SECURITY



Security Basics

Living in the modern world is not a trivial task. Life is much faster than hundred, fifty or even twenty years ago. We screen much more information, we make much more miles, we eat much more food, we learn and forget much more than ever before. We are also much more concerned than our grand parents were. What our concerns are? Same as used to be back in old good years – health, money and sex, power, love and fame. But there are some new –security and privacy, and even newer – data integrity and consistency.

We will not here go into problems on old concerns, but let us try analyzing the newer:
Security and namely Information Security . Wikipedia describes it as “means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction”

 

So, the main concern is an information, which shall remain intact, unless an authorized person wants to use or modify it. Therefore we need first of all to keep information somewhere and to ensure that this storage is safe. What does it mean to keep information safe? You can restrict access or encrypt data, or both.

Then we have to grant access to the storage to the right person, and to verify if he is the right one. This process is called “authentication”. We have also to register all attempts of authentication, just in case that some bad guy will pretend that he is the right one. This is called “Audit”. We also need to keep safe pipes between the right guy and the storage to allow secure transfer of the information.

Is that clear? Good!

What shall we do to know if the guy is the right one or only pretend to be? We have to authenticate him! We have 3 means to authenticate user:

1. “Something you have” – no need to explain

2. “Something you know” – password, secret word, PIN, whatsoever…

3. “Something you are” – It is a matter of belief that every human being is unique. His or her DNA, fingerprints, retina, ear, face, everything is unique. Comparing a fresh data to the one stored within database, known as “Biometrics” is a complicated mathematical procedure and the accuracy of such authentication depends on many factors.

Yes, the third one is the best. It is recommended to combine two or three of these means, but… The higher accuracy is necessary, the higher is the price of authentication. We shall always balance between the price of information and the cost of measures to protect it. There are some inexpensive systems that combine all three factors and more…

There is also another concern here – the PRIVACY. Nobody wants to leave his biometric information to some authority. More of that, in USA for example, the Privacy Act does not allow keeping such kind of information in private hands. We’ll talk about it a bit later in regular posts

 

 

 

 

 

 

Share/Save/Bookmark