My biggest security problems all start with authentication. If you look at the major hacks that have taken place in the last year, you can trace most of them back to phishing (or stupid).
If I could wave a magic wand and create a system that could verify the identity of the person at the keyboard, with a very high degree of certainty, I believe, in my opinion, that this could solve most of the security breaches that we see.
Now, many of you will be thinking – what about two factor authentication, doesn’t that solve all of the problems? I agree that two factor is MUCH better than POP (Plain Old Passwords), but there are logistical issues with fobs, phones and tokens. What I want is … a dog.
This occurred to me the other night – I was coming home late from somewhere. I opened the door and walked into the house and my dog comes out from the bedroom to say hello. No barking, snarling or any other indication that I had broken into the house. This is the same dog that can be sound asleep and if someone walks by our house, across the street, she will let us know, in no uncertain terms that the sanctity of our home is being threatened.
I started thinking about my number one security problem – authentication – and I had an aha experience. What if I could somehow create a DOG (Distinguish Only Good-guys) module for authentication? Once your computer system became “your best friend,” there would be no question about someone else spoofing your identity, and God help the bad guy that tried.
I am not completely delusional, so I know that this is a fantasy (besides, who wants to have to walk their computer? J), but I think that the idea of using behavior recognition to validate the identity of the typist is worth further investigation.
I found this paper (after writing the above) on using your cell phone as a behavior monitoring device and authentication mechanism. I think that they are onto something.
I believe that as computer power increases and memory costs decrease, it will become increasingly more realistic to create a program that, using behavior modeling, can tell with a high degree of certainty who is at the keyboard. To Woof or not to Woof, that is the question.