A Comprehensive Approach to Security
Responding to the growing threat of identity theft.
Identity theft is the fastest-growing crime in the world, and while it is commonly thought of as a mostly petty crime involving stolen personal credit cards or social security numbers, it is now becoming a larger threat to governments and corporations. Multiple Web sites offering fake driver’s licenses and social security cards for as little as $75, paired with identity theft’s increased ties to organized crime, have made it a vital homeland security issue. According to Ali M. AlKhouri, a final-year doctoral researcher at the University of Warwick and a senior government official in the United Arab Emirates, and Jay Bal, an associate professor, principal research fellow in the International Manufacturing Centre and director of the InterLean Ebusiness Centre at the University of Warwick, an increasing emphasis on e-commerce and e-government means that organizations are under major threat to not only protect their customers but their own sensitive and proprietary data.
In a 2007 working paper, Digital Identities and the Promise of the Technology Trio: PKI, Smart Cards, and Biometrics, AlKhouri and Bal examine three existing technologies and introduce a framework for how they can be combined into a comprehensive security system. The first of these, biometrics, is the use of an iris scan or physical traits, such as fingerprints, voice, hand or face geometry, to identify an individual positively. The second, smart cards, features integrated chips that store and process data, and they can come with a variety of accessories, including magnetic strips, bar codes, optical strips and holograms. Finally, public key infrastructure is a framework for creating a secure method of exchanging information data through encryption. In a PKI environment, a pair of keys — a public key that is known by the user and a private key used only by the system itself — are employed so data encrypted with one key can be decrypted only with the other complementary key and vice versa.
At least one of these three systems is in use in almost every major organization. And most studies have shown that PKI can be employed to handle most security and verification operations, but according to the authors, other requirements such as availability, performance, uncoercibility, untraceability and anonymity cannot be fulfilled without additional measures. PKI on its own will not provide maximum security for authentication unless it is incorporated with other security technologies such as smart cards and biometrics.