July 20, 2010 | 
Author 
Passwords and personal identification numbers (PIN) are information that we need to remember since the day we started interacting with digital systems. Do we know the count of passwords we need to remember? Do we know if we forgot a password already? Some of these passwords also known as passphrase are long to remember that we need to come up with a pattern to create such passwords. We sometimes rely on tools such as a sticky, PDA or text file to store these lists of passwords.
Would it be easy to identify yourself as if you are been seen by another individual acknowledging their acquaintance with you? That’s exactly what a biometric authentication technology does. It uses a physical or psychological trait that the individual always has with him or her for identification and/or authentication.
In this system, the physical or psychological trait of an individual is measured, recorded and quantified to obtain a biometric enrollment. The system can be sure to a degree of certainty that a person is who he/she claims to be based on this initial enrollment. A template, which is a long string of alphanumeric characters that describes the characteristics or features of the person, is created at each enrollment based on a biometric algorithm. The algorithm that translates physical traits to a digital representation is called the biometric algorithm. The algorithm also allows matching of a newly created template (live template) with that of the initially created one. If the matching is not closed enough, the person will not be verified.
Posted in Access Control, Physical Security, Security Architecture | 
Tags: Architecture, Biometrics, Fraud Prevention, Identity Theft, Physical Security | 
No Comments »
An online search shows majority of tools available for wiping out data on a disk points to a practice of 7 wipes. They believe that it is a US DoD requirement. Some of them support the Gutmann method of 35 wipes.
However, I could not find any documentation on US government website that indicates seven wipes. The US DoD 5220.22-M, “National Industrial Security Program Operating Manual that most online tools refers to does not have any requirements of number of wipe passes. However, I found a wiki page on Data Remanence that has enough citation and it contains the following -
“As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter.[4]
On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): “Studies have shown that most of today’s media can be effectively cleared by one overwrite” and “for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged.”[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes “has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. “[5] ” Read the rest of this entry »
Posted in Cryptography | Tags: Canada RCMP, Disk Overwrite, Disk Wipeout, Gutmann method, Information Security, NIST 800-88, Open Source, Privacy, Software, US DoD 5220.22-M | No Comments »
Authentication is the process of confirming an entity’s identity based on reliable credentials. The process and the technology involved in authentication varies with various level of assurance required from the entity.
Authentication Level of Assurance can be defined as the authentication strength required for a relying party to be assured that an entity is indeed who it claims to be. As part of an effort to create a set of criteria for levels of assurance, I want to find out existing assurance framework that exists today.
United States
Most online documentations refer to M-04-04 document published by Office of Management and Budget at the US Whitehouse. It identifies four levels of assurance –
- Level 1: Little or no confidence in the asserted identity’s validity.
- Level 2: Some confidence in the asserted identity’s validity.
- Level 3: High confidence in the asserted identity’s validity.
- Level 4: Very high confidence in the asserted identity’s validity.
Posted in Access Control | Tags: Australia, Authentication, Canada, IAEG, Identity, Liberty Alliance, New Zealand, NIST 800-63, OMB M-04-04, United States | 2 Comments »