Abstract
In cyberspace the identity of any entity, human or computer, and its verification by relying parties is critical. At one “end” of the line a verifier, such as a network server, attempts to authenticate a claim of identity from a “client”, another system or a human user. The verifier, or “server”, may depend upon a human claimant, for example, using one or more of the usual three identity parameters: the “what you know, possess or are” tests. Moreover, that human user is really just authorising a computer process to act for him or her! At the other “end”, that same “client”, and that could be a human or any automated process, must check that the verifier or “server” is what is expected, e.g. the system at the address that has been connected to is verifiably correct. The two parties have participated in a game of mutual claim of identity and verification of claim, if they can.
In a technical sense, there are now two distinct factors emerging that severely disrupt this process. For the first factor the client fears the threat of “identity theft” from unsafe use of a computer system attached to the global Internet. Simultaneously the server cannot rely upon any claims made. For example, social networking has completely rendered the “what you know” test virtually useless. Passwords, PINs, “question and answer” sessions with family or business “secrets” and the like are no longer valid as human users simply give up all aspects of their lives to online systems and services in cyberspace for anyone to examine and use. Moreover, that “channel” between the claimant and verifier, which by definition must be totally trusted, is now broken as the end user employs a hopelessly compromised workstation, or the like to make any claim.
With the second factor the claimant, human or machine, has depended upon some naming and addressing system within the global Internet to make connection. This is now almost universally done in cyberspace via the DNS, or “Domain Name System”. However, the reliability and security of this system has been challenged not only at its roots but also in its practical usage on a day to day basis. DNS “cache poisoning” is a reality and the client just cannot be sure that a sought address and connection is valid. The situation is radically different to the earlier “circuit switching” environment with trusted telephone “exchanges”. The secure version of DNS, so-called DNSSec, has simply not gained widespread usage even with IPv6 networks, while clients depend upon URLs in all forms for reliable connection, even if those URLs, have been obtained via untrusted services, such as by use of a “search engine”.
New paradigms are needed for both the “client” and the “server”. The real security problems are in the “nodes” that serve cyberspace, rather than in the “wires” themselves. Computer operating systems, such as “Secure Linux (SELinux)”, from the USA’s National Security Agency or NSA, now incorporated into a number of Linux distributions, point the way forward with enforced and reliable “labelling” of all entities involved.
|