Solving Problems of Multiple Identities - Essay Example

? Case Study in Computer Security Computer Security Answer to Question Solving multiple identities by applying Current technologies Solving problems of multiple identities is done under effective identity management. Problems of multiple identities within the Metropolitan Police Service can only be solved through an effective identity management system that utilizes various technologies. The MPS staff members are faced with multiple identities resulting due to the different job role they play, but they can make use of Claims-based identity and the Role-Based Access Control (RBAC) to solve the problem. Security Token Service (STS) How it works Claims-based identity entails a common way of using applications to acquire required identity information about users within their organizations, from other organizations, or from the internet. It provides consistent approaches for the applications that could be running on the organizations or within the internet cloud. Advantages and disadvantages STS can simplify authentication logic especially for every individual software applications. It makes it possible for applications to identify certain aspects about the users even without interrogating the user. It simplifies authentication processes for user. The major disadvantage is confusion in the term and concepts. It requires substantial skills to use the application and it is costly to install and use. Claims-based identity could be used by the Metropolitan Police Service as a way of applications for acquiring identity information required for every individual working for the police service within the area. The administrators could establish and acquire all MPS users’ identity information. MPS could find this technology useful since it provides an approach, which is consistent for the applications that are running on the Metropolitan Police Service premises as well as in the internet cloud. Claims-based identity technology is strong since it can abstract individual’s identity elements and gain access to control into either the concept of an authority or issuer and a single but general claims notion. Claim in this case implies statements depicting the identity of every legible user. Role-based Technology How it works The Role-Based Access Control (RBAC) is used in managing multiple identities in different roles within the police service Advantages and disadvantages It is advantageous in that it allows role associations that can be created when new operations are started and old associations are done away with. It is also advantageous in terms of its ability to control privileges at an individual level. The technology is technical and costly to adopt. Application The Metropolitan Police Services can utilize this technology for a successful operation of its activities without comprising the security of sensitive information in the police service. Recommendation I would recommend the use of the claims-based identity technology because it has more potential grounds in preventing multiple identities. It has potential to make authentication logic simpler for every individual software application. In this case, the applications do not require the provision of account creation mechanisms, password creation, or even reset. Again, there is hardly any need to interrogate user to determine certain information since the technology can establish certain aspects about the user. Answer to Question 2 Role In the world of information technology, there is an important need to strengthen user authentication in order to keep hackers and such kind of people at bay and there different ways to validate the identity of a user which do have distinct levels of security (Douligeris 2007, p.173). The single factor authentication involves simple identifications like a badge that is used to access a door or a building that is potentially fairly secure but may be prone to failures such as problems of passwords. Biometrics is highly used as a secure and very convenient authentication tool. This tool can hardly be borrowed, forged, borrowed, or stolen. Biometrics are mainly used in measuring one’s unique physical and behavioral traits in order to recognize and authenticate one’s identity. The main physical biometrics includes fingerprints, retina, palm or hand geometry, iris, as well as facial characteristics. The behavioral characteristics are signature, keystroke patterns, voice, and gait. Voice and signature are the most developed of this biometric class (Newman 2009, p.233). Verification of the biometric is necessary as it confirms that an individual is enrolled in the database with the authorizations as claimed in that when the individual present himself to the system. These techniques are explained below. Fingerprint Technology Fingerprint technology is one of the most accurate biometric models that match through the categorization into two different methods that stress verification and recognition whereby recognition is the process of accepting or denying the persons claimed identity. How it works The role of biometric Recognition is to search a particular database that identifies who the person is or whoever claims identity to be recognized. The fingerprints use the characteristics of the finger and ridges and valleys are used to match the fingerprints and when the finger is placed on the platen it distinguishes the valleys and the ridges (Quinche and Margot 2010). The LED light source and CCD is positioned on the side of the glass platen while the laser light focused on the glass at an angle is used to capture the reflected laser light from the glass (Quinche and Margot 2010). The reflection of the glass produces an image produces a distribution from the valleys while the ridges are distributed widely and randomly forming an image on the image plane corresponding to the bridges and the valleys, then the fingerprint matching is used to check whether it matches the original or not which depends on the representation of the fingerprint. Once the authentication has been accomplished, the machine undertakes matching process that compares the similarities of the representation of the two fingerprints. This is then used to calculate whether the two pairs of the fingerprint representations has been derived from the same finger that depends on the similarities as measured against the threshold provided by the machine. Advantages and disadvantages Fingerprint technology is advantageous in that it is easy to use. The technology is user friendly and brings results of authentication immediately. It is also accurate. It is also among the most economical biometrics technologies used. It is among the most developed biometric technologies used. It is also easy to use and requires less storage space for the biometric templates. The biometric technology is disadvantageous because it is intrusive to many people especially given its major use in criminal investigation. Mistakes are likely to emerge when the skin is dry or dirty. Iris Scanners How it works Iris scanners are used for capturing the characteristics of the person in the eyes at the iris and a representation made of the mathematical analysis as collected by the scanners. To capture the characteristics of the iris, the person should stand about 10 cm from the scanner and once the characteristics are captured, it is enrolled once on the database. Its basis is that the image pattern is captured and replicated as an encrypted digital template of the pattern captured thereby providing security against identity theft with the landmark features of the iris captured through isolation and extraction that take the distinct features of the iris for biometric identification. Advantages and disadvantages Advantages of iris scanners include high accuracy and very high verification speed of less than five seconds. It has several disadvantages like being intrusive to some people. It also requires a lot of storage space for data storage. The technology is very expensive. Similarities/ Differences and Recommendation Both technologies are very reliable, but the iris scanner tends to be more accurate as the iris once in the database is difficult to tamper with. Iris scanner has more advantages including high authentication speed thereby making it more suitable for the Metropolitan Police Service. The fingerprint technology at times fails due to the tampering with fingers or failure by the machines to match fingerprints with the corresponding one on the machine making its less suitable for a large service organization like the MPS. Q.3 Differences Biological identity is based on the biometric techniques of identifying the features of a person such as fingerprints or the scanning of iris amongst others. The digital identity on the other hand represents the identity of a person using digital technology such as the use of passwords to be distinct from others in terms of identity (NATO, 2013). Similarities Both technologies are based on personal differences, which could be physical or behavioral. The digital technologies are more of behavioral characteristics than physical since they depend on the way people act by maintain unique passwords. Digital identities are prone and must deal with two problems that include the anonymous and partial identities. In the instance of a member of the Police Computer Crime Unit, the security level will be at different levels for each department meaning that the rate of accessibility will vary from one level to another because of the need to protect sensitive data from officers who are not members of that particular unit. In such a scenario, the biological identity would be more suitable as the data can only be accessed by the officers presenting themselves physically rather than through passwords. Otherwise, any form of identification such as badges could even be used rather than the digital identities that can be accessed secretly by officers who are not members of that particular unit as long as they have the password. Role of X. 509 An X.509 Certificate attaches a nomenclature to a public key and associates the public key with the identity shown in the X.509 Certificate. It derives its dependence on the integrity that the public key has and a secure application that is authentic and prevents imposters or those people not allowed accessing the secured data from doing so. To prevent imposters from accessing secure data, all the certificates must be signed by a certification authority (CA) that is trusted and confirms the integrity of the public key value in a certificate (Yang 2010, p.224). The applications thereafter verify in that the certificates have been validly signed through the decoding of the CA’s digital signature with the public key of the certification authority (CA) that authenticated the certificate. The X.509 certificate contains information about the certificate subject and the certificate authority and is encoded to describe messages that can be received or sent on a network meaning that the certificate merely associates an identity with a public key value. Q.4 Use of PKI The Public Key Infrastructure (PKI) is used to brings together software, hardware, procedure, human resources and the relevant policies that are integral in creating, managing, distributing, storing, and revoking of digital certificates. When looked at in relation to cryptography it is an arrangement that ensures that public keys are bound with their respective user identities through a certificate authority (CA) that is mainly meant to secure data(Faraj et al. 2013). Under the public key cryptography, there is the generation, administration, distribution and control of the cryptographic keys while in the issuance of certificates, there is the binding of the public key to an individual, organization or other entities. Is PKI Unbreakable? There are some instances when PKI has been found to be insecure. This can lead to the compromising of important data contrary to the expectations notwithstanding its operation or installation. This case implies that the PKI is breakable. RSA is a public key cryptographic algorithm that has its basis on a difficult mathematical problem that factors composite numbers. The RSA offers better security in that it offers better authentication, confidentiality of data including data integrity and non-repudiation that is guaranteed when it is based on the Public Key Infrastructure (PKI) application with cryptography that ensures a safe and reliable system. (Jose et al 2010, p.15). Therefore, it is secure to send a message through this system as the only way one can encrypt the information is through the private key of the receiver making it more trustworthy. RSA and its Suitability to MPS RSA takes a long time to decrypt such information (Gasson, Meints, Warwick, 2012). The Metropolitan Police Services (MPS) can utilize the RSA algorithm, as it is a very hard cryptographic technique based on finding the factors for a large number. This further implies that it is impractically impossible to break the RSA that would bring about a breach in the security of a secure messaging between the client and the server. References Al-Janabi, Sufyan T. Faraj et al. 2013. Combining Mediated and Identity-Based Cryptography for Securing Email. In Ariwa, Ezendu et al. Digital Enterprise and Information Systems: International Conference, Deis, [...] Proceedings. Springer. pp. 2–3. Douligeris, C. 2007. Network security current status and future directions. Hoboken, N.J., Wiley. Jose, J., Pai, S., Pawar, S. & Raina, S. 2010. Study of RSA and Proposed Variant against Wiener’s Attack, International Journal of Computer Applications (0975 - 8887) Volume 1 – No. 17 Mark Gasson, Martin Meints, Kevin Warwick 2012, D3.2: A study on PKI and biometrics, FIDIS deliverable (3)2. 6-17. NATO.2013. Advanced Research Workshop on Identity, Security and Democracy: The Wider Social Implications of Automated Systems for Human identification, Mordini & Green (2009). Identity, security and democracy the Wider social and ethical implications of automated systems for human identification. Amsterdam, Netherlands, IOS Press. Newman, R. C. (2009). Biometrics: application, technology, and management. Clifton Park, N.Y., Delmar. Quinche, Nicolas, and Margot, Pierre. 2010. Coulier, Paul-Jean (1824–1890): A precursor in the history of fingermark detection and their potential use for identifying their source (1863). In Journal of Forensic Identification (California), 60 (2), March–April 2010, pp. 129–134. Yang, S. C. (2010). OFDMA system analysis and design. Boston, Artech House. Read More