Last month, I proposed a government-administered program that would offer citizens a cyber passport, a randomized, replaceable, short-lived code that, once issued, would become a requirement for all critical online transactions involving the covered individual. I asserted that this initiative would defeat today’s plague of massive breaches, which turns millions into perennial victims of identity theft.
In this column, I present what the technology looks like.
How can one be so sure that merchants will not be compromised in the future? Well, one can be pretty sure that merchants will be breached right and left. But their databases would not store the cyber passport, just a verifier code for it. A customer would send the merchant his cyber-passport code, and the merchant would compute a verification code from it. If that code is the same as what the merchant database says it is, then the customer is who he says he is. The verifier code cannot be reverse-processed to the cyber passport, so a hacker who harvests millions of verifier codes has nothing.
Only the issuing government agency will store the actual cyber codes en masse. It will distribute the verifier codes to all participating merchants, but not the cyber passport code itself, which will only be in the hands of the individual. So a hacker will have a choice: either raid the government database or steal the codes retail. We all know that the government has been successfully attacked many times. But the point is that the cyber-passport program shrinks the battleground by a factor of a thousand to one. Instead of having thousands of merchants’ databases to choose from, the hacker now has to attack the one and only database. We can find some top-notch security mavens to guard that one-and-only, and save the country from a horrendous plague of data breaches.
But wait. What if the hacker wedges himself into the communication channel between the merchant and its customer, and reads all the cyber passports one by one? Yes, this is a problem. Merchants today secure their channels of communication with their customers by using a protocol that is vulnerable to what is called man-in-the-middle attacks. A hacker can stealthily perch himself on the protected line and catch that secure cyber passport.
Therefore, we propose to issue a cyber-passport protector code along with the cyber-passport code. The protector code, unlike the cyber passport, will be known to all the merchants and will serve as a shared secret between the merchant and the consumer. This shared secret will enable the merchant and the consumer to communicate in a way that defeats the man in the middle. The hacker could still insert his tentacles into the communication channel, but it will do him no good because the cyber passport would be encrypted with that shared secret.
Even if a major break-in occurs and a hacker harvests millions of protector codes, this alone will do no great harm. The hacker will then have to listen in on countless merchant-customer conversations. Also, such a major break-in would soon be discovered, and new cyber passports as well as new cyber-passport protection codes could be issued to the would-be victims.
The cyber-passport protector code would never be communicated between the parties. It would only be used in an automated dialogue that would convince the customer that he is talking to a merchant and not to a phishing Web site, and convince the merchant that he is talking to a customer and not to a hacker. And only after the two recognized each other and used this recognition for mutual encryption would the customer pass on his passport code and the merchant verify it without having a copy thereof.
Modern cryptography can provide all these benefits, but it has to be legislated and administered. Congress understandably is loath to legislate abstruse crypto protocols, but this would not be the first time it has done so. President Clinton signed into law a digital-signature bill that also was based on mathematical intricacies beyond the familiarity of the legislators.
Again, the cyber-passport solution is not the end of identify theft. It is the end of wholesale identity theft. Given the swelling tide of this criminal plague, cutting the plague from wholesale to retail is not too shabby!
—Gideon Samid • Gideon@BitMint.com