1. Copyright 1988-2006 1 Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU http://www.anu.edu.au/Roger.Clarke/......../EC/ IdMngtMyths06 {.html,.ppt} Identity Management – 7-8 March 2006 Sydney Convention & Exhibition Centre Mythologies of Identity Control

2. Copyright 1988-2006 2 1.Authentication 2.(Id)entities and (Id)entifiers 3.(Id)entities Management and for People Not of People 4.Nym Management 5.Biometrics Technologies Mythologies of Identity Control

3. Copyright 1988-2006 3 Authentication The Process of Testing an Assertion in order to establish a level of confidence in the Assertions reliability

4. Copyright 1988-2006 4 Kinds of Assertions Relevant to eBusiness About Data About Value About Location About Documents About Attributes About Principal-Agent Relationships About Entities About Identities

5. Copyright 1988-2006 5 Which Assertions Matter? Utilise Risk Assessment techniques to determine: Which Assertions What level/strength of Authentication

6. Copyright 1988-2006 6 Australian Government e-Authentication Framework (AGAF) http://www.agimo.gov.au/infrastructure/authentication/agaf Decide what statements need to be authenticated Use risk assessment techniques in order to decide on the level of assurance needed From among the alternative e-authentication mechanisms, select an appropriate approach Assess the impact on public policy concerns such as privacy and social equity Implement Evaluate

7. Copyright 1988-2006 7 Names Codes Roles 2.(Id)entities and (Id)entifiers

8. Copyright 1988-2006 8

9. Copyright 1988-2006 9

10. Copyright 1988-2006 10 Human (Id)entifiers appearancehow the person looks social behaviourhow the person interacts with others ________________________________________________________________________________________________________ _________ nameswhat the person is called by other people codeswhat the person is called by an organisation ________________________________________________________________________________________________________ _________ bio-dynamicswhat the person does natural physiographywhat the person is imposed physicalwhat the person is now characteristics

11. Copyright 1988-2006 11 Imposed Biometrics imposed physical identifiers... branding, tattooing, implanted micro-chips

12. Copyright 1988-2006 12 Human Identity Authentication What the Person Knows e.g. mothers maiden name, Password, PIN What the Person Has (Credentials) e.g. a Token, such as an ID-Card, a Ticket e.g. a Digital Token such as a Digital Signature consistent with the Public Key attested to by a Digital Certificate Human Entity Authentication What the Person Is (Static Biometrics) What the Person Does (Dynamic Biometrics)

13. Copyright 1988-2006 13 2.(Id)entities Management A Working Definition A set of processes and supporting infrastructure that enable the authentication of (id)entity assertions The term is often used in a more restrictive sense, to apply to the specific context of online access over open public networks

14. Copyright 1988-2006 14 Phases in Online User Access Security

15. Copyright 1988-2006 15 User Access Security for a Single Application

16. Copyright 1988-2006 16 Single-Organisation Single-SignOn

17. Copyright 1988-2006 17 Multi-Organisation Single-SignOn Identity Management

18. Copyright 1988-2006 18 Federated Identity Management a la Liberty Alliance, WS-*

19. Copyright 1988-2006 19 Countermeasures by Individuals Web-Forms can be filled with: pre-recorded data convenient data pseudo-random data false data Personal data can be automatically varied for each remote service, in order to detect data leakage, e.g. spelling-variants, numerical anagrams Personal data can be automatically varied for the same remote service on successive occasions (to pollute the data-store and confuse the userprofile) Users can exchange cookies, resulting in compound profiles rather than profiles that actually reflect an individual user's behaviour

20. Copyright 1988-2006 20 Identity Management by a User-Selected Intermediary

21. Copyright 1988-2006 21 User-Device Identity Management

22. Copyright 1988-2006 22 User-Proxy Identity Management

23. Copyright 1988-2006 23 Identity Management The Multi-Mediated Super-Architecture

24. Copyright 1988-2006 24 (Id)entities

25. Copyright 1988-2006 25 4. Nyms

26. Copyright 1988-2006 26 Nym One or more attributes of an Identity (represented in transactions and records as one or more data-items) sufficient to distinguish that Identity from other instances of its class but not sufficient to enable association with a specific Entity Pseudonym – association is not made, but possible Anonym – association is not possible

27. Copyright 1988-2006 27 Nymality is Normality aka ('also-known-as'), alias, avatar, character, nickname, nom de guerre, nom de plume, manifestation, moniker, personality, profile, pseudonym, pseudo-identifier, sobriquet, stage-name Cyberpace has adopted those and spawned more: account, avatar, handle, nick, persona

28. Copyright 1988-2006 28 Pseudo-PETs Counter-PITs Savage PETs Gentle PETs Seek a balance between nymity and accountability through Protected Pseudonymity Privacy Enhancing Technologies (PETs)

29. Copyright 1988-2006 29 Financial Times, 19 Feb 2006 Interview with Bill Gates re MS Identity Metasystem Architecture and InfoCard... the thing that says the government says I'm over 18... You can prove who you are to a third party and then, in the actual usage, they don't know who you are. A lot of the previous designs had the idea that if you authenticated, then you gave up privacy. There are lots of cases where you want to be authentic but not give up your privacy.

30. Copyright 1988-2006 30 5.Biometrics Technologies Variously Dormant or Extinct Cranial Measures Face Thermograms Veins (hands, earlobes) Retinal Scan Handprint Written Signature Keystroke Dynamics Skin Optical Reflectance... Currently in Vogue Iris Thumbprint Hand Geometry Voice Face Special Case DNA Promised Body Odour Multi-Attribute

31. Copyright 1988-2006 31 Fraudulent Misrepresentation of the Efficacy of Face Recognition The Tampa SuperBowl was an utter failure Ybor City FL was an utter failure Not one person was correctly identified by face recognition technology in public places Independent testing results are not available Evidence of effectiveness is all-but non-existent Ample anecdotal evidence exists of the opposite

32. Copyright 1988-2006 32 Reference-Measure Quality The Person's Feature (Enrolment) The Acquisition Device The Environmental Conditions The Manual Procedures The Interaction between Subject and Device The Automated Processes

33. Copyright 1988-2006 33 Association Quality Depends on a Pre-Authentication Process Subject to the Entry-Point Paradox Associates data with the Person Presenting and hence Entrenches Criminal IDs Risks capture and use for Masquerade Facilitates Identity Theft Risk of an Artefact Substituted for, or Interpolated over, the Feature

34. Copyright 1988-2006 34 Test-Measure Quality The Person's Feature (Acquisition) The Acquisition Device The Environmental Conditions The Manual Procedures The Interaction between Subject and Device The Automated Processes

35. Copyright 1988-2006 35 Comparison Quality Feature Uniqueness Feature Change: Permanent Temporary Ethnic/Cultural Bias Our understanding of the demographic factors affecting biometric system performance is... poor (Mansfield & Wayman, 2002) Material Differences in: the Processes the Devices the Environment the Interactions An Artefact: Substituted Interpolated

36. Copyright 1988-2006 36 Result-Computation Quality Print Filtering and Compression: Arbitrary cf. Purpose-Built The Result-Generation Process The Threshhold Setting: Arbitrary? Rational? Empirical? Pragmatic? Exception-Handling Procedures: Non-Enrolment Non-Acquisition Hits

37. Copyright 1988-2006 37 The Mythology of Identity Authentication Thats Been Current Since 12 September 2001 Mohammad Attas rights: to be in the U.S.A. to be in the airport to be on the plane to be within 4 feet of the cockpit door to use the aircrafts controls Authentication of which assertion, in order to prevent the Twin Towers assault? Identity (1 among > 6 billion)? Attribute (not 1 among half a dozen)?

38. Copyright 1988-2006 38 Biometrics and Single-Mission Terrorists Biometrics... cant reduce the threat of the suicide bomber or suicide hijacker on his virgin mission. The contemporary hazard is a terrorist who travels under his own name, his own passport, posing as an innocent student or visitor until the moment he ignites his shoe-bomb or pulls out his box-cutter (Jonas G., National Post, 19 Jan 2004) it is difficult to avoid the conclusion that the chief motivation for deploying biometrics is not so much to provide security, but to provide the appearance of security (The Economist, 4 Dec 2003)

39. Copyright 1988-2006 39 Threats of the Age Terrorism Religious Extremism Islamic Fundamentalism

40. Copyright 1988-2006 40 Threats of the Age Terrorism Religious Extremism Islamic Fundamentalism Law and Order Extremism National Security Fundamentalism

41. Copyright 1988-2006 41 Mythologies of Identity Control That the assertions that need to be authenticated are assertions of identity (cf. fact, value, attribute, agency and location) That individuals only have one identity That identity and entity are the same thing That biometric identification: works is inevitable doesnt threaten freedoms will help much will help at all in counter-terrorism Every organisation is part of the national security apparatus

42. Copyright 1988-2006 42 Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU http://www.anu.edu.au/Roger.Clarke/......../EC/ IdMngtMyths06 {.html,.ppt} Identity Management – 7-8 March 2006 Sydney Convention & Exhibition Centre Mythologies of Identity Control