Technology -> Usability Vs SecurityUsability Vs Security
"The more secure a system is, the harder it is to use.
The harder it is to use a system, the less secure it will be." - Brian R. Krause
This quote puts the quandary faced by system administrators every where in a perfect light. Is it possible to completely secure a system without making it impossible to use?
One of the goals of computer security is to enable the system to restrict access to information/resources to authorized personnel only. In order to do this the system needs to have some mechanism to authenticate users quickly and reliably. The sensitivity of the method used for authentication should be in some sort of proportion to the sensitivity of the information being protected, for example requiring users to undergo a full retinal scan followed by voice print identification before letting them withdraw cash from an ATM would be overkill. On the other hand protecting a national secret with only a 4 digit pin number is equally bad. The more sensitive any information is the more vigorous the authentication sequence used should be.
As all of us now any security mechanism we use to restrict access is only as secure as the weakest link in the system. If we compare computers to a medieval fortress it becomes obvious that it's useless to have an impassable moat around the castle when there is a tunnel that provides unrestricted access to the fort. Experience has shown that in most cases the human beings involved in the authentication process act like the unsecured tunnel leading straight to the heart of the fortress. This is because most people are lazy; they don't want to remember complex passwords or perform a complex sequence of steps to gain access to a resource and if the system is too hard to use the users will find ways to bypass security by writing down passwords or sharing information. Thus it's very important to take the human factor into account when designing authentication processes as poorly designed security procedures are worse than no security procedures because they give the owner a false sense of security.
It is possible to reasonably secure a computer with compromising too much of the usability and in this article we will discuss how it is possible to achieve this goal.
A common authentication method used by most computer systems is the concept of a hidden key or a secret password that only the authorized person would be able to provide. For example all checking cards issued by a bank require the user to choose a 4 digit pin which has to be entered every time the card is used, this was done to prevent the fraudulent use of a card if it got stolen or was lost. When this system was designed, it was calculated that if this pin was limited to 4 digits the system could have a maximum of 10000 different combinations so if a person tried a new pin every five seconds manually it would take them 50,000 seconds (833.33 Mins or 13.8 hours) to try out all the possible combinations. Since it was a very time consuming and effort intensive task it was concluded that the probability of someone cracking the code was not very high. Thus when the system was first implemented it reasonably secured the card from misuse provided that the user didn't compromise the system by choosing an easy to guess pin.
However recent advances in computers have created a problem. It is possible for a regular computer to go through all the possible combinations in under a second. This prompted the banks to begin allowing users to choose longer and more complex pin's to protect their cards. The longer pins are a lot harder for a computer to guess but are also a lot harder for users to remember. In a recent study it was found that almost 80% of all people fail to adhere to the basic fraud prevention strategies by keeping their with their card, or writing it on the card. The probability of people writing their PIN down increases with the increase in the complexity of the PIN and the same issues exist with usernames and passwords for regular computer account access. Most people use easily remembered dictionary words as passwords which are unfortunately also very easy to guess.
So does this mean that it's impossible to secure a computer without making it impossible to use? Fortunately the answer is no. All we have to do is remember that the best way to make a system more secure is to reduce the amount of effort needed from the user. The less work the user has to do to verify their identity the less likely he/she is to try bypassing it. One of the ways this can be done is to use a two step authentication system with something that a user would always have with him/her as one part of the authentication code. An authentication method that works great for such situations is Biometric identification. The advantage of using biometrics is that the user doesn't have to make a huge effort. All he/she has to do is look into a camera if we are using retinal scans or put a finger on a scanner if we are using fingerprint authentication. This also has the added advantage of being very hard for someone else to duplicate or spoof. Combining this with a simple PIN/Password verification process creates a system that is very hard to bypass and since no one would be willing cut off a finger and give it to a friend it would reduce the chances that someone would share their account access with friends.
Once we verify the user's identity and give them access to the system the job of computer security is done right? Unfortunately that far from the truth, the job of verifying the person's identity is only a very small part of maintaining security. Once a user is logged in a good security procedure would allow them to be productive without compromising the data. For example unlocked computers are a security risk if the user who logged into the system stepped away for a few minutes. The way most companies avoid this problem is by forcing all idle workstations to auto lock after a specified amount of time. The hard part is deciding how long to wait before locking a computer. To make a very secure computer this value could be set to a few seconds but if that was implemented no one would get any work done as they would be busy authenticating themselves every few seconds. The delay before locking has to be determined at each workplace and for each information server depending of the sensitivity of the information being accessed i.e. a computer that only accesses a server that stores recipes for exotic dishes could have a timeout as high at 15mins to 30 minutes while a computer which access nuclear missile plans could have a timeout of a min.
One way of avoiding a blanket timeout for all computers in the office would be to setup a system so that the computer would know if the user using the computer is the one authorized to use it. This could be accomplished by having a face recognition system in place above each system that constantly checks if the person using the computer is an authorized user or not and if the test fails the computer would lock the terminal and notify security. Another scanner would constantly monitor the user and if the user leaves his/her cubicle for more than a few seconds the system would be locked. Although the technology to implement this already exists, the cost of implementing this is currently very high so only the most sensitive data is protected by such methods.
The data stored on the computer also has to be properly secured before a computer system can be considered secure. Most systems secure the data by encrypting it. The longer the key used to encrypt the data the safer it is from people attempting to brute-force the password and gain access and the shorter the key the easer it is to guess, which brings us back to the earlier point, how can you make users choose long passwords without them writing it down and compromising security? If we don't want to use biometrics or other token based identification system an easy way to secure the system would be to allow users to use pass-phrases instead or passwords. Pass-phrases have the advantage of being longer and more complex than passwords which increases the no of combinations a brute force attacker has to try before he/she cracks the access code and since a pass phrase can be something like "I hate having to type this stupid password every morning" they are a lot easier to remember than something like "!@MdUoQ%X".
To make life a lot harder for hackers while making the life of a system administrator easier several companies are working on creating encryption systems that use the properties of quantum particles to secure data and communications. Quantum encryption uses laws of physics to create a secure encryption, it represents 0's and 1's as different spins on quantum particles and because any attempt to read the current state of a quantum particle changes the state of the particle its very easy to discover when someone is eavesdropping on a network connection or trying to read a file that they are not supposed to have access to. Once this technology is mature, it can be combined with biometric authentication to secure sensitive data.
The above technologies go a long way in making a computer secure without sacrificing a lot of usability and as long as we remember that no technology is perfect and supplement the computer checks with human overseers we can have a reasonably secure computer with safeguards that notify the proper authority when an unlikely system breach occurs.