One of the issues plaguing identity management and online authentication systems is how to accurately validate the identity of the system or user connecting to a service. One possible means for identification that has attracted attention recently is finding and identifying a "MachineID", some form of unique identifier that is …
One solution available for free
One key problem identified is the "heavily infected system" typical of a lot of users who have limited knowledge/care (e.g. of the use of firewall, up to date anti-virus, etc), are running older versions of Windows (in particular), and/or have children who use every available infection vector (IM, any web site their 'friends' suggest, any 'free' porn, etc).
A solution? Banks offering a knoppix boot-CD pre-configured with the correct (not spoofed) bank URL. For on-line banking, just insert the CD, reboot, and then use the (non-IE!) web browser for accessing the bank.
OK, it could be spoofed (e.g. corrupted CDs posted to end users), and is not totally proof against a BIOS rootkit (much less common than a boot-sector loaded rootkit), but it is cheap and deals with the biggest common problems of key loggers and phishing sites.
Anything that's boiled down to numbers is vulnerable
There is no such thing as security in anything that is boiled down to numbers.
Why not apply the classic security solution? That is, the "key" should be based on :
- Something you have (a physical thing)
- Something you know (typically a password)
The "something you have" has been very much undersold. I understand one of the major banks (Barclays?) is starting to issue hardware keys (I'm guessing they are on the lines of a standard VPN random number thing) to customers for use on the web. These things are cheap, and though I am in no way a security expert, I'm guessing they are pretty secure and very very difficult to crack.
I've never quite understood why more use isn't made of the classic hardware dongle; the sort you stick in the parallel port (remember those?) or USB port. The security of these things has increased greatly over the years, and if more use was made of them, I'm sure their security would increase even further through investment by those with a vested interest in keeping their software (or whatever) out of the hands of those that shouldn't have it. If (say) Microsoft had issued dongles with each version of Windows they have sold/pushed, I wonder what the piracy rates would be? Nothing like what they are at the moment, I would guess. Ok, dongles cost a bit of money, but economies of scale would make the additional cost negligible.
Instead, they mess about with trying to identify your PC by pulling in serial numbers and other such nonsense, with all the problems that incurs when someone replaces a hard drive or a graphics card. A separate hardware dongle would cleanly eliminate these problems.
And, of course, you can store stuff on a dongle, like security keys and passwords and code (!) etc etc. Indeed there's nothing to stop you including a level of computing power into them (incredibly useful); they are much more than the simple "yes/no" devices they were years ago.
Dongles - you know it makes sense! :-)
Add a little Sugar, Alan ???
"From a holistic viewpoint, addition of a system designed to identify specific systems can cause problems by actually weakening overall security (thus highlighting problems exist in the overall system design)."
The system is not weakened if it is recognised to Infect the Whole System from the Top. Fixes at the Top therefore Feed Life through the System and that may be as Simple as just Placing One there to liaise with Moribund Status Quo Operators.
But you are Dealing with Viable Imagination and that is a Virtual Commodity subject to Immediate Changes, if entirely necessary. IT also allows for Input Inclusion for Real Output.
Usual link-less El Reg article
One failed Google later, I'm none the wiser about Nabu. A link would have been nice.
MachineID - been there, bought the T-shirt
I could have sworn that Intel had created a unique identifier code that was in each individual chip and difficult to forge, but the clamour amongst privacy and rights enthusiasts led to it being switchable - and defaulting to the "off" state.
Now we want security instead of privacy. There's got to be a balance somewhere.
What a terrible article.
I work as an Information Security professional, and I found this article to be incredibly tough-going. I'm sure it's a fascinating glimpse into the future of authentication, but it comes across more like a fleet of needlessly long sentences floating in a sea of jargon.
How very true...... but you can Assure IT, which is a nifty Majic Trick in what would then be AI Virtualised MarketPlace.
And you can bet that that, is a whole New Ball Game/ARG. Heavy MetAI at Seven of Nine Station? :-)
Is there a Better Rest and Recreation Facility?
Surely dongles are a bad idea as your USB ports on your computer would slowly be worn away. If you apply this to a network, say for example the Civil Service (where they already use cards) you're going to end up with a lot of worn out dongles and USB ports. I used to work in a warehouse that repaired broken hardware, and this covered (at the time new fangled) chip and pin readers, which had to be sent back to the manufacturers in Ireland, as there were no facilities to repair them on the mainland. Main cause of breakdown? The chip reading sensor wearing out.
Dongles part deux
The use of some hardware ID, such as the CPU serial number, etc, have the problem that *you* do not control it. In addition, if you change your PC or repair it, the ID changes.
Dongles get round that, and have the difficult to spoof encrypted request-reply action that you cannot have with a static serial number, or disk image, etc. And if you don't want it visible, just disconnect it.
But the point about contact ware out is very real, and about the practical security issue of leaving the things in other folk's PCs (e.g. at cyber cafe, or visiting a friend/company, etc).
What is really needed is a non-contact device, close operation (so not easy to read/activate from afar) and managed in some way so most PCs come with a reader that you can just place your watch-like or pendant-like 'dongle' along side it and proceed with the authentication.
Of course, you need a way of registering them and password controlling them so that:
(A) you can cancel one that is lost/stolen with ease.
(B) you can replace it if broken.
(C) you have some way of verifying and monitoring it so that you are informed if an attempt is under way to obtain a 'replacement' without your knowledge.
There is no perfect solution, just one that makes it difficult enough to foil most attempts are attacking it from afar. If you are kidnapped and threatened, there is little realistic option to stop such a fraudulent transaction from taking place.
I'm not sure which is the hardest to read, the article or the response(s) from Amanfrommars.
Dongles eh, that identify the current user/system as being allowed access to certain things eh. People, be very careful, you are very nearly identifying the dreaded Identity Card as of being some benefit, nay, of being a burning necessity for the future. Imagine, a USB RFID reader that could pick you up within 3 metres if you have your ID card in your wallet. No more DRM problems, no more licensing issues.
I have seen the future, and the future is horrid.
I think there is are very big and important differences between the horrid ID card scheme and my suggested use of a dongle:
(1) Nobody is *making* you have the ID card, and you won't be fined for not updating your details to Herr Blair, sorry, to the successive government.
(2) There is nothing biometric here, if you wanted to you could assign it to someone else (i.e. sell it and any software that was tied to it). After all, do you really want your fingers, etc, to be 'stolen' along with your ID tag in a robbery?
(3) ID cards typically have very little processing, they are (I believe) mostly a static answer with an authentication method. As for the biometric match, if performed remotely you do not know if the apparent biometric 'read' is real or simulated, since you (as the bank's server, etc) only have the TCP/IP link to go on and cannot see and verify the hardware and its use with any practical degree of cost & effort. If the dongle can do a complex challenge-reply then you know it is the real hardware *somewhere* on the system, and is not easily copied.
Finally, the use for DRM is something people would, I hope, vote against with their wallets. And most specifically you do not *want* operation from afar, ideally depending on close and voluntary access of the tag to the reader, but in a manner that avoids ware and forgetting to remove it.
I never mentioned biometrics, on some occasions it might be necessary to biometrically prove you are the rightful owner of an ID card, however, in most cases (like installing piece of software for instance) just holding the card will be enough. The card will hand over certain information when the RFID is interrogated. None of this will be personally identifiable, which means we will all be represented by some kind of number or globally inique identifier.
Dongles have their own problems. IE
Different dongles for different packages,
No single source for checking if a dongle has been stolen,
Legal owner of the software has no proof if they lose their dongle
Can't download a dongle from a web site.
1) Download installer from Web Site
2) Start install, system asks you to present your ID card to the reader.
3) System is not really interested in who you are, as long as it can register some kind of GUID it retrieves in response to it's querying of the card.
4) Installation continues with your GUID being stored locally and being the only one that can access that program.
By default everyone will use this system. So while you may be free to opt out of having an ID card, it will almost mean you opt out of living.
Now, occasionally cards will go missing, so there will be an ID clearing house that web sites etc can use. They send a GUID with some kind of card issue number (also available via the RFID) and the check site either gives a green light or a red light. Of course, having one global check site might not be politically acceptable for all nations, so maybe the GUID will be formed in such a way that the first x number of chars return the originating country so any checking can be referred to the correct site (but notice, this gives away where the user is from, and thus their privacy starts to be stripped away).
Maybe the check site will send a code that the web site should present to the ID card (via the user's machine/card reader), and based on the response it gets back will know if it is the genuine card or a clone of the publicly available info.
Initially, law enforcement agencies will be able to go to their nation's ID GUID check system and see all the companies that have carried out ID checks on it's citizens. Maybe inputting dodgy companies to find dodgy citizens. After a while someone (ITIL maybe?) will decide to encode the types of company and service, so reports on citizens can be sold to businesses. And all the time, those poor old citizens will be sold further and further down the river.
Ok, so maybe my imagination gland is a little overactive today, but think about it for a few minutes and you can see why so many politicians (control freaks) want ID cards and why we should all resist.