authentication and authorization

John Denker jsd at av8n.com
Mon Jul 5 18:28:01 EDT 2004 

I wrote:
>> 1) For starters, "identity theft" is a misnomer.  My identity is my
>>  identity, and cannot be stolen.  The current epidemic involves 
>> something else, namely theft of an authenticator ... or, rather, 
>> breakage of a lame attempt at an authentication and/or 
>> authorization scheme.  See definitions and discusions in e.g. 
>> _Handbook of Applied Cryptography_ 
>> http://www.cacr.math.uwaterloo.ca/hac/about/chap10.pdf

Then Anton Stiglic wrote:
> Identity has many meanings.   In a typical dictionary you will find 
> several definitions for the word identity.

That's true but unhelpful.  In a typical dictionary you will
find that words such as
  -- heat
  -- elastic
  -- blue
  -- etc. etc.
have many, many non-technical meanings that are radically
divergent from the technical meanings.

We should assume that the participants on this list have a
goodly amount of technical expertise.  We should use the
established technical definitions, unless there is a good
reason not to.

   Note that terminology has at best secondary importance.
   Concepts are primary.  Terminology is important only to
   the extent that it helps us think clearly and speak
   clearly about the concepts.

> A digital identity is usually composed of a set of identifiers (e.g. 
> Unix ID, email address, X.500 DN, etc.) and other information 
> associated to an entity (an entity can be an individual, computer 
> machine, service, etc.). "Other information" may include usage 
> profiles, employee profiles, security profiles, cryptographic keys, 
> passwords, etc.

That is very unhelpful, because it lumps together two types
of things that really ought to be treated differently.
  -- I want my email address to be widely known.  I want my
   public keys to be widely known.
  -- I want my password to be secret.  I want my private keys
   to be secret.

Failure to make this distinction exacerbates the problem
significantly.  For example, originally a SSN was supposed to
be a database-key, used for indexing into databases, and as
such it needed to be unique but it didn't need to be secret.
Then some bozos started using it as if it were a password.
Just because it is "something you know" doesn't make it
useful as a password;  a password ought to be something you
know that nobody else knows!

Nevermind the terminology; we've got to start thinking
clearly about this concept:  Is your SSN merely a database-key,
or is it a password?  How about your credit-card number?

> Identity can be stolen in the sense that this information can be 
> copied, revealed to someone, and that someone can use it in order to 
> identify and authenticate himself to a system and get authorization 
> to access resources he wouldn't normally be allowed to.
> 
> The following document has a nice diagram on the first page of 
> appendix A: http://www.ec3.org/Downloads/2002/id_management.pdf

Again that (including the reference) misses the point and
blurs things that really need to be kept distinct.

The US government makes available to the public databases
that contain my SSN, height, weight, home address, and other
_identifying_ information.

I really don't care if everybody knows how to _identify_ me,
so long as they don't _impersonate_ me.  Maybe you know my
address, but that doesn't mean you live in my house.  Maybe
you know my height and weight, but that doesn't mean you
look like me (and even if you look sorta like me, that
doesn't mean you _are_ me).

We are talking about the uttermost foundations of cryptology
here.  Yes, ID information can be copied.  Virtually all of
cryptology starts from the assumption that at the transport
layer, everything is subject to passive attacks (copying) and
perhaps active attacks (tampering).  Crypto is something we
do at higher layers to make sure such attacks don't pay off.
As a corollary, this means good crypto imposes a high cost on
the bad guys but only a small cost on the good guys.

Ian G. put his finger on the problem when he spoke of

>>> identity being the root key to all power

Anybody who knows anything about security knows that relying
on an all-powerful root privilege is the path to perdition.

But I don't approve of the rest of his paragraph:

 >>> So the reality of it is, the predeliction with
 >>> identity being the root key to all power is the
 >>> way society is heading. I don't like it, but
 >>> I'm not in a position to stop the world turning.

First of all, not everything is heading the wrong way.
The Apache server has for eons had privilege separation
features.  The openssh daemon acquired such features
recently.  As far as I can see, the trend (in the open
software world at least) is in the right direction.

Resignation and fatalism isn't going to get us anywhere.
We ought to take the lead in making sure that ID does
*not* become the root key to all power.  Contact your
elected representatives and explain to them that an
ID-based system is a baaad idea.  It is not even a
security-versus-liberty tradeoff;  it is bad for
security and bad for liberty both.

The focus _must_ be on the transaction, not on the ID.
Suppose I carry out a transaction with the jewellery
store.  Did I authorize a $3.00 payment for a new watch
battery, or a $30,000.00 payment for diamond necklace?
Collecting more and more ID information about me is at
best marginally helpful to the relying party;  "ID" might
tell the RP whether I *could* have authorized a particular
transaction (was it within my account limit?) but "ID"
cannot possibly tell the RP whether I *did* authorize a
particular transaction.  And (!!) don't forget the
converse:  If the transaction is legit, there is no
reason why my ID needs to be involved.  Cash transactions
are still legal!

The proper use of _identification_ is obvious:  In some
exceptional circumstances it is important to be able to
connect a real meat-space _identity_ with a particular
event.  For instance, if there is a hit-and-run accident,
it really helps if a witness notes the license number of
the car.  (Been there, done that.)

I don't know whether to laugh or cry when I think about how
phishing works, e.g.
http://www.esmartcorp.com/Hacker%20Articles/ar_Watch%20a%20hacker%20work%20the%20system.htm
The so-called "ID" is doing all sorts of things it shouldn't
and not doing the things it should.  The attacker has to
prove he knows my home address, but does not have to prove
he is physically at that address (or any other physical place)
... so he doesn't risk arrest.

Earlier Ian G. wrote:

 >>> the security experts have shot their wad.

I do not see any basis for such an assertion.  Look again
at the exploits described in
http://www.esmartcorp.com/Hacker%20Articles/ar_Watch%20a%20hacker%20work%20the%20system.htm
After a few minutes thought, I can see at least three ways
to defend against these particular exploits, including one
way of proactively making the crime uncommittable, plus
two ways of stinging anybody who dares commit the crime.
I imagine there are people on this list who can do even
better.

It doesn't even take a "security expert" to figure out easy
ways of making the current system less ridiculous.

Note that on the page
http://www.esmartcorp.com/Hacker%20Articles/ar_Watch%20a%20hacker%20work%20the%20system.htm
one of the crooks repeatedly characterizes
  -- the Feds as "lazy"
  -- AOL as "stupid"

which is consistent with what I've been saying.  I don't
think people have tried and failed to solve the phishing
problem --- au contraire, I think they've hardly tried.

I've seen estimates that the losses due to phishing are
roughly one billion dollars per year, and rapidly rising.
This can be compared to "Nigerian" 419 advance fee scams,
which reportedly run about two gigabucks per year.

If the industry devoted even a fraction of that sum to
anti-scam activities, they could greatly reduce the losses.

I've been to the Anti-Phishing Working Group site, e.g.
   http://www.antiphishing.org/resources.html
They have nice charts on the amount of phishing observed
as a function of time.  But I haven't been able to find
any hard information about what they are actually doing
to address the problem.  The email forwarded by Dan Geer
was similarly vaporous.

Here's an interesting link, describing the application of
actual cryptology to the problem:
   http://news.zdnet.co.uk/0,39020330,39159671,00.htm
IMHO it's at a remarkable place in the price/performance
space:  neither the cheapest quick&dirty solution, nor the
ultimate high performance solution.  At least it refutes
the assertion about security experts' wads having been
shot.  This is one of the first signs I've seen that real
security experts have even set foot in this theater of
operations, let alone shot anything.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list