A dedicated “solution” is needed for MPS staff frequently who have multiple identities associated with their different job roles
MPS stands for Metropolitan Police Service which is an organization in the United Kingdom to keep the law and order in the country. “Today, the Metropolitan Police Service employs 31,000 officers, 14,000 police staff, 414 traffic wardens and 4,000 Police Community Support Officers (PCSOs) as well as being supported by over 2,500 volunteer police officers in the Metropolitan Special Constabulary (MSC) and its Employer Supported Policing (ESP) program.” (MPS publication scheme n.d.).
The organization is a vast one with a huge band of officers as a whole. So, managing the entire cadets has become a challenge in front of MPS. Since the information within the group is of greater secrecy, it becomes necessary to choose a highly authenticated method to access those secure data. All employees are not allowed to access all data; there are limits for each employee. The limit can be applied to the employees using the identity concept.
A single identity check can filter out the least misuse of data, but numerous identities for the access of data can be acceptable in any case. The MPS uses four identity checks for the security of their confidential information within the organization. The identities of each officer are to be managed well and with zero errors. Thus, there comes a need for a dedicated solution for the management of identities. The solution should take care of the utmost security of the data and manage the entire identities of each employee. The management of identities claims the activities of the solution to give identities to new employees, refreshing the identities of existing employees and canceling out the identities of the employees who have quit the domain. “Identity management is a discipline which encompasses all of the tasks required to create, manage, and delete user identities in a computing environment.” (What is identity management? 2009).
Handling the protected records of an organization always requires a much efficient method. In MPS it becomes necessary for a management tool that can work with all the four identities along with the biological identity in an effectual manner with the least percent of leakage of the safety of the organization.
While entering a new employee to the wing, the identity management tool should provide an account for him along with tagging various necessary powers to it. Also, the account is given stipulation to the sectors where the account holder is authorized to visit. An existing employee account has to undergo a few steps for keeping it more secure. Forgetting passwords is met by resetting the existing passwords. Again, regular change of secret codes is essential for making the system security to the maximum extent. Upon dismissal of an employee from the domain, the whole access of the person should be repealed from the entire system. Also, the full details of the account and codes along with the database of the person should be cleared out and replaced by the newer entry in the domain system.
What role might biometric techniques play in strengthening user authentication?
As a step towards the solution execution, the identification of an efficient biometric technique to be adopted by MPS will be carried out. “One of the most dangerous security threats is impersonation, in which somebody claims to be somebody else. The security services that counter this threat are identification and authentication.” (Polemi 2000).
The identity should be disclosed with proper proof to the machine protecting the confidential data so that he will be allowed to access it. Prior to all analysis, the term biometrics is to be defined. “The term biometrics applies to a broad range of electronic techniques that employ the physical characteristics of human beings as a means of authentication.” (What are biometric techniques? 2009).
The field of biometrics becomes significant due to the fact that in the contemporary world of competency and pace, the security of communication and data turns out to be of the highest precedence. In the case of MPS, the people accessing the data should be the concerned ones themselves. So, the application of biometric techniques is accepted to ensure that the right person is accessing the right data. The physical characters of a person cannot be disguised to cheat the sensors.
The efficiency of various biometric techniques varies considerably; so the selection of the technique for a particular application is done after proper analysis of various methods available. “Biometric accuracy is measured in two ways; the rate of false acceptance (an impostor is accepted as a match – Type 1 error) and the rate of false rejects (a legitimate match is denied – Type 2 error).” (Ruggles 1996).
The analysis of accuracy should be carried out by MPS to eliminate the wrong selection of biometric techniques. The system which accepts a lesser number of unauthorized people and rejects a lower number of authorized ones is the most efficient one. But, the usage of a single biometric technique will never end up with maximum efficiency, so more than one technique is used at a time for the systems at MPS.
MPS uses different biometric techniques to achieve recognition of the authorized access to secure data. “Recognition is defined as a process involving perception and associating the resulting information with one or a combination of more than one of its memory contents.” (Jain 1999, p.3).
The sensors will sense the required physical or physiological factor and compare it with the pre-recorded data. There may be one or more matches, but the usage of more than one biometric analysis can help in finding the right output. Mismatch in anyone will make the person unable to access.
There are many biometric techniques available under different categories, namely physiological, behavioral and new biometric techniques.
The fingerprint, face recognition, voice recognition, etc are mostly used in the authentication process. The acceptance of the methods is always identified by the requirements of the organization. In the case of MPS, forceful access to secure data is to be eliminated effectively. So, the methods which are able to be affected by stress should be installed. Speech recognition and face recognition can be efficient in such cases.
The usage of this technique relies on the fact that the method is less prone to cheating. “Speaker verification can make a security system less vulnerable to violation and more easily accessible from remote sites.” (Polemi 1997, p.28).
It is identified as the secure one because the imitations are easily understood by the sensors and even the forced or stressful trial for access will be denied effectually. An organization like MPS can always advantageously use this method. Another method of authentication that can be used for secure data access is the face recognition method. “Face recognition is a very complex form of pattern recognition. It consists of classifying highly ambiguous input signals, with multiple dimensions and matching them with the know ’signals’. Classifying a pattern with high dimensions requires a restrictively large number of training samples. This is known as the ‘Curse of Dimensionality.” (Tamma 2002, p.1).
The curse dimensionality is responsible for the effective recognition of a person by his face. This becomes appropriate for MPS as no face changes are allowed for the access, and any minute change will make the system deny the person from accessing the data.
Distinguish between a biological identity and multiple digital identities
Computer crimes are identified worldwide nowadays. In the words of Janet Williams, “Electronic crime is a growing phenomenon of the twenty-first century and has the potential to affect us all. This Unit will provide a law enforcement solution and work towards limiting the impact of this crime on society.” (Williams n.d.). It identifies the prevalence of computer crime. Janet Williams is the Deputy Assistant Commissioner of a subordinate organization of MPS named as Specialist Crime Directorate (SCD).
The biological identity is a unique characteristic of living organisms. The fact that “even individuals belonging to the same species have many different characteristics; for example, nose or ear shape, hair color, eye color, etc. Thus we can say that each organism has a biological identity of its own.” (The biological identity of living organism n.d.).
The biological identity is the one that cannot be imitated at all. The biological identity is due to the genes inside the cells of the organism which cannot be altered by any means to disguise. The DNA pattern verification, identification of sweat pores, recognition of the shape of the ears, detection of the smell of the body, etc. are all identified as the biological identity analysis techniques. “Because useful biometric data ought to remain fixed during a person’s lifetime, such information may have to be considered as personal property in the legal sense.” (Huth n.d., p.8).
The identities are all checked by cross-checking with the personal properties defined earlier. The digital identities can get confused many a time due to the wrong results of comparison of the sensed and stored data. The multiple digital identities are used to eliminate the confusion resulting due to false assessments. The comparison of biological with the digital identity can be returned with the truth that the biological method is truly secure, but it is not yet practical. The testing of the gene for a person willing to access data is impossible at the present situation but the usage of the same for identifying the criminals is of much significance. Though digital identification is prone to errors, multiple usages reduce the percent of faults, and even these turn out to be completely practical.
Should the Police “trust” cryptographic techniques (such as RSA) that are used as an integral part of PKI
The fact that secure messaging within the MPS is critical makes the exploration for an encrypted secure system inevitable. As an example, the analysis of the SSL becomes significant. “SSL (Secure Socket Layer) is a protocol layer that exists between the Network Layer and Application layer.” (Implementing and using SSL to secure HTTP traffic 2008, Para. 2).
SSL turns out to be an efficient layer for a secure transfer of data between the network and application layers. The protocol for this is applicable for almost all types of data transfer including HTTP, IMAP, POP, LDAP, etc. The figure illustrated below describes the SSL application.
The SSL protocol amalgamated with encryption technology will add many colors to the security of data communication for MPS.
The data communication between the people within the organization of MPS should be secure and inaccessible by a person other than the sender and the receiver. The most widely used technique called encryption can be used effectively along with SSL applications. “Encryption is the conversion of data into a form, called a ciphertext that cannot be easily understood by unauthorized people. Decryption is the process of converting encrypted data back into its original form, so it can be understood.” (Encryption 2009).
The entire conversation sent over the communication line will be converted to another by using a key so that a person who has no access to that key cannot decrypt the sent ciphertext to tap the information. The entire security of the data is depicted on the key used for the encryption process.
The keys used for encryption are of two types, namely secret key and public key. The encryption carried out is named after the key used for the encryption process. “In secret-key encryption, also referred to as symmetric encryption, the same key is used for both encryption and decryption. In public-key encryption, also referred to as asymmetric encryption, each user has a public key and a private key. Encryption is performed with the public key while decryption is done with the private key.” (Encryption keys: basic concepts 2008).
The secret key encryption needs the sender and receiver to know the key used for encryption i.e. transmission of the key becomes necessary which is not secure in the case of organizations like MPS. But the case of public-key encryption is different because the sender’s key is always known while the decryption key is unknown to the sender. So, both the people will be having two keys with them and use the private key for decryption and the public key for encryption.
Public key encryption is widely used due to the fact that the key for decryption is kept confidential and is not needed to be sent over transmission lines. “Public-key cryptography supports security mechanisms such as confidentiality, integrity, authentication, and non-repudiation.” (Public key management 2009).
The advantages of the Public Key Cryptography make it the more acceptable and prominent method of encryption. The reliability exhibited, percentage of security offered on the transmitted data, and non-disclaimer character of the system all add to its demand in the field of secure data transmission.
The implementation of public-key encryption should be backed by an infrastructure that guides through the entire process of encryption. ”A public key infrastructure (PKI) is a foundation on which other applications, system, and network security components are built.” (Public key management 2009).
The development of efficient infrastructure is the only factor contributing to the success of the encryption process. The entire security system depends on the public key infrastructure formulated. “A PKI is an essential component of an overall security strategy that must work in concert with other security mechanisms, business practices, and risk management efforts.” (Public key management 2009).
The encryption carried out should be based on the infrastructure using the public key. The receiver side will identify the ciphertext and decrypt using the private key at that end thereby retrieving the original data sent.
The usage of PKI is widely accepted due to the authentication it is providing. “The business model used by CAs in PKI ensures that many servers will never have registered certificates — servers that may still be as trustworthy as any other, and for which secure encrypted transactions may be just as critical to the day to day online activities of thousands of people as those that can afford to buy into the CA con game.” (Perrin 2009).
The above quote describes that theoretically, the PKI seems to be unbreakable of course, but the practical aspects can or cannot be the same. But, the way they sigh on the PKI system, the MPS can trust the system without any hesitation. This shows the fact that if a cent percent PKI is developed, the confidence of the code to be unbreakable can be made secure.
The RSA is an algorithm used to generate keys for encryption and decryption that can be used with both encryption methods. The method describes using the factorization larger values. The algorithm can be summarized as:
- “n = pq, where p and q are distinct primes.
- phi, φ = (p-1)(q-1)
- e < n such that gcd(e, phi)=1
- d = e-1 mod phi.
- c = me mod n, 1<m<n.
- m = cd mod n.” (RSA algorithm: summary of RSA 2009).
The above algorithm is executed using large integers which will give the least chance of intrusion. Thus, it is secure to trust and use the algorithm in the data communication system in MPS.
Reference List
Encryption 2009, Search Security.com Definitions.
Encryption keys: basic concepts 2008, Fine Crypt: professional Encryption Tool. Web.
Huth, MRA n.d., Secure communicating systems: design, analysis, and implementation: chapter1: secure communication in modern information societies, Cambridge University Press.
Implementing and using SSL to secure HTTP traffic 2008, Linux online. Web.
Jain, LC 1999, Intelligent biometric techniques in fingerprint and face recognition, CRC Press.
MPS publication scheme n.d., Metropolitan Police: Working Together for a Safer London. Web.
Perrin, C 2009, IT security: encryption: the TLS/SSL certifying authority system is a scam, Tech Republic. Web.
Polemi, D 1997, Final report: “biometric techniques: review and evaluation of biometric techniques for identification and authentication, including an appraisal of the areas where they are most applicable.” Web.
Polemi, D 2000, Review and evaluation of biometric techniques for identification and authentication-final report: summary of report, Cordis Archive. Web.
Public key management: solution 2009, Select. Web.
RSA algorithm: summary of RSA 2009, DI Management.
Ruggles, T 1996, Comparison of biometric techniques: biometric accuracy. Web.
Tamma, S 2002, Face recognition techniques: introduction. Web.
The biological identity of living organism: what do we call “biological identity” n.d., Think Quest. Web.
What are biometric techniques? 2009, RSA Laboratories. Web.
What is identity management? 2009, Tech FAQ. Web.
Williams, J n.d., PCeU: police central e-crime unit, Metropolitan Police: Working Together for a Safer London. Web.