Security starts with Identity

One often overlooked facet of computer security is that all security starts with identity.  We overlook this because in the human world identity is obvious — we recognize faces, voices, and patterns of speech and use those to identify individuals.  A common humor theme is when our recognition is thrown off by twins or disguises.

In the electronic world identity is not nearly so obvious.  Protocols such as Ethernet were designed in an era where computers were scarce and connections could be tracked by hand, and the only identity problem was making sure that identities were unique.  There was a presumption that no one would fake the identity of another machine because doing so would (and did) cause the network to fail.

The fact that any device talking on a network port looks the same makes digital identities for computer security much more important.  Because we have no faces or voices to recognize, we need some computational proof that the other entity talking to us is who we think it is.

In the physical world, to authenticate ourselves to strangers we present some form of identity document, presumed to be difficult or impossible to fake (passport, driver’s license), and that person verifies our identity by checking our photo or by asking us questions about the information in the document (what’s your birthday?).

In the electronic world, devices authenticate by performing some computation where only the correct device could come up with the right answer.  The authenticator challenges the new device with something like “I have a random number N, multiply N by your secret number, and give me the lowest 2 digits”.  This allows the authenticator to be confident that the new device has the correct secret number, and at the same time anyone listening to the conversation would not be able to authenticate (because the authenticator would choose a new N next time) or to figure out what the secret number is (because there are an infinite number of secret numbers that could produce the same result).

Difficulties with this in practice come from protecting the device’s secret number while still distributing information about the secret number to devices which want to authenticate and making the computations difficult enough that an eavesdropper cannot calculate the secret number but simple enough that authentic devices can compute them fairly quickly.                                                                                                                                                                                                                                                                                                                                                                                                                         –    Guy Hutchison, CTO