 |
|
|
Last Modified:
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?
|
|
|
Homepage / Publications & Opinion / Archive / Daily Telegraph: Harddrive Total security is safe from us. THE idea of making a purchase by giving someone your charge card or bank account details over the telephone, or worse, Internet, fills many people with fear. They see it as risky and very insecure. But these same people buy petrol, food and goods from stores, and are happy to hand over their cards so a copy can be made, complete with a legible signature. In doing so they never question or worry about the honesty of the recipient of this prized information. I was recently challenged by a man who claimed that his digital mobile telephone was 100 per cent secure. I disagreed. When asked to divulge the secret of how I would listen into his conversation, I replied that I would just sit at his side. People on mobile phones are seldom guarded in what they say as they assume themselves to be in some kind of acoustic bubble. Electronic crime does not always need fancy technology, just opportunism. Security is not an absolute quantity, only a relative commodity. The reality is that most security failures are down to human fallibility and corruption. Granted electronic break-ins are on the increase, but so is the theft of complete machines. And how is this so different from the world of paper? Well, only in its scale and apparent invisibility. In contrast to modern technology, entire legal systems stand or fall by pen and ink - the human signature is legally binding. It is also one of the easiest things to forge. Paper money, gold and silver are easy to steal, but require visible physical action. Electronic crime on the other hand can introduce new dimensions of reach, scale and anonymity. So what of cryptography? Surely that is really secure. Well, not necessarily. No matter how long the key sequence or coding process, powerful computers can exhaustively search all the combinations in a reasonably short time. Only last month, Ian Goldberg, a California student, cracked a 40-bit code in just over 3.5 hours using a network of workstations. More impressively, cracking codes lends itself to parallelism. So all we have to do is link several Power PCs to realise a tremendous capability. No matter how long the sequence or code used, the computer to crack it will arrive sooner or later. Of course, we can reduce the odds against electronic crime by changing code sequences on each operation, but this can be expensive and inconvenient. So, I would put my money on a combination of several codes or simple overt and covert protection devices. If we spend thousands it is possible to recognise a face, voice, hand, fingerprint, and other biometrics with a billions to one chance of an error. However, for just a few hundred pounds we can realise error probabilities of around one in a thousand. Applying four or five of these techniques in succession can make that hundreds of billions to one. Super security can therefore be both low-cost and convenient. Now, back to the original problem. When we wish to spend money, the vendor wants to know it is us, and that we have the money to spend. We on the other hand should be gauging the honesty of the vendor and the security of the transaction. Ultimately the weak link is the people involved, and it may be some time before machines can outsmart or catch us. Peter Cochrane holds the Collier Chair for the Public Understanding of Science & Technology at the University of Bristol. His home page is: |
|
||
|
|
|