Follow lauxmyth on Twitter

Friday, September 9, 2011

Mapping Computer Security onto Physical Security: Two Factor Authentication

I just heard of the hack of the Twitter account for @nbcnews* from @gcluley in the Naked Security blog.  In the post, he suggests "an additional level of authentication" which is the idea of two factor authentication.  To access the account, you verify two kinds of data at once.  I will not go into how this is done with computers but there are a few ways.  The problem for Twitter -- and the end users -- it is slightly more expensive and not as convenient.  The computer security people and locksmiths know that the average 'joe' will torpedo security measures to get convenience.  In work environments, clear articulation of required protocols will lessen such failures for both the computer and physical security.  Without monitoring, however, you will find it hard to discipline for breaches.  Likewise, if you can not show action on small infractions, a firing for a large infraction is hard to support.

In my world, two factor authentication happens for high value targets.  One example would be some storage room with very controlled inventory such as narcotics, weapons, ammunition, explosives or sensitive documents.   The room is only to be opened when two people are present.  We set it up with two locks and each is keyed differently.  The locks are almost without exception high security types with UL 437 rating.  (In other parts of the world other standards come to play. The idea is very tight control on production of additional keys and the cylinders are very resistant to non-destructive bypass methods.)  Typically, a shop would make two keys only and one is put in service and the second is given to a superior who will often receive it with such a tight grip the blood is not getting into the knuckles around that key. 

In use, one key is signed to one staffer and the other key is assigned to another.  Having seen such rooms, they often have alarms for just this space and you just KNOW the two people each have to enter a different code to turn the alarm off.  Where does this fail?  One mode of failure is when the key is easy to copy and one staffer can get the other key.  Another -- and I have seen this -- is when the operation is short staffed and makes the choice to sign both keys to the same person. Another one would be a corrupt locksmith who supplies more keys than declared. As with any security process, there are certainly other modes of failure including some which may have not even been found yet.

Another common dual custody situation is often done in large retail operations where the cash office signs a deposit off an armoured truck team.  The staff in the cash office will drop the deposit into a chute inside a big safe where the deposit sits unreverable in the lower compartment.  When the truck comes, they know one of the lock combinations for the depository but only the store staff know the other.  In this way, the safe with the most money does not get opened unless both are present.

All for now, but I have been thinking of mapping the issues of computer security faults into the real world of keys and locks for a while now.  Consider this chapter one.

* Since this account has been compromised, it makes little sense to link to it.

--- --- --- --- ---
The contents of this post are released for non-profit or educational use in whole or in part provided this statement and the attribution below are kept attached.

Laux Myth ... Thoughts From a Locksmith
By MartinB, Found @ http://lauxmyth.blogspot.com/

No comments:

Post a Comment