Forwarded From: JohnE37179at_private System Security The Failed Paradigm Current information system security strategies revolve around encryption and some form of password. This approach, even if perfect, only protects transmission and transcription of information. Two elements are missing: the truth of the information transmitted and the identity of the users of the system. If the identity of a user is not absolutely confirmed at the time of enrollment even a perfect system will only confirm a potentially false identity - resulting in a insecure system. The paradigm of accuracy in information systems is limited to transcription and transmission. The truth of content is not considered. The result of these approaches is the rapid growth of identity fraud. Identity fraud appears in many guises. The acquisition of a false identification is relatively simple and the simplest of hacker techniques - social engineering - is all it may take to break the most technically sophisticated system. Why would someone trying to break a system try to break an encryption code when all they need do is a simple deception of identity? Are we not all deceiving ourselves with the race to build the strongest encryption and passwords without working on the more basic problems of user identity and message truth? The response I get when I raise this question is either that this is the "user's" problem or it is a "wet brain" problem and not susceptible to a computational solution. Both these responses ignore or misclassify the problem in an attempt to finesse a solution. There are information strategies that when coupled with existing technology can both absolutely determine and verify an individual's identity and determine the truth of message content. While this is an emerging solution, it has had over 16 million commercial uses and in tests has demonstrated error rates of fewer than one in 22 million. John Ellingson President, e-Dentification, Ltd. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:31 PDT