system that generates additional keys. For sanity, we can make this biometric. For example, DNA -- it's costly and time consuming right now, but rarely needs to be done. Fingerprints would be find for people with fingers (not amputees). Iris or retina patterns for people with eyes, etc. Heck, even the government could issue some or all of the unique seed. NOTE: They do NOT keep a copy -- they just generate it. - For each service, combine this biometric with something the person knows (2-part authentication) and something provided by the service. Together, this becomes 3-part authentication. E.g., combine my DNA seed with my password and the bank's keys. This creates a unique identifier and can generate a public/private key pair. Only myself and my bank can authenticate a transaction. I will have a different key pair for government passports, taxes, hotel reservations, etc. What about theft? Even if they copy my biometric values, they still need to know my password. Also, there are plenty of biometric values -- I should be able to change from fingerprint to iris if someone copies my data. What if they get my password? They compromised one authentication system, but not any other. Cross-validation between multiple sources can be used to reclaim a compromised account. This type of cross-validation is already in use today. E.g., you cannot get a phone line without having a bank account or some other utilities. And you cannot get a credit card unless you have bills in your name (or can show that you are too young to pay off the card). What if I forget my password? This is no different than having a compromised password. Between still having my original biometric values, and being about to cross-validate, I should be able to reclaim and reset keys for any accounts that are missing passwords. Will this work? Sure it will! Network administrators and security folks do this all the time! Want to enter a secure government building? You need multiple IDs. Even my car uses a different key from my house. This is a known, time-tested solution. What about implementation? I'm a programmer; the software is easy. The hardware exists today, but is expensive. But if everyone needed it, then the costs would drop and demand increases. Usability is not too difficult as long as people get past the initial shock of not having a centralized authentication system. What about the banks needing to report taxes? The bank can hold only the public-key component from my tax authentication keys. They can use this to link my account to my taxes. However, since they don't have my seed, nor my tax password, nor the tax key component, they cannot recreate my private tax key. Even if the bank loses all of their customer data in a horrible compromise, my tax identify is secure. And that's just one solution that I rattled off the top of my head. I'm sure if I sit and think about this a little more, I can come up with many other options. This solution may not be perfect (since I didn't ponder it very long), and I look forward to discussions about limitations, variants, and alternatives. -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ Author of "Introduction to Network Security" (Charles River Media, 2006) and "Hacking Ubuntu" (Wiley, 2007) To mangle a line from your previous missive
> Excellent rant, I fully agree, and hardly a soul could have said it any
better. Thanks Doc. Dennis
_______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] U.S. Senators Propose Repeal of National ID Card Law Fergie (Dec 13)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Card Law Dude Van Winkle (Dec 14)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Card Law Drsolly (Dec 15)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Card Law Dennis Henderson (Dec 15)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Card Law Drsolly (Dec 15)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Card Law Brian Loe (Dec 15)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Card Law Drsolly (Dec 15)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Card Law Dude Van Winkle (Dec 14)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Card Law David Lodge (Dec 16)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Dr. Neal Krawetz (Dec 17)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Dennis Henderson (Dec 18)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Dr. Neal Krawetz (Dec 18)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Dennis Henderson (Dec 19)
- Re: [privacy] U.S. Senators Propose Repeal of National ID David Lodge (Dec 19)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Dennis Henderson (Dec 19)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Dude Van Winkle (Dec 19)
- Re: [privacy] U.S. Senators Propose Repeal of National ID Valdis . Kletnieks (Dec 20)