These are design patterns in the Christopher Alexander sense rather than the object oriented design sense: they address the physical and network environment rather than focusing on software abstractions. The patterns were introduced in my book Authentication.
There are four patterns: local, direct, indirect, and off-line.
Continue reading Design Patterns for Identity Systems
The insider threat isn’t easy to fix. We can fix it with Separation of Duty, but it requires planning ahead, discipline, and effort. But it’s essentially why banks can hire low-wage tellers and not worry about theft at the till (or at least not as much).
San Francisco lost control of their FiberWAN. It’s not clear how much this affected day to day operations, since the city appeared to still be working. And that in itself is a tribute to separation of duty.
Continue reading Fixing the Insider Threat: Separation of Duty
The one-time pad is the only encryption technique that has been mathematically proven to be uncrackable. While hard to use, it has often been the choice for highly sensitive traffic. Soviet spies used one-time pads in the 1940s and -50s. The Washington-Moscow “hot line” also uses one-time pads. However, the technique is hard to use correctly.
The exclusive or operation – a logical function applied to binary bits, like AND, OR, and NOT – is a fundamental encryption technique. It is often used in stream ciphers, which are widely used in web browsers when connecting to secure web servers.
Continue reading Encrypting with XOR: A Graphic Example
Whenever your browser establishes a “secure” connection to a web site, it encrypts the data. The encryption often takes place byte-by-byte, since the software can’t always predict how much data will be sent. This encryption style requires a stream cipher.
Continue reading Stream ciphers