authentication and authorization (was: Question on the state of the security industry)

Thu Jul 8 09:07:40 EDT 2004

>However, in some scenarios
>http://www.garlic.com/~lynn/2001h.html#61
>the common use of static data is so pervasive that an individual's
>information
>is found at thousands of institutions. The value of the information to the
>criminal is that the same information can be used to perpetrate fraud
>across all institutions and so the criminal value is enormous. However
>the value to each individual institution may be minimal. As a result
>there can be situations where an individual institution hasn't the
>infrastructure or the funding to provide the countermeasures necessary
>to keep the criminals away from the information (they simply don't
>have the resources to provide security proportional to the risk).
>
>The value of the static data authentication information to a criminal
>is far greater than the value of the information to the institution ...
>or the cost to the criminal to acquire the information is possibly
>orders of magnitude less than the value of the information (for
>criminal purposes).

Agreed.  This is where federated identity management becomes a tricky
problem to solve.  It is important to get something like the Liberty
Alliance right.

A solution that I like can be found here (there is also a ppt presentation
that can be found on the site):

http://middleware.internet2.edu/pki04/proceedings/cross_domain_identity.pdf

>Given such a situation .... the infrastructures simply don't have
>the resources to provide the countermeasures adequate to meet
>the attacks they are going to experience (there is such a huge
>mismatch between the value of the information to the individual
>institutions and the value of the information to the criminal).

>Which results in my assertion that there has to be a drastic
>move away from the existing "static data" authentication paradigm
>.... because there is such a mismatch between the value
>to secure the information verses the value of attacks to
>obtain the information.

>It isn't that theory can't provide  mechanisms to protect
>the information .... it that the information is spread far and
>wide and is in constant use by thousands of business processes,
>and that protection problem is analogous to the problem of
>having people  memorize a hundred different 8+character
>passwords that  change every month (which is also a shortcoming
>of the static data authenticaton paradigm).

Yes, theory is far more advanced than what is used in practice.
With Zeroknowledge proofs and attribute authentication, based on 
secrets stored on smart cards held by the proper owners, and possibility
to delegate part of the computation to a server (so clients can 
authenticate on low powered devices), without revealing information 
about the secret, etc...

I agree that what you call "static data" authentication paradigm
is the cause of many problems, including identity theft.  It is 
one reason why Identity Management is a hot topic these days; businesses
are loosing control of all these "static data" associated to the various
systems they have, and when an employee leaves a company he often has an
active account on some system even months after his departure.
This is the de-provisioning problem.

Not to sure about the wording however, if you take a zeroknowledge
Proof to authenticate possession of an attribute, prover will hold
some static data (some sort of secret), the only difference is that
the verifier doesn't need to know the secret, and in fact you can't
learn anything from looking at the communication link when the proof
is executed.  You can't learn anything either by modifying the protocol
from the verifier's point (malicious verifier).  But if you can steal
the secret that the prover possesses, than you can impersonate her.

--Anton 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com