Hey, you, get off of my cloud (™)
[Dave Birch] You may have seen Matt Honan's story -- it was all over the web recently -- about being hacked in a particularly disastrous way.
Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.[From How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab | Wired.com]
This is what the geek's geek, the Woz, says about it:
I say the more we transfer everything onto the web, onto the cloud, the less we're going to have control over it[From Steve Wozniak: Cloud Computing Will Cause 'Horrible Problems In The Next Five Years' - Business Insider]
Control is the key issue here, at least to me, because my mental model of privacy is largely about control. Controlling who can or can't see your data is what privacy is, isn't it? And if it is, then the mechanism for control, and the security that goes into that mechanism, is fantastically important. If someone cracks this, they are really on to something.
There are some cost savings that are immediately apparent. With the cloud there is no hardware or software to install. If your cloud vendor insists on buying either one, then they are not a true cloud provider.[From Are the Costs of Cloud Security Too Good to Be True? | Cloud Computing on Ulitzer]
No hardware? No, I don't buy that. The cloud doesn't need hardware, but cloud security does. The mechanism for controlling your data in the cloud has to have a certain minimum level of security associated with it, and to me that means somewhere in the loop there has to be some tamper-resistant hardware. Like the SIM in a mobile phone.
Now, the mobile platform has all the right attributes to make safe the next generation of consumer payments. In particular, NFC devices come with "Secure Elements": certifiably secure tamper resistant chips in which the crypto-magic happens, and where the mission critical apps run.[From Now is not the time to go soft]
There's a whole other blog post to be written here, about SIM- vs. Handset- vs. External Secure Elements (SEs) and the myriad ways in which the manufacturers and mobile operators have messed up this potentially revolutionary infrastructure, but that's not the point I wanted to make here. Note that I am not saying that mobile security is perfect. I know that it isn't, partly because of the risk analysis work we do for clients in the mobile transactions space and partly because of the Ph.D research on the topic that Consult Hyperion has been sponsoring at the Univeristy of Surrey.
banks must assume that what used to be a primary layer of defense through out-of-band authentication — the mobile phone — is now compromised.[From How to Protect Mobile Banking from Fraud - Bank Think Article - American Banker]
This is true. The current generation of mobile phones are vulnerable to certain kinds of attack and while the attacks might not be too scaleable right now, they might be in the future. As an aside, I should point out here that in the regions with the biggest volume of mobile payments (e.g., Kenya) it is clear from the figures that when frauds occur they occur because of human failures or collusion, not because the mobile device is attacked. Nevertheless, there are certain things that are risky with mobile phones, such as putting passwords or PINs in the them (because of the potential for key loggers). This won't be true for too much longer because of the arrival trusted processing in standard handsets (such as the Trusted Execution Environment, TEE, from ARM).
The level of risk doesn't mean we shouldn't use start using phones for two-factor authentication immediately - they are way, way better than passwords - just that the system needs to have realistic controls and management. Actually, I think there's more of an imperative. We need to get people used to authenticating using the handset because the handset is going to become, as Peter Vander Auwera noted, an identity remote control for the cloud.
A mobile experience that truly represents your identity — in a way that both resembles and enhances an in-person conversation but still affords you control over how you portion out your attention and provides context — could tie the knot for the myriad communication channels available.[From The First Company To Build Your Identity Into Your Phone Wins The Next Decade | TechCrunch]
I don't think I agree with Rebekah about what identity is, exactly, but I do strongly agree with the spirit of her argument. The device formerly known as the mobile phone is the transparently obvious place to store and manage your identities (whatever they are). The imminent arrival of better handset security (the TEE) and, especially given Apple's acquisition of Authentec, the imminent arrival of convenient biometric authentication will mean a fundamental change in the structure of our and other industries. Stuff will go to the cloud, and we'll remote control our stuff from our secure devices.
What this all boils down to is that we might as well start now and begin the migration. We are still using passwords when there's simply no excuse for doing so. Software cannot protect us: unless we have tamper-resistant hardware to store our identities, we cannot realise the full benefits of the cloud. When it comes down to, given the state of technology, secure electronic transactions need chips -- software just isn't good enough -- as well as convenient interfaces so that applications can work simple, securely and efficiently.
What would happen if our data was stored (encrypted) in the cloud and attached to identities that were actually secure? Imagine choosing your default identity on your phone and then going about your day, accessing all of your data without even realising that it was being pulled down from the cloud and decrypted on the fly. Sounds pretty good. But who is going to put that identity into your phone? Who is going to provide the infrastructure, the identity providers and the attribute providers? You'd think it would be, for example, banks. Or maybe even mobile operators themselves. Who knows. But they ought to get moving, because other people aren't standing still.
But all of this may change thanks to social networking. The forcing function that allows distributed identity to flood into the enterprise may be a simple side effect of the solution that we use to share information between Facebook and Twitter. It’s a testament to the massive soft power wielded by such companies that they may indirectly change how corporate America does IT forever.[From The Next IT Revolution: Bring Your Own ID - Forbes]
If my Twitter ID was a secure, then surely it would save my employer money to let me use that ID rather than create and manage a new one. And why wouldn't I use that same Twitter ID to access my bank account? Is it too late? We're already at the point where people are beginning to prefer using their Facebook and Twitter identities over site- or service-provider specific identities. I'm pretty sure most people would be happy to use these identities in almost all circumstances - if they sure that they were secure.
According to data collected by Monetate, 41 percent of shoppers prefer logging into an eCommerce platform through a social media account rather than a separate login — up from 28 percent just a year ago.[From Social Commerce - Consumers Love Shopping Through Facebook — But Expect To Be Compensated | PYMNTS.com]
Of course, as I explained back in 2007 in the noted tome "Digital Identity Management", we already have the technology to make all of this work. Tamper-resistant SIM chips, PKI and biometrics. We can build an architecture that separates my virtual identities from my digital identities and binds them to my physical identity. To establish control over my part of the cloud, I select an identity on the phone and then use it to give access. So there is an authentication (lets say biometrics with passphrase and challenge/response fallback) that connects me to my digital identity and then there is a connection between one of the virtual identities bound to that digital identity and the data in the cloud. Simple, really.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
The English language version of this work is licensed under Creative Commons Attribution-ShareAlike 3.0 Unported License. If you wish to acquire the rights to make a foreign language translation of the work, please contact Consult Hyperion.
Please note that by replying in this Forum your comments become the property of Consult Hyperion and you assign all rights in your comment to us. Your comments may be edited for length and used online and in print but will always be attributed.
Meet us at:
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010