The great firewall of cyberspace: are our efforts at prevention worth the crime?2005, it seems, was the worst year for cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. security since, well, 2004. No one is safe from digital plagues and burglars. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. USA Today USA Today National U.S. daily general-interest newspaper, the first of its kind. Launched in 1982 by Allen Neuharth, head of the Gannett newspaper chain, it reached a circulation of one million within a year and surpassed two million in the 1990s. , 130 data breaches exposed 55 million Americans to potential ID theft, and the United States Computer Emergency Readiness Team The United States Computer Emergency Readiness Team (US-CERT) is part of the National Cyber Security Division of the United States's Department of Homeland Security. (US-CERT (United States-Computer Emergency Readiness Team) The group charged with protecting the U.S. Internet infrastructure by coordinating defense against and response to cyberattacks. ) reported 5,198 software vulnerabilities that exposed users to perpetrators. The message is clear: without better measures to protect ourselves, the end of the world will be upon us. The response to this heightened risk is to develop more technology to counter cybercrime cybercrime also known as computer crime Any use of a computer as an instrument to further illegal ends, such as committing fraud, trafficking in child pornography and intellectual property, stealing identities, or violating privacy. tactics and allay al·lay tr.v. al·layed, al·lay·ing, al·lays 1. To reduce the intensity of; relieve: allay back pains. See Synonyms at relieve. 2. fears, at a sizable chunk of an estimated JPY JPY In currencies, this is the abbreviation for the Japanese Yen. Notes: The currency market, also known as the Foreign Exchange market, is the largest financial market in the world, with a daily average volume of over US $1 trillion. 200 billion information security market. At the end of 2003, Nomura Research Institute, Ltd. predicted that network security would grow into a JPY4.3 trillion (USD USD In currencies, this is the abbreviation for the U.S. Dollar. Notes: The currency market, also known as the Foreign Exchange market, is the largest financial market in the world, with a daily average volume of over US $1 trillion. 39 billion) industry by 2008, as security companies improve ways to protect our data and help companies remain productive. Biometric technologies that use biological features (iris or retina scans, voice recognition, and finger- or handprints) for identification and access rights are estimated to capture at least USD2 billion of that market's revenue. Japan's technology giants are leading the way. Fujitsu, Hitachi and NEC (NEC Corporation, Tokyo, www.nec.com, www.necus.com) An electronics conglomerate known in the U.S. for its monitors. In Japan, it had the lion's share of the PC market until the late 1990s (see PC 98). NEC was founded in Tokyo in 1899 as Nippon Electric Company, Ltd. all announced in 2005 biometric advances intended to keep undesirables away from data and equipment, and to capture a large part of that pie. Two have vein scanning that can block access to data, homes, and cars. Digital security, it seems, is going to be big business in 2006. To date, the solution to a data breach or new viral infection viral infection, n an infection by a pathogenic virus. A virus acts on the cell nucleus, taking over the genetic material within the nucleus and replicating itself. has complicated access to life-simplifying technology. We need new passwords and guard-dog software to deter those lurking See lurk. (messaging, jargon) lurking - The activity of one of the "silent majority" in a electronic forum such as Usenet; posting occasionally or not at all but reading the group's postings regularly. virtual parasites from infecting our technology or sending illicit messages to our enemies. Such efforts take time, reduce productivity, and challenge our patience. They also fail to decrease anxiety. In addition, most of the devices that are designed to protect information, computers, and cars are ineffective. Fingerprint scanners can be bypassed using the same stuff to make gummy bears or even Play-Doh[R] for less than a thousand yen. As the memories of those year-end prophecies of doom fade, it is time for sober reflection on the real threats to data security and for determining the logical steps to protect us from ever more devious cyber criminals. Since 2002, cyber attacks have declined, according to annual surveys by nonprofit organizations in Australia and the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. . Only 35 percent of respondents in the 2005 Australian Computer Crime and Security Survey reported an attack against their computers, down from 62.7 percent in 2002. The US equivalent of the survey was more precise, but equally optimistic op·ti·mist n. 1. One who usually expects a favorable outcome. 2. A believer in philosophical optimism. op . They reported an increase in the (successful) misuse of computer systems. Just over half (56 percent) of the respondents claimed unauthorized uses, but these included employees' inappropriate use of company bandwidth (sharing jokes, downloading music, and the like). Hardly threatening criminal activity, but still, ethically, thieving. Neither reported significant criminal activity that puts millions of people's personal data at risk, despite a few significant, highly publicized scares. What type of bunker is really needed to protect our networks and computers? Surprisingly, it is neither spammers nor those seeking personal information for resale that is the most costly threat to digital information. Rather, both studies suggest, it is the loss or theft of mobile phones, computers, and PDAs. Finding ways to prevent work slowdowns or exposure when an employee's work communication tools go missing would go a long way to securing network information. One possible solution is to use a biometric scan to deny access to hard drives. Biometrics gets under the skin Biometric approaches to digital security are diverse. Each approach exploits an aspect of the body that makes an individual unique: the voice, handwriting, finger, hand, iris, retina, or face. Recent devices can go deeper, penetrating the skin to use the vessels carrying blood back to the lungs as the identifying feature. Yet, the process for all these scans is the same: a snapshot (a statistical profile) of the area is taken and digitally compared with one in a database, a USB USB in full Universal Serial Bus Type of serial bus that allows peripheral devices (disks, modems, printers, digitizers, data gloves, etc.) to be easily connected to a computer. , or a smart card. If there is a match, access is granted. No match, no access. Biometric security offerings vary according to cost, convenience, equipment, and extent of the user's personal information required. Fingerprints are the oldest biometric identifier and the least effective. Keystroke key·stroke n. A stroke of a key, as on a word processor. key  stroke and signature access is the most cost-effective means of securing access to information, requiring only software that creates statistical profiles of the individual's typing or writing patterns. Voice-pattern recognition operates similarly, and requires training, but a headset is necessary. While these systems do not infringe on privacy, they are complex and still require users to remember multiple passwords. Current technology uses either penetrating sensors emitting light powerful enough to pass through the body, or reflecting sensors that barely penetrate the body. Less light intensity is required for reflecting sensors than for penetrating ones, which require a receptor behind the subject to catch the light and create the image. Most technologies use reflected light because it can be incorporated into portable, less costly security systems. Iris and retina scans shoot light directly into the eye. Critics wonder if repeated exposure might increase the risk of damage to the lens or retina. This claim has yet to be investigated, but if visual damage is suspected, the potential liability to companies using this technology could be high. Therefore, non-invasive scans of areas of the body most of us are willing to expose, like our fingers or palms, have become the primary target for biometric data security. External traits, like our faces or fingerprints, are unique but hardly static. They change with aging, exposure and injury. Moreover, external traits can be counterfeited or stolen, albeit gruesomely, further reducing the consumer appeal. So researchers are looking for Looking for In the context of general equities, this describing a buy interest in which a dealer is asked to offer stock, often involving a capital commitment. Antithesis of in touch with. deeper levels of distinction that have unique identifiers and are less susceptible to violent efforts at acquisition. One promising candidate is the circulatory system circulatory system, group of organs that transport blood and the substances it carries to and from all parts of the body. The circulatory system can be considered as composed of two parts: the systemic circulation, which serves the body as a whole except for the . It is sufficiently complex. Also, deoxygenated blood deoxygenated blood Cardiology Blood with a low O2 saturation relative to blood leaving the lungs can be imaged with relatively simple technology--which is just what hand- and face-geometric scanners do. Reading the veins just under the skin of our fingers, hands or face is starting to gain acceptance. Fujitsu has created a contact-less palm sensor that gates access to money, homes, computers, and data. It has the potential to protect us from our own clumsiness. "For the convenience" Fujitsu's palm scanner is a little black box. No kidding. It can be installed in machines like ATMs, computers, cars and main entrances or carried around in the same way as flash drives on key chains. The box is simply a digital camera that uses near infrared light Noun 1. infrared light - electromagnetic radiation with wavelengths longer than visible light but shorter than radio waves infrared emission, infrared radiation, infrared to take pictures of the vasculature vasculature /vas·cu·la·ture/ (vas´ku-lah-chur) 1. circulatory system. 2. any part of the circulatory system. vas·cu·la·ture n. of the palm. To be more precise, it snaps a shot of the veins just under the skin that are carrying deoxygenated blood back to the lungs and heart. When the black box senses movement it will ask for a hand. The exchange is like a secret handshake A secret handshake is a series of hand gestures that indicate loyalty to a club, clique, or subculture. The purpose of the secret handshake is to identify exclusive group members, and consequently to prevent inclusion of outsiders. , making sure that the veins in your palm are those with access privileges to data, home or money. The flash of near-infrared light allows a digital image of the hand's vein pattern to be taken. This image is compared with one stored on a smart card or on the device. If the two images match, you get to use the card, withdraw money, enter your home, or borrow a library book. It sounds simple, and, surprisingly, it is. According to Dr. Akira Wakabayashi, leader of the engineering team that designed this device, the black box registers an image more like an X-ray than a camera taking snapshots of a child's first steps. Unlike an X-ray, however, only the veins are imaged. This is where the true security comes into play. Near infrared light is invisible to the human eye. Infrared, the light used to beam information between computers, PDAs and motion detectors, has a significantly shorter wavelength, and can be used to send information without wires. It can also, it turns out, identify hemoglobin, a protein in red blood cells Red blood cells Cells that carry hemoglobin (the molecule that transports oxygen) and help remove wastes from tissues throughout the body. Mentioned in: Bone Marrow Transplantation red blood cells that carries oxygen to nearly every cell in our body, after it has dumped its oxygen payload (1) Refers to the "actual data" in a packet or file minus all headers attached for transport and minus all descriptive meta-data. In a network packet, headers are appended to the payload for transport and then discarded at their destination. and is returning to the lungs to get more. Each human has a unique network of vessels, or veins, that carry this de-oxygenated blood. This structure is visible when exposed to near-infrared light. Importantly, to take the image the subject must be alive and intact. This significantly reduces the risk of mutilation Mutilation See also Brutality, Cruelty. Mutiny (See REBELLION.) Absyrtus hacked to death; body pieces strewn about. [Gk. Myth.: Walsh Classical, 3] Agatha, St. had breasts cut off. [Christian Hagiog. , murder, or duplication by a criminal intent on breaching security. Evaluation Evaluating the merits of available biometric technologies depends on the end user, its particular goals, and the perceived threat to data. Measures of accuracy are not as important as one might think. The economics of hacking the system are, in many ways, more relevant than the value of the object being protected. The effort that is required to successfully copy the physical trait and transform that information into the input needed to trick the device will determine how good or bad any biometric measure will be. Three years ago, Tsutomo Matsumoto, a cryptographer cryp·tog·ra·pher n. One who uses, studies, or develops cryptographic systems and writings. Noun 1. cryptographer - decoder skilled in the analysis of codes and cryptograms cryptanalyst, cryptologist , molded gelatine into a fake finger that successfully tricked fingerprint recognition Fingerprint recognition or fingerprint authentication refers to the automated method of verifying a match between two human fingerprints. Fingerprints are one of many forms of biometrics used to identify an individual and verify their identity. devices 80 percent of the time. More relevant, the total cost of his hack was less than a price of movie ticket. Getting access to information or stealing a car would be simple and, from the thief's point of view, cost effective. When a biometric device biometric device - biometrics gives a false positive that allows an incorrect reading, it is called a false acceptance. False acceptance rates (FAR) are just one of the metrics used to determine the success of a biometric study, and a follow-up in 2005 shows how pointless fingerprinting can be as a means of protecting ourselves. However, there are also false rejection rates (FRR FRR Free Registration Required FRR Flint River Ranch (Chapel Hill, North Carolina) FRR False Rejection Rate (biometrics) FRR Fast Reroute (MPLS protection scheme) ). The combination of FAR and FRR is important in determining what makes one biometric technological offering better than another. How do the available metrics fair? Iris, finger and hand geometry Hand geometry is a biometric that identifies users by the shape of their hands. Hand geometry readers measure a user's hand along many dimensions and compare those measurements to measurements stored in a file. are less prone to mistakes than other available technologies. Fujitsu tested their palm scanner with 140,000 people, and the results exceeded their best expectations for false acceptance, with a less than one in 12,500 chance that the wrong person will be able to access information protected behind the biometric gate. Currently, most biometric-scanner technology appears clunky or awkward and remains too expensive for broad consumer use. However, Fujitsu's scanner has already found commercial applications. Tokyo-Mitsubishi has started to use the contact-less scanners to increase ATM user security, and hospitals and apartment complexes are using these systems as passkeys to facilities. When asked if he would use this technology, Wakabayshi replied, "Yes, but not just for the security, for the convenience [also]." I could see his point. No need to fumble for keys in the dark to get into my home or car, and the nightmarish efforts to key in that thirteen-character code to access my wireless would disappear. Convenience and peace of mind. Just how scary is the information crime world? How much protection do we need? Answers to those questions depend more on the information we are seeking to protect, the vulnerability of data, and the amount of trust customers put in the company holding that data. One truth, however, is that an ounce of prevention is always worth more than a pound of cure. The threat from cyber criminals, judging from cases listed on both the Interpol and FBI websites, is not so great. Seventeen cases are listed on the FBI Information Crime web pages for 2005. The total estimated (not actual) cost to victims was less than USD6 million. Most of these cyber criminals were young virus authors, and only one case involved a targeted theft of credit card numbers. While it's true the list is just a sample, and out-of-court settlements are unreported, it still indicates that companies are spending USD2 billion to protect against crimes causing damages on the order of USD6 million. Organizations and companies that generate most reports on cyber crime have large stakes in the information security markets. These argue that criminals are using increasingly sophisticated methods to plunder TO PLUNDER. The capture of personal property on land by a public enemy, with a view of making it his own. The property so captured is called plunder. See Booty; Prize. data, but most of these lure individuals who are careless or less savvy computer users. A case in point is the extent of damage caused by the Karma-Sutra virus. Sites that lure naive web users into releasing a program on their computers are common and a clear threat to personal security, but most surveys show that firewalls and training are more effective at reducing exposure risk than high-tech software and equipment. Besides, few employees actually go to personal sites at work. Ninety percent of the financial burden of these computer-related security breeches in the United States and Australia are associated with the loss or theft of laptops, mobile phones, and PDAs. While technically not data theft or invasion, these situations do present an exposure risk. It is here that biometric technology and finger and palm scanning can prove their worth. If the hard drive data is secure, or the mobile phone cannot be operated with a positive palm scan, then the information is harder to access. It makes the computer less attractive for petty thefts. More telling is that most respondents in the surveys reported that attacks were non-malicious in nature: spammers. So, while the real threat to our digital lifestyle remains unknown, and these very cool measures are generated to protect our data from our own carelessness, we simply do not know how many hackers are out there looking to get our personal information. This raises a question: Is peace of mind worth all of this? |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion