h a l f b a k e r yLike you could do any better.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Despite unbreakable encryption techniques, and secure communication protocols, we hear again and again of these systems being rendered useless by the user choosing a guessable password, or writing it on a post-it
note stuck to the computer.
Here is a scheme by which companies may gain some confidence
that their operations will not be compromised by the negligent treatment of passwords by their employees and agents.
The scheme operates in an environment where authentication takes place by public key means. All prospective agents must give the company a public key, certificated by a trusted 3rd party if necessary. Access to the company's systems is granted when the agent proves that they have access to the corresponding private key, by signing a challenge or the like (all this is established protocol, eg SSL).
Under this regime, it is of paramount importance that the private key remain known only to the individual. To this end, the private key will normally be encrypted with a passphrase know only to the owner. This passphrase may be of arbitrary length, and can be changed at will by the owner, without reference to any outside agency.
My scheme is as follows. An individual sends his public key to the scheme operator, together with a sum of money. The operator publishes the key on a website, together with the value of the posted bond. The money is invested, and interest accrues to the bondee's account.
The scheme operator will release the money to anyone who demonstrates knowlege of the private key (eg by providing the key itself, or by sending some text correctly signed with the private key).
Companies wishing to assure themselves that an particular agent or employee, who is to be granted some degree of privileged access, will defend their key properly, will insist that the key is bonded to at least a certain value.
The value demanded would likely increase with the sensitivity of the access to be granted.
The scheme operator could also offer the following (chargeable) service: Companies could register an interest against one or more keys. They would be immediately informed by email if the bond against that key was paid out, and could deny access to that key.
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
Niiice. Key holders have a strong motivation for secrecy and memorization, which gives corporations the security to trust those key holders. I'd hate to lose my key, tho. |
|
|
Phodhiaen: you would be well advised to keep a backup copy of your key on a floppy, locked away in a safe somewhere. |
|
|
Why not call this "Subsidies for Crackers"? |
|
|
bookworm, Because the whole point is that people won't put up money unless they're extremely serious about protecting their key. One would assume that a reasonably long key would be chosen so that cracking it becomes uneconomic. |
|
|
I'd hate to have to front all that money, though. It's effectively gone, even if I protect my key with my life. What if someone poor (but conscientious) wants to go to work for such a firm? How will they afford the bond? |
|
|
Washort: the problem is that, with a low amount of money the incentive for security is low, and with a high amount of money the incentive for cracking is high. |
|
|
What we're looking for, then, is an amount of money which is sufficiently large to motivate the legitimate holder of the password to choose a more secure password (i.e., the utility of keeping the money outweighs the utility of having a simple, easily remembered password), but insufficiently large to motivate potential crackers to increase their efforts (i.e., the utility of gaining the money does not outweigh the disutility of the effort expended to crack the password). I'm not sure how often there will be a solution to this. |
|
|
However, the amount does need to be greater than the utility a cracker would gain from misuse of the stolen key. (After all, once the hacker claims the reward, the key will become worthless.) Otherwise, the cracker will ignore the bond and use the key directly, which also voids the point. |
|
|
Therefore, the bond will always increase the efforts of the crackers, if only slightly. These bonds may still increase overall security, however, if more security-conscious behavior by legitimate keyholders outweighs this effect. |
|
|
The situation could be tweaked by paying only a portion of the bond to the cracker; the rest would go to the original depositor (or, perhaps, their employer) via some alternate route. |
|
|
The unfair aspect of this whole system is that it reapportions risk from the company (which is large, and can amortize it) to the individual (who is small, and cannot). The individual cannot necessarily control all aspects of risk; perhaps they are simply the targets of an ultra-high-tech espionage team who uses TEMPEST attacks and other techniques that no reasonable user could defend against... |
|
|
To solve that problem, you'd institute "key insurance", which would pay out (in the amount of your bond, or a sizable fraction thereof) in the event that your key was stolen. And now we're back where we started. |
|
|
The scheme will, of course, provide additional motivation for crackers. It will not, however, make their job any easier. All they get is a list of public keys, with associated values. They don't know who owns the key, where they live, etc. |
|
|
If a company wants to hire a poor guy, they could give him a loan to cover the bond. The interest from the bond account will offset the loan interest. |
|
|
On the subject of reapportioning risk, the company has NO control over the user's practices, whereas the user has GREAT control (if not absolute). Therefore it should, in fact, be the individual who bears the risk. I suspect that keys hacked by costly TEMPEST attacks would be used for nefarious purposes, rather than being cashed in. Anyway, a company demanding a high bond should be prepared to provide its agents with the best, hardened equipment, and suitable training to use same. |
|
|
If you only paid out part of the bond to the cracker, then the whole bond would have to be higher to maintain the incentive to cash in rather than sell on. |
|
|
Key insurance: Great scope for fraud here. I help a distant aquaintance to 'crack' my key, then I claim on the insurance. I suspect the premiums would be high. |
|
|
Also, by placing a high value on the key, you're telling the cracker that that key protects high value information. |
|
| |