[cryptography] Definition of Identity (was Re: key management guidelines)

Marsh Ray marsh at extendedsubset.com
Sun Sep 5 16:12:40 EDT 2010

On 09/05/2010 01:09 PM, Arshad Noor wrote:
> http://www.strongauth.com/pdf/identityFirewalls1.0.pdf

I'm commenting on it out of order, mostly backwards.

> Digital certificate credentials using cryptographic tokens, can
> follow in the successful footsteps of the ATM card.

You know that ATM cards are frauded all the time, right?

"In a global coordinated heist, the cashers simultaneously hit more than
2,000 ATMs with the fraudulent cards, netting about $9.5 million in less
than 12 hours."

> Even if customers were still duped into going to a “phishers”
> web-site instead of a legitimate business', the fact that the
> “phisher” does not have the 2-factor cryptographic token in their
> possession will eliminate the risk of stealing the legitimate
> customer's identity.

Why wouldn't the phished customer be willing authenticate with his
second factor as well as the first? Why couldn't the phisher be able to
forward that credential nearly as easily as a password?

Even if those issues were addressed, identity and authentication is more
than logging into a web site:

"While earlier versions simply recorded banking login credentials and
forwarded them back to hackers, the latest version of Zeus also performs
illegal online banking transactions."

> When a new baby is born at a hospital, the baby should be issued its
> first digital certificate to serve its authentication needs in the
> healthcare industry. The certificate will be unusual in that it will
> be the only one of the seven credentials that will have an otherName
> value in the SubjectAltName extension to store a one-way hash of the
> digital representation of the newborn child's DNA.

Dude, this is messed up.

There are a couple of influential books you might consider reading:

> When a child goes to enroll at a preschool or kindergarten, proof of
> residency and the date of birth can be provided to the school by
> having the hospital of birth e-mail a digitally signed birth
> certificate to the school admissions office (the guardian will
> actually request it through an application on the hospital's site,
> after authenticating him/herself with their own healthcare
> credential, or their child's credential).

Is there really such a problem today with preschoolers being enrolled
with fake identities that it could possibly justify such an infrastructure?

> As such, the one-time grandfathering process will consist of
> individuals providing sworn testimonies, attesting to their
> identity, and establishing a digital DNA hash at an approved
> healthcare institution to receive their healthcare industry digital
> credential.

I get the sense that maybe you a like just a little bit the idea of
performing cryptography on your fellow humans? You could probably figure
out how to incorporate RFID somehow, too.

So what problem is this trying to solve again?

Maybe this is the problem statement:

> Most people – including security-conscious professionals – resort to
>  using similar passwords (or small set of passwords), or writing them
>  on a piece of paper for the multitude of credentials in their
> possession. [...] access to sensitive information, which was
> controlled in the past, is now a mere login-screen away to anyone in
> the world with an Internet connection. This has given rise to new
> forms of attacks – most notably, phishing and keystroke-loggers - to
> siphon away credentials to valuable service accounts.

All this, to fix that?

Still, most people would consider having seven hardware tokens to be a
"multitude of credentials".

The proposal includes little or nothing to address basic credentials
forwarding attacks. Nor does it help anyone who ever authenticates from
one of the "59% of PCs hit by malware":

Such a highly-structured system is only going to make things worse for
people when their credentials are compromised. A bad outcome would be a
situation where "The court finds Ms. Jones liable for the $1M she
borrowed from her home PC because the transaction was authenticated by
her 16384-bit RSA key unlocked by her secret 4-digit PIN and she clearly
displayed prior criminal tendencies when she wrote on the desk in first

The only solution is common sense and an adaptable, organic system which
recognizes the limitations of technology to address what are inherently
human problems. Maybe sometimes it is a little extra work to apply good
judgment rather than cranking the handle of some mechanistic rules
engine. But we certainly can do without creating a machine which
(literally) runs off the blood of newborn babies.

- Marsh

More information about the cryptography mailing list