[ISN] Failed System Security Paradigm

From: mea culpa (jerichoat_private)
Date: Wed Feb 10 1999 - 03:18:12 PST

Next message: mea culpa: "[ISN] Israelis charged in Pentagon, NASA hacks"

Previous message: mea culpa: "[ISN] Technology and Pleasure: Considering Hacking Constructive."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded From: JohnE37179at_private

System Security
The Failed Paradigm

Current information system security strategies revolve around encryption
and some form of password. This approach, even if perfect, only protects
transmission and transcription of information. Two elements are missing:
the truth of the information transmitted and the identity of the users of
the system. If the identity of a user is not absolutely confirmed at the
time of enrollment even a perfect system will only confirm a potentially
false identity - resulting in a insecure system.

The paradigm of accuracy in information systems is limited to
transcription and transmission. The truth of content is not considered.

The result of these approaches is the rapid growth of identity fraud.
Identity fraud appears in many guises. The acquisition of a false
identification is relatively simple and the simplest of hacker techniques
- social engineering - is all it may take to break the most technically
sophisticated system. 

Why would someone trying to break a system try to break an encryption code
when all they need do is a simple deception of identity? 

Are we not all deceiving ourselves with the race to build the strongest
encryption and passwords without working on the more basic problems of
user identity and message truth? 

The response I get when I raise this question is either that this is the
"user's" problem or it is a "wet brain" problem and not susceptible to a
computational solution. Both these responses ignore or misclassify the
problem in an attempt to finesse a solution. 

There are information strategies that when coupled with existing
technology can both absolutely determine and verify an individual's
identity and determine the truth of message content. While this is an
emerging solution, it has had over 16 million commercial uses and in tests
has demonstrated error rates of fewer than one in 22 million. 

John Ellingson
President, e-Dentification, Ltd.

-o-
Subscribe: mail majordomoat_private with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

Next message: mea culpa: "[ISN] Israelis charged in Pentagon, NASA hacks"
Previous message: mea culpa: "[ISN] Technology and Pleasure: Considering Hacking Constructive."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:31 PDT