By Arthur Lessard and provided by the CIO Leadership Network.
In my last column we were drifting in our holiday bliss, looking forward 25 years to how we will protect ourselves in a digital world. We have a world in which we and our proxies must have some strong, and preferably standardized, way of authenticating ourselves for everything from purchases to work. We need to bridge the gap between the heavy authentication security vendors will want and the transparency that users will need.
So how does it happen?
I believe that this gap will be filled by the rise of “credential service” companies that will house your heavy-duty security keys and provide you with access and usage in a user-friendly way. Their primary responsibility will be to keep your 8192-bit private keys…well, private.
As I mentioned, this is the easy part; Setting up a server to store 8192-bit keys for millions of users is relatively trivial for these credential service companies. But what next?
You’ve chosen a service provider who keeps and protects your private key for transactions. However, you recognize the risk is low in purchasing low-value items, so you take advantage of one of the services of the credential provider. You’ve authorized certain devices, such as your PDA, to perform certain transactions (say, media purchases up to a certain dollar value or grocery purchases to be delivered to your home) on your behalf. These devices have their own authentication credentials, at a lower security level, which they use to connect to the credential service and access your official strong credentials on your behalf. Yes, there is a minor risk that someone who finds or steals your PDA can make purchases on your behalf, but only for small amounts and only on certain types of transactions.
For an impulse purchase such as the tickets to see the latest hot band will likely require a form of personal authentication from you; they’re a hot ticket and the tickets won’t come cheap. On the other hand, it’s still a one-off purchase of only a few hundred dollars, meaning that providing your full personal credentials, including biometrics or “sec-chip” isn’t really necessary or practical. So an additional risk you’ve assumed is to authorize the credential service to allow use of your full credentials for purchases up to, say, $500 through the use of a personal password. Again, a minor risk, but you’re a good consumer and routinely change the password with the credential service, so the risk is mitigated.
Of course, there are going to be those risks that you can’t or won’t assume, which will require the use of much stronger authentication methods. In the above scenario, your workplace, for example, is likely going to require the full use of your credentials to prove you are who you say you are before allowing full access to your work resources. The problem is that it is a Bad Idea ™ to have multiple copies of your personal private key floating around; in fact the credential service won’t allow it by their ToS because it prevents them from honoring your warranty with them.
This is where intermediate security mechanisms come into play. The private key at the credential service can be accessed remotely for such transactions, but only through some form of multifactor authentication such as biometrics. In the above scenario we hypothesize that this is relatively commonplace in 2033; ATMs and other legacy devices for those who still need cash will probably also require some special form of authentication, as will something major such as a car or home purchase.
Thus, most adults and teens have a subdermal chip, commonly referred to as a “sec-chip,” installed under the skin of one of their hands. It’s painless and small enough to not interfere, and it has the ability to store multiple smaller public/private key pairs. It can also be accessed using proximity readers, including updating or adding keys. When you need to access your official credentials in an environment requiring personal authentication, you will use a basic biometric reader (fingerprint is most common) along with a proximity reader that can pull keys from the chip under your skin. This satisfies the requirement of two forms of authentication – “something you have” and “something you are” – and is a secure way of authenticating yourself to your credential service to provide authentication to services such as the edge device at your work that accepts your house connection. The “sec-chip” keys can also be used to temporarily secure information using the on-board keys in those rare cases in which you don’t have access to your credential service, or recognize when you’ve walked away from your work station.
There are several extensions that can be postulated to the above scenario – the ability to access government services to examine or change your personal information comes to mind – but the basic premise is that we have a need for the equivalent of “credential services.”
So how do we get to the above world? The biggest impediment to adequately securing e-commerce and other conveniences is standardization. In the not so distant future, we will have to consider the problem of too much variety in a secure world and what we can do about it.
Read The Ghost of Christmas Future, Part I.
• Arthur Lessard
• VP, Worldwide Security, Technicolor Home Entertainment Services, Inc
BIO
Arthur Lessard is VP of Worldwide Security for Technicolor, responsible for protection of customer content and intellectual property throughout the various Technicolor services organizations. His role encompasses managing both physical and information security in the production environments, and interfacing with the IT organization for network and business security. Lessard engages external auditors for site visits, develops and coordinates implementation of security policy and standards for Technicolor business units, and drives development of new security-oriented services. He also works with various law enforcement agencies, the MPAA, FACT and other organizations related to the control of movie piracy activities.