At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues by David Clark
Author:David Clark
Language: eng
Format: epub
Tags: ebook
Publisher: The National Academies Press
Published: 2014-07-11T00:00:00+00:00
Given the role of the CA, its compromise is a dangerous event that can undermine transactions based on assurances of identity. Indeed, certificate authorities have in the past been tricked into issuing bad certificates, and some have even gone rogue on their own. The security of the Internet is under stress today in part because the number of trusted but not trustworthy CAs is growing. Thus, CAs must do what they can to ensure that the certificates for which they are responsible are not compromised and, just as important, must be able to revoke a certificate if and when it is compromised.
Of course, certificate revocation is only half the battle when a certificate is compromisedâusers relying on a certificate should, in principle, check its status to see if it has been revoked. Few users are so diligentâthey rely on software to perform such checks. Sometimes the software fails to perform a check, leaving the user with a false sense of security. And sometimes the software informs the user that the certificate has been revoked and asks the user if he or she wants to proceed. Faced with this question, the user often proceeds.
Furthermore, there is an inherent tension between authentication and privacy, because the act of authentication involves some disclosure and confirmation of personal information. Establishing an identifier or attribute for use within an authentication system, creating transactional records, and revealing information used in authentication to others with unrelated interests all have implications for privacy and other civil liberties.
Stronger Authentication for the Internet
As discussed in Chapter 2, digital information is inherently anonymous, which means that specific mechanisms must be in place to associate a given party with any given piece of information. The Internet is a means for transporting information from one computer to another, but todayâs Internet protocols do not require a validated identity to be associated with the packets that are sent.
Nevertheless, nearly all users of the Internet obtain service through an Internet service provider, and the ISP usually does haveâfor billing purposesâinformation about the party sending or receiving any given packet. In other words, access to the Internet usually requires some kind of authentication of identity, but the architecture of the Internet does not require that identity to be carried with sent packets all the way to the intended recipient. (As an important aside, an ISP knows only who pays a bill for Internet service, and one bill may well cover Internet access for multiple users. However, the paying entity may itself have accounting systems in place to differentiate among these multiple users.)
In the name of greater security, proposals have been made for a âstrongly authenticatedâ Internet as a solution to the problem of attribution. Recall that attribution refers to the identification of the entity responsible for a cyber incident. If cyber incidents effectuated through the Internet could be associated with an identifiable entity, accountability could be established and penalties meted out for illegal, improper, or unauthorized actions. âStrongâ authentication mechanisms are one way to improve attribution capabilities.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Mastering Ethereum by Merunas Grincalaitis(1437)
Security Tokens and Stablecoins Quick Start Guide by Weimin Sun(1165)
Hands-On Bitcoin Programming with Python by Harish Garg(1105)
Blockchain across Oracle by Robert van Mölken(1033)
Hands-On Bitcoin Programming with Python by Harish Kumar Garg(1017)
Mastering Bitcoin by Andreas M. Antonopoulos(762)
Cryptography for Dummies(602)
Cybersecurity for Beginners: CRYPTOGRAPHY FUNDAMENTALS & NETWORK SECURITY by HOFFMAN HUGO & HOFFMAN HUGO(418)
CISSP: 2 Books in 1: The Complete Beginner’s Guide to Learn the Fundamentals of Information System Security + Tips and Strategies to Pass the CISSP Exam on Your First Attempt by Preston Robert(401)
SSCP Systems Security Certified Practitioner All-in-One Exam Guide, Second Edition by Darril Gibson(397)
Decoding Digital: What Is Cryptocurrency: A Simple Guide To Understanding Digital Currencies And Profiting From The Next Boom In The Industry by Camden Cahill(386)
Quantum Computing and Modern Cryptography 2 books in 1: A Complete Guide. Discover History, Features, Developments and Applications of New Quantum Computers and Secrets of Modern Cryptography by Edwards Simon(362)
Hands-On Smart Contract Development with Solidity and Ethereum by David H. Hoover & Randall Kanna & Kevin Solorio(327)
Circuit Engineering + Cryptography + Open Source by Solis Tech(325)
Bitcoin Basics: A Beginner's Guide to Bitcoin and Blockchain by Gordon Marc(324)
Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition by Daniel Regalado & Shon Harris & Allen Harper & Chris Eagle & Jonathan Ness & Branko Spasojevic & Ryan Linn & Stephen Sims(314)
Implementing SSL TLS Using Cryptography and PKI by Joshua Davies(312)
The Story of Codebreaking by Al Cimino(269)
At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues by David Clark(264)
