return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ November 21, 2004 ]

Smart card to single standardized cryptographic token to national identity card


A thoughtful observer of IT systems issues, George Ou, extended the concept of a smart card to a single standardized cryptographic token in Why stop at Single Sign On, why not Universal Sign On?:

Microsoft has the right idea by implementing Smart Cards that not only allow their employees to access their computing resources, but their physical campus as well. But why stop there? Smart Cards are essentially cryptographic tokens that not only enable "something you have" security, but strong authentication using PKC (Public Key Cryptography). A traditional metal key provides "something you have", but it can't provide PKC. PKC is used in most modern Cryptography systems like SSL, S/MIME, or PGP just to name a few. Essentially, it's the strongest form of authentication ever invented and it can also enable strong encryption by providing a secure key exchange.

So why stop at access to the building and computer systems, how about replacing all of the following applications with a single standardized cryptographic token with an integrated finger print reader and/or numeric keypad for good measure.

    • Credit Card and ATM Card replacement
    • Car key replacement
    • House key replacement
    • Building badge replacement
    • Computer and Network login
    • Wireless Access token
    • VPN Access token
    • Un-forgeable passport with Digitally Signed Photo
    • Un-forgeable driver's license with Digitally Signed Photo
    • Un-forgeable Social Security Number with Digitally Signed Photo

Ou closed with a comment to the effect that a user "could just carry a single token to do all that! Maybe on a key chain," which sprang to my mind as a personal, even national, ID card, yet some twenty responses stayed at the technical level of feasibility, thus my contribution:

Without debating the merits of a national identity card, my first read of your post was that it would effectively perform as one given that your 'use cases' describe the substantive core of an individual's interaction with society.

A brief scan of commentary did not, to my mind, flag such a "third rail" application, so I mention it here.

Readers should not take my comment as pro or con, although the current situation of fifty state driver's licenses -- documents originally designed to indicate one's ability to operate a class of motor vehicle that have been increasingly pressed into an ID function -- has been and remains ripe for criminal diversion.

Having lived overseas for many years, I reflexively carry my passport and proffer it here in the US when asked for ID. In a substantive, if not the majority, percentage of cases, I am asked for the less secure, more easily forgeable driver's license instead.

FYI, I would recommend more of Ou's observations as flags for risk. In It's been an hour and my IP phone is still bootingI saw a major security risk in the delay involved in the TFTP boot-up process. Were I a terrorist or criminal, I would look to cause a network drop, or a series of drops, and so deny my target the ability to use their phone system in whole or in part, and to certainly create uncertainty in the minds of users as to which part of the organization would be inop.

I maintain that VoIP is being looked at primarily through the eyes of commercial efficiency and not availability, redundancy, and security. Cheap piggyback architecture and poor implementation will cost firms dearly. They just don't know it yet.

Why stop at Single Sign On, why not Universal Sign On?
George Ou
ZDNet weblog
17 November, 2004

Gordon Housworth

Cybersecurity Public  InfoT Public  Strategic Risk Public  


  discuss this article

<<  |  November 2004  |  >>
view our rss feed