Do You Need a Digital ID?
Anne & Lynn Wheeler
lynn at garlic.com
Mon Mar 21 22:11:51 EST 2005
Jerrold Leichter wrote:
> I don't think the 3-factor authentication framework is nearly as well-defined
> as people make it out to be.
>
> Here is what I've always taken to be the core distinctions among the three
> prongs:
>
> Something you know
> Can be copied.
> If copied illicitly, you can't tell (except by noticing
> illicit uses).
>
> Something you have
> Cannot be copied.
> Can be transferred (i.e., you can give it to someone
> else, but then you no longer have it)
> Hence, if transferred illicitly, you can quickly detect it.
>
> Something you are
> Cannot be transferred.
> Cannot be changed.
> Inherently tied to your identity, not your role.
>
> This classification, useful as it is, certainly doesn't cover the space of
> possible authentication techniques. For example, an RFID chip embedded under
> the skin and designed to destroy itself if removed doesn't exactly match any
> of these sets of properties: It's not "something you have" because it can't
> be transferred, but it's not "something you are" because it can be changed.
> Attempting to force-fit everything into an incomplete model doesn't strike me
> as a useful exercise.
but business rules for public(/private) key infrastructure can describe
that only the associated authenticating entity is the only one in
possession of the private key ("something you have") .... as a way of
relating the objective of having a specific entity's exclusive ability
to access and utilize a private key to three factor authentication.
almost all of the existing "something you have" authentication objects
are capable of being counterfeited to a greater or lesser degree.
possibly the widest deployed "something you have" authentication objects
are magstripe plastic cards ... and it turns out they have been proven
to be remarkably easy to counterfeit/copied. the distinction between the
ease or difficulty of counterfeiting/copying a magstripe plastic card
vis-a-vis a private key ... depends on the level of security used to
prevent it from being copied. obviously a private key can be copied with
relative ease (possibly much easier than a magstripe plastic card).
in general, you will find that almost all "something you have"
authentication objects are subject to being copied ... the issue is the
degree to which security processes are in place to prevent them from
being copied. just because a private key ... represented by some
sequence of bits can be easily copied ... when no protections are in
force ... doesn't mean that there can't be security procedures put into
place that would make it extremely difficult to achieve copying of a
private key.
most models serve a useful purpose until somebody comes up with a better
or more applicable model.
many of the 3-factor authentication implementations actually use some
representation that allows the actual occurence to be implied by
something else.
for instance "something you know" authentication can be done as a
"shared-secret" where both the originator and the relying party are both
in possession of the shared-secret. an example are keys in symmetric key
cryptography.
however, it is possible to have "something you know" authentication
where the secret is not shared. For instance if there is a hardware
token that is certified to only operate when the correct PIN has been
entered .... the PIN represents "something you know" authentication w/o
having to share the secret with any other party (the relying party
assumes that the correct PIN has been entered by a) being confident of
the operation of the particular hardware token and b) the hardware
token having done something known & expected).
similarly, biometrics systems are frequently implemented as a form of
shared-secret. an entity's biometric template is registered with some
relying party .... and subsequent transactions are authenticated by
checking a new biometric template with the biometric template on file.
the x9.84 biometric standard devotes a great deal to the security for
centrally stored biometric templates .... treating them as a greater
security risk than traditional "something you know" shared-secrets. the
threat is that somebody can obtain files of registered biometric
templates and be able to subsequently retransmit them electronicly
attempting to impersonate the associated person. The issue in the
traditional 'something you know" shared-secret is that a PIN compromise
can be reported and a new, replacement PIN/password created.
However, it is somewhat more difficult to replace a thumb or iris when
there has been a reported compromise of "something you are" shared secret.
in any case, for all of the deployed existing authentication systems
involving any one of the three factor authentication paradigms, all of
the methods are vulnerable to copying to one degree or another. as a
result, I would assert that criteria of being able to copy or not is not
useful .... in all of the different three factors, it isn't whether they
are copyable .... it is the difficulty with which they can be copied.
The difficulty that any of them can be copied or counterfeited can be a
combination of their native characteristics and the level of security
that they are wrapped in.
i would further assert that the meaningful aspects represented by the
three=factor authentication model is not the native characteristic of
the components but how the individual being authenticated interacts with
the components .... i.e.
1) something you know .... implies that the person has to know the value
2) something you have ... implies that the person is in possession of
the thing or value ... but doesn't actually know or have it memorized
3) something you are .... implies that it represents some physical
characteristic of the person ... w/o the person needing to either know
or otherwise possess the object or value.
all three methods can be implemented as static value or shared-secret
implementations ... where the characteristic of the particular
authentication mode is expressed as some static value and is vulnerable
to shared-secret eavesdropping or skimming. "Something you know"
shared-secrets can be eavesdropped and fraudulently used. A magstripe
plastic card "something you have" is expressed as transmission of the
contents of the magstripe, which can be skimmed and used to create
counterfeit/copied cards. A "something you are" feature is expressed as
biometric template which can be eavesdropped and used in fraudulent
transmissions (or counterfeited in things like the gummy bear attack).
rather than interpreter 3-factor authentication as physical
characteristics which are classified as being copyable or not-copyable
... 3-factor authentication is frequently interpreted as how the entity
being authentication relates to the authentication process.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list