Copyright Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU IdMngtMyths06 {.html,.ppt} Identity Management – 7-8 March 2006 Sydney Convention & Exhibition Centre Mythologies of Identity Control

Copyright Authentication 2.(Id)entities and (Id)entifiers 3.(Id)entities Management and for People Not of People 4.Nym Management 5.Biometrics Technologies Mythologies of Identity Control

Copyright Authentication The Process of Testing an Assertion in order to establish a level of confidence in the Assertions reliability

Copyright Kinds of Assertions Relevant to eBusiness About Data About Value About Location About Documents About Attributes About Principal-Agent Relationships About Entities About Identities

Copyright Which Assertions Matter? Utilise Risk Assessment techniques to determine: Which Assertions What level/strength of Authentication

Copyright Australian Government e-Authentication Framework (AGAF) Decide what statements need to be authenticated Use risk assessment techniques in order to decide on the level of assurance needed From among the alternative e-authentication mechanisms, select an appropriate approach Assess the impact on public policy concerns such as privacy and social equity Implement Evaluate

Copyright Names Codes Roles 2.(Id)entities and (Id)entifiers

Copyright

Copyright

Copyright Human (Id)entifiers appearancehow the person looks social behaviourhow the person interacts with others ________________________________________________________________________________________________________ _________ nameswhat the person is called by other people codeswhat the person is called by an organisation ________________________________________________________________________________________________________ _________ bio-dynamicswhat the person does natural physiographywhat the person is imposed physicalwhat the person is now characteristics

Copyright Imposed Biometrics imposed physical identifiers... branding, tattooing, implanted micro-chips

Copyright Human Identity Authentication What the Person Knows e.g. mothers maiden name, Password, PIN What the Person Has (Credentials) e.g. a Token, such as an ID-Card, a Ticket e.g. a Digital Token such as a Digital Signature consistent with the Public Key attested to by a Digital Certificate Human Entity Authentication What the Person Is (Static Biometrics) What the Person Does (Dynamic Biometrics)

Copyright (Id)entities Management A Working Definition A set of processes and supporting infrastructure that enable the authentication of (id)entity assertions The term is often used in a more restrictive sense, to apply to the specific context of online access over open public networks

Copyright Phases in Online User Access Security

Copyright User Access Security for a Single Application

Copyright Single-Organisation Single-SignOn

Copyright Multi-Organisation Single-SignOn Identity Management

Copyright Federated Identity Management a la Liberty Alliance, WS-*

Copyright Countermeasures by Individuals Web-Forms can be filled with: pre-recorded data convenient data pseudo-random data false data Personal data can be automatically varied for each remote service, in order to detect data leakage, e.g. spelling-variants, numerical anagrams Personal data can be automatically varied for the same remote service on successive occasions (to pollute the data-store and confuse the userprofile) Users can exchange cookies, resulting in compound profiles rather than profiles that actually reflect an individual user's behaviour

Copyright Identity Management by a User-Selected Intermediary

Copyright User-Device Identity Management

Copyright User-Proxy Identity Management

Copyright Identity Management The Multi-Mediated Super-Architecture

Copyright (Id)entities

Copyright Nyms

Copyright Nym One or more attributes of an Identity (represented in transactions and records as one or more data-items) sufficient to distinguish that Identity from other instances of its class but not sufficient to enable association with a specific Entity Pseudonym – association is not made, but possible Anonym – association is not possible

Copyright Nymality is Normality aka ('also-known-as'), alias, avatar, character, nickname, nom de guerre, nom de plume, manifestation, moniker, personality, profile, pseudonym, pseudo-identifier, sobriquet, stage-name Cyberpace has adopted those and spawned more: account, avatar, handle, nick, persona

Copyright Pseudo-PETs Counter-PITs Savage PETs Gentle PETs Seek a balance between nymity and accountability through Protected Pseudonymity Privacy Enhancing Technologies (PETs)

Copyright Financial Times, 19 Feb 2006 Interview with Bill Gates re MS Identity Metasystem Architecture and InfoCard... the thing that says the government says I'm over You can prove who you are to a third party and then, in the actual usage, they don't know who you are. A lot of the previous designs had the idea that if you authenticated, then you gave up privacy. There are lots of cases where you want to be authentic but not give up your privacy.

Copyright Biometrics Technologies Variously Dormant or Extinct Cranial Measures Face Thermograms Veins (hands, earlobes) Retinal Scan Handprint Written Signature Keystroke Dynamics Skin Optical Reflectance... Currently in Vogue Iris Thumbprint Hand Geometry Voice Face Special Case DNA Promised Body Odour Multi-Attribute

Copyright Fraudulent Misrepresentation of the Efficacy of Face Recognition The Tampa SuperBowl was an utter failure Ybor City FL was an utter failure Not one person was correctly identified by face recognition technology in public places Independent testing results are not available Evidence of effectiveness is all-but non-existent Ample anecdotal evidence exists of the opposite

Copyright Reference-Measure Quality The Person's Feature (Enrolment) The Acquisition Device The Environmental Conditions The Manual Procedures The Interaction between Subject and Device The Automated Processes

Copyright Association Quality Depends on a Pre-Authentication Process Subject to the Entry-Point Paradox Associates data with the Person Presenting and hence Entrenches Criminal IDs Risks capture and use for Masquerade Facilitates Identity Theft Risk of an Artefact Substituted for, or Interpolated over, the Feature

Copyright Test-Measure Quality The Person's Feature (Acquisition) The Acquisition Device The Environmental Conditions The Manual Procedures The Interaction between Subject and Device The Automated Processes

Copyright Comparison Quality Feature Uniqueness Feature Change: Permanent Temporary Ethnic/Cultural Bias Our understanding of the demographic factors affecting biometric system performance is... poor (Mansfield & Wayman, 2002) Material Differences in: the Processes the Devices the Environment the Interactions An Artefact: Substituted Interpolated

Copyright Result-Computation Quality Print Filtering and Compression: Arbitrary cf. Purpose-Built The Result-Generation Process The Threshhold Setting: Arbitrary? Rational? Empirical? Pragmatic? Exception-Handling Procedures: Non-Enrolment Non-Acquisition Hits

Copyright The Mythology of Identity Authentication Thats Been Current Since 12 September 2001 Mohammad Attas rights: to be in the U.S.A. to be in the airport to be on the plane to be within 4 feet of the cockpit door to use the aircrafts controls Authentication of which assertion, in order to prevent the Twin Towers assault? Identity (1 among > 6 billion)? Attribute (not 1 among half a dozen)?

Copyright Biometrics and Single-Mission Terrorists Biometrics... cant reduce the threat of the suicide bomber or suicide hijacker on his virgin mission. The contemporary hazard is a terrorist who travels under his own name, his own passport, posing as an innocent student or visitor until the moment he ignites his shoe-bomb or pulls out his box-cutter (Jonas G., National Post, 19 Jan 2004) it is difficult to avoid the conclusion that the chief motivation for deploying biometrics is not so much to provide security, but to provide the appearance of security (The Economist, 4 Dec 2003)

Copyright Threats of the Age Terrorism Religious Extremism Islamic Fundamentalism

Copyright Threats of the Age Terrorism Religious Extremism Islamic Fundamentalism Law and Order Extremism National Security Fundamentalism

Copyright Mythologies of Identity Control That the assertions that need to be authenticated are assertions of identity (cf. fact, value, attribute, agency and location) That individuals only have one identity That identity and entity are the same thing That biometric identification: works is inevitable doesnt threaten freedoms will help much will help at all in counter-terrorism Every organisation is part of the national security apparatus

Copyright Roger Clarke, Xamax Consultancy, Canberra Visiting Professor, Unis. of Hong Kong, U.N.S.W., ANU IdMngtMyths06 {.html,.ppt} Identity Management – 7-8 March 2006 Sydney Convention & Exhibition Centre Mythologies of Identity Control