Information Technology Reference
In-Depth Information
As of 2013, access controls are part of a defense strategy, but they need formal
analysis of how to improve the safety of access by software packages and external
internet messaging.
Authentication Controls
Authentication and access are two parts of a complex problem. Access deals with
what features might be used. Authentication deals with how a person, a computer,
or a piece of software knows that a message or a delivery is truly what it claims to
be.
A few months ago, an email arrived that identified itself as an email from a
personal friend, so it was opened. The message itself immediately looked like a
fraud, which it was. The message started by saying “I'm writing this email with
tears in my eyes.” It then went on to say that there had been a robbery while trav-
eling abroad in London; wallet and credit cards stolen; no help from the embassy;
hotel was evicting them; please send money; and so forth.
This is a common scam that occurs when email addresses are stolen and used
by a third party to phish for money or other valuable commodities. But it can also
occur more subtly via a “man-in-the-middle” attack. In this case, my friend and I
might really be sending emails to each other, but someone is intercepting them and
changing them in perhaps subtle ways.
In the future, it might be possible to use biometric information such as retina
prints or voiceprints. Trusted friends and colleagues would have catalogs of au-
thenticated biometric information. A biometric “tag” might be affixed to email
messages sent between trusted friends and colleagues to ensure that the message
is really from the true sender and not from an identity thief or a man in the middle.
Of course, biometric tags might themselves be stolen, so they would need encryp-
tion and probably timestamps.
Authentication is a complex issue, and it needs coordinated research. Some
combination of certificates, biometric tags, and a real-time database of stolen
email addresses and identities is needed.
In the future, biometric information might also be embedded in smart cards so
that they can be used by only the person with the same unique voiceprint or retina
print as the person to whom the cards were issued.
Search WWH ::
Custom Search