Tuesday, January 28, 2003, 1:54 PM


The ability to copy information perfectly and cheaply has advantages and disadvantages. Thanks the the internet, we are very familiar with the advantages (e.g. email, MP3 downloads, etc.). But there are disadvantages. For example, when it comes to digital identities (e.g., a "Unique" IDs or a social security numbers), there is no way you can tell the original from the copy. Thus, an identity system based on raw information (e.g. passwords) is prone to undetectable compromises. Unlike physical theft, information theft can happen without the owner's knowledge.

If we can somehow "physicalize" information so that it cannot be copied, we can start building stronger identity systems.

Definition: Physicalization is the process of attaching information to a physical device so that physical possession of the device is required to utilize the information.
As a point of clarification, just because a chunk of information is stored on a physical device (such as a thumb drive) does not mean that the chunk of information is physicalized. So long as there is any way for that chunk of information to leave the device, that information is not physicalized within the device.

Asymmetric algorithms (also known as public key algorithms) provide us with the mechanism to enable physicalization. Private keys can be generated and kept in a physical device (they can never leave). Asymmetric algorithms allow the device to prove that it has a particular piece of information (private keys) without ever revealing the information. At the same time the information is usable and securely locked in the physical device.

To be able to obtain the use of physicalized information, a thief would have to steal the physical device.

Physical devices (such as smart cards) can be used to create strong digital identity systems. A cyber attack would be very difficult, if not impossible. The technology is starting to get fast, cheap, and small. Physicalized keys can come in form factors no larger than a car key or a credit card.

The proliferation of internet connectivity is exposing enterprise networks to hundreds of millions (and growing numbers) of people around the world. Many of these people will have malicious intents and the means to act on those intents. A conventional view of protecting enterprise networks through employing more than one factor of authentication is insufficient. Instead, a different view -- the physicalization of information -- is necessary to understand and specify the requirements for strong authentication on the network.

Identity systems which do not include such a physicalized device are prone to attacks from anywhere in the world, by any of the millions of people on the net. Physicalized identity systems are only prone to attack by people who are willing to commit physical theft.

Actuarially, physicalized authentication is about five to six orders of magnitudes less likely to be compromised than unphsicalized authentication -- there are hundreds of people in your physical neighborhood versus hundreds of millions in your cyber neighborhood.

Update (February 12, 2005):
It begins. I believe scenarios like the cyber robbing by password identity theft will get pretty commonplace, like in the case of Bank of America faces landmark online fraud case (http://www.finextra.com/fullstory.asp?id=13194) as highlighted by Jamie Lewis in his blog entry.

Actually, it started to happen sometime ago, as early as 2002, as described in 21 DBS, POSB online accounts hacked (http://it.asia1.com.sg/newsdaily/news003_20020629.html). Looks like the DBS Bank responded in May 2003 by introducing a Unique Password Via Text Messaging To Protect Fund Transfers (http://www.dbs.com/newsroom/2003/press030513.html). Not quite strong physicalization (with private keys on hardware), but stronger than raw passwords.

Tuesday, January 21, 2003, 1:48 AM

Symptom-Driven Digital Security

Why digital security is like modern medicine -- symptom-driven?

If you bleed, patch it. If you have cancer, cut it out.

If you have a computer virus, install an anti-virus. If you are getting spam, get a spam filter.

Why are we so symptom-driven? (Because we want instant gratification?)

Often, we have to fix the problem when the symptoms occur -- or the symptoms might kill us. However, we need to ask the basic questions as to WHY cancer forms or WHY viruses can function.

If we get back to basics, we will start to realize that one of the root causes of computer insecurity is the lack of strong identity in our digital systems. (Another being software bugs.)