The National Forum   Donate   Your Account   On Line Opinion   Forum   Blogs   Polling   About   
The Forum - On Line Opinion's article discussion area



Syndicate
RSS/XML


RSS 2.0

Main Articles General

Sign In      Register

The Forum > Article Comments > The electronic 'me' > Comments

The electronic 'me' : Comments

By Kevin Cox, published 4/12/2007

Instead of governments controlling our identity in their databases we should control electronic data about ourselves.

  1. Pages:
  2. 1
  3. 2
  4. All
Can you help me understand what prevents someone pinching my electronic "me"

At some point there has to be a link to the physical me, presumably by use of some biometric data. How can this be secured other than by my actual physical presence, and how can it be verified that this is indeed my physical presence unless there is some verified electronic version of my biometric data, and hence pinchable?

There are a lot of other things I would like to ask, for example, if there are more transactions in an identity-free context, does it imply that these are better. Surely many of the most meaningful transactions are between true identitites. We could all be impersonal monads, but would living in a completely virtual world be as much fun or so deeply satisfying?

Sorry if my questions reveal that I have not grasped the gist of your presentation, but I thought your article was stimulating enough to deserve at least one response.
Posted by Fencepost, Thursday, 6 December 2007 1:16:26 PM
Find out more about this user Recommend this comment for deletion Return to top of page Return to Forum Main Page Copy comment URL to clipboard
FencePost,

Any system can be abused and people will find ways of pretending to be you but it will be difficult and it is almost certain that you will detect it. Our system uses a voice print as the biometric but we will extend it to include face, fingerprint, etc IF you want to use something else more convenient. Remember you identify yourself to your electronic presence and it deals with the rest of the electronic world. You do not identify yourself to your bank with your voice. You identify yourself to your electronic you then it communicates with the bank.

Everytime you wish to register a relationship with an organisation you use your voice print to tell your electronic presence that it is you. The device on which the utterance was made, the phrase that was spoken and the unique characteristics of your voice to make the relationship are all checked. Every time you create a relationship you are told via another communication channel that the relationship has been created. Hence someone to "steal your identity" will have to get your voice, your utterance, your phone and intercept the letter or phone call or email sent to you. Possible but difficult and if they do you will be able to undo any transactions they make in your name when you show it was not you.

In the future you may have many linked independent electronic presences and each one can watch the others to detect attempts to steal your identity.

Interactions in online games is very personal and many find humanly satisfying. They are not the same as a physical interaction but people like them. Have a go yourself as it is impossible to describe. A common experience is for people to have good online relationships that wanes as soon as they meet physically.
Posted by Fickle Pickle, Friday, 7 December 2007 2:04:22 AM
Find out more about this user Visit this user's webpage Recommend this comment for deletion Return to top of page Return to Forum Main Page Copy comment URL to clipboard
Kevin Cox wrote: "It is to the advantage of an individual to have all connections in the one place and connected biometrically to themselves as it makes it very, very difficult for someone else to steal their identity. The only way for an electronic identity to be stolen is to physically kidnap or take control of the person."

I'm afraid I have a more sober view of biometrics, a technology that for the most part is commercially immature. It is simply NOT very very difficult to steal a biometric identity. Independent research has shown that the majority of fingerprint scanners can be fooled by replica fingers molded from candy gelatin*. Low cost iris scanners and facial recognition systems are laughably easy to spoof; see www.heise.de/ct/english/02/11/114.

[* see "Impact of Artificial Gummy Fingers on Fingerprint Systems", T. Matsumoto et al, Proceedings of SPIE, 4677, Optical Security and Counterfeit Deterrence Techniques IV, 2002]

Most tellingly, the published False Accept Rates of commercial products hover around 2 or 3%. This would mean that on a random basis, 2 or 3 in a hundred imposters would be successful in an attack. This figure is startlingly high in light of claims made by vendors that biometrics represent 'unique' markers, or that "the only way for an electronic identity to be stolen is to kidnap the person". If the random hit rate is 2 or 3% then we should be very worried that a concerted targeted attack on a biometric could deliver much greater returns to the criminal.

Cheers,

Stephen Wilson
(information security professional)
Posted by Stephen Wilson, Thursday, 20 December 2007 11:25:06 AM
Find out more about this user Visit this user's webpage Recommend this comment for deletion Return to top of page Return to Forum Main Page Copy comment URL to clipboard
Stephen,

You are quite right. It is easy to steal a biometric so we must build our systems to anticipate this.

It is difficult to "break" all the connections of an electronic identity. For example, with a voice biometric we use the voice, the phone on which it was uttered and a "secret phrase" to identify someone. If there is doubt we go to a human operator. This makes it hard to steal. If your voice is stolen and your phone and they know your secret phrase then they will also have to steal all the other ways of contacting you for it be become hidden from you. More importantly it will become relatively easy for you to reclaim any losses as a victim of crime. Because of the difficulty of committing the crime and the difficulty of getting away with it then criminals will tend to go to easier pickings.

Take a look at the alternatives. The point is to make advances that make a new system better than what it replaces and an electronic identity that you control is superior to the existing alternative where others want to "look after" my identity. (The most interesting part of the whole exercise is what happens when we have reliable electronic identities. Almost all online systems now become much much simpler and more secure)
Posted by Fickle Pickle, Thursday, 20 December 2007 12:31:04 PM
Find out more about this user Visit this user's webpage Recommend this comment for deletion Return to top of page Return to Forum Main Page Copy comment URL to clipboard
Fickle Pickle wrote: "we use the voice [biometric], the phone on which it was uttered and a 'secret phrase' to identify someone. If there is doubt we go to a human operator".

But the fall back mode to a human is determined by a machine, and that machine is fallible. If the False Match Rate is say 1% then 1 in a 100 random imposters will not be double checked by a human. And for a concerted attack by people who know the foibles of a given biometric system, the success rate will be likely much higher than that.

This reminds me of the Smartgate Trials (face recognition at airports) where they proudly reported the number of imposters who had been picked up by the system over several months of live operation. And they also reported that the number of innocent people inconvenienced by a false alarm was acceptably low. But they don't know empirically how many people *should* have been detected but weren't.

Cheers,

Stephen Wilson
(information security professional)
Posted by Stephen Wilson, Saturday, 22 December 2007 3:56:48 PM
Find out more about this user Visit this user's webpage Recommend this comment for deletion Return to top of page Return to Forum Main Page Copy comment URL to clipboard
Stephen if the error rate on the biometric is 1% and the likelihood of the phone being stolen and used for fraud is 1 in 1000 and the likelihood that the thief knows the pass phrase is also 1 in 1000 then the chance of an imposter succeeding is 1 in 100,000,000. (OK I know they are not independent but you get the idea)

You have to remember that most transactions are trivial and are not national security. The system is much much more secure than written signatures and they work quite well. Security systems for most of our oneline transactions do not have to be perfect for them to be effective - particular when we build systems that are very likely to detect anyone who gets through the system.

I am not claiming that the biometrics are foolproof. A reason why biometrics are useful is that when a fraud is detected there is a physical link to the real person that may be used in evidence against the person if they can be physically detained whereas a password on its own is unlikely to hold up in a court of law.
Posted by Fickle Pickle, Saturday, 22 December 2007 6:24:59 PM
Find out more about this user Visit this user's webpage Recommend this comment for deletion Return to top of page Return to Forum Main Page Copy comment URL to clipboard
Fickle Pickle wrote "I am not claiming that the biometrics are foolproof". Well actually this thread started out with exactly that sort of claim: Kevin Cox wrote that "[it is] very, very difficult for someone else to steal their identity. The only way for an electronic identity to be stolen is to physically kidnap or take control of the person". These claims are just not true; they should not have been made; biometric proponents too often get away with quite careless exaggeration of their powers.

And the rest of the argument is also pretty slapdash. Forgive the nitpicking, my point is not to split hairs so much as to show that a solid security threat & risk assessment is sorely missing.

"if the error rate on the biometric is 1% and the likelihood of the phone being stolen and used for fraud is 1 in 1000 and the likelihood that the thief knows the pass phrase is also 1 in 1000 then the chance of an imposter succeeding is 1 in 100,000,000. (OK I know they are not independent but you get the idea)". They are certainly not independent but 'getting an idea' -- presumably a rough idea -- is not the way to design and justify a security system! You cannot assign these probabilities without knowing what the threat vector is. If someone is trying to defraud me, then the chance of my phone being stolen is not 1 in a 1000, it may be closer to 1!

Another loose claim is that "a reason why biometrics are useful is that when a fraud is detected there is a physical link to the real person that may be used in evidence". But for unsupervised biometrics, where the threat that concerns me the most is taking over someone else's bio and replaying it to impersonate them, you have no link to the fraudster, only the original innocent's template!

Cheers,

Stephen Wilson.
Posted by Stephen Wilson, Sunday, 23 December 2007 9:30:50 AM
Find out more about this user Visit this user's webpage Recommend this comment for deletion Return to top of page Return to Forum Main Page Copy comment URL to clipboard
Stephen,

A person's identity is the sum of the relationships with other people and organisations. Those relationships are represented in many different ways. For example, I have a relationship with a bank through owning a credit card and I represent my assent to using the credit card in different ways - typically with a physical signature. If my credit card is stolen and someone forges my signature then part of my identity is stolen but not my whole identity.

These relationships and the way we agree to express them are each vulnerable and each can be stolen without too much trouble. If however, we have an electronic me and one relationship is stolen then with a well designed system the other parts of my "electronic me" will become aware of the theft and again with a well designed system compromising one relationship does not compromise others. This is what I mean by it being difficult to steal an electronic identity.

With an electronic identity with a rich set of relationships any level of security for a particular threat can be created through multi factoring. That is, we include more and more relationships before an action is taken to whatever level of security is needed for the action to occur. An electronic me makes two factor, three factor, four factor etc authentication simple and easy to accomplish.

The electronic me is not a specific design to guard against specific threats. It is an artifact (the electronic me) that makes it possible for specific "threat vectors" to be addressed to an appropriate level of risk.

It makes more sense if you think of the electronic me as an architecture to implement identification solutions and it gains its utility through the interconnection of relationships.
Posted by Fickle Pickle, Sunday, 23 December 2007 12:22:26 PM
Find out more about this user Visit this user's webpage Recommend this comment for deletion Return to top of page Return to Forum Main Page Copy comment URL to clipboard
  1. Pages:
  2. 1
  3. 2
  4. All

About Us :: Search :: Discuss :: Feedback :: Legals :: Privacy