[Log In] []

Exploring the science and magic of Identity and Access Management
Friday, March 29, 2024

Encryption Games at the Cyber Command

General
Author: Mark Dixon
Thursday, July 15, 2010
7:05 pm

It is was fitting today that as I studied the subject of encryption in preparation for my CISSP exam, I stumbled upon information about the newly-formed United States Cyber Command, a US armed forces sub-command subordinate to United States Strategic Command. The command was officially activated May 21, 2010 and is slated to reach fully operational readiness by October 2010.

The Cyber Command:

“ … plans, coordinates, integrates, synchronizes and conducts activities to direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries."

Defense Secretary Robert Gates, stated in the official June 23rd announcement:

“Cyberspace and its associated technologies offer unprecedented opportunities to the United States and are vital to our nation’s security and, by extension, to all aspects of military operations. Yet our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security. To address this risk effectively and to secure freedom of action in cyberspace, the Department of Defense requires a command that possesses the required technical capability and remains focused on the integration of cyberspace operations.”

OK.  This sounds like a good thing to do.  But what was really intriguing and fitting for me today was to learn that the command’s handsome new emblem contains an encrypted message its inner gold ring: 9ec4c12949a4f31474f299058ce2b22a.

image

Can you figure out what it means?  The Wikipedia article for the command states:

“The text "9ec4c12949a4f31474f299058ce2b22a", which is located in the command’s emblem, is the MD5 hash of their mission statement.”

This is consistent with a statement from a command spokesman quoted in an article by John Cook of Yahoo! News.  However, something is not quite right.  John explained:

“We tried encrypting that entire statement using an MD5 hash generator, and we didn’t get a match to the logo code. So it looks like just a portion of the statement has been encoded.”

Wired Magazine has launched a contest to see who can crack to code.  Can you do it?  You can win a t-shirt from Wired or a ticket to the International Spy Museum.

Even better, rumor has it that the Cyber Command wants to hire 1,000 new cyber specialists over the next few years.  Maybe this game is part of the recruitment process.

Or … maybe this will remain another obscure mystery destined to someday being mentioned in a novel by Dan Brown.

Comments Off on Encryption Games at the Cyber Command . Permalink . Trackback URL
 

Kerberos, the CISSP Mascot

General
Author: Mark Dixon
Thursday, July 15, 2010
5:21 pm

I think that Kerberos (or Cerberus), the three-headed dog from Greek mythology that guards the gates of Hades, ought to be proclaimed the mascot of the CISSP exam.  I think studying for the exam (including Kerberos, the computer network authentication protocol) is going to eat me alive.

image 

Technorati Tags: ,,
 

National Strategy for Trusted Identities in Cyberspace

Identity
Author: Mark Dixon
Thursday, July 15, 2010
8:52 am

imageOn June 25, 2010, the US Federal Government released a draft document entitled, “National Strategy for Trusted Identities in Cyberspace.” This document proposes a strategy that:

… defines and promotes an Identity Ecosystem that supports trusted online environments.  The Identity Ecosystem is an online environment where individuals, organizations, services, and devices can trust each other because authoritative sources establish and authenticate their digital identities. 

The Identity Ecosystem enables: 

  1. Security, by making it more difficult for adversaries to compromise online transactions;   
  2. Efficiency based on convenience for individuals who may choose to manage fewer passwords or accounts than they do today, and for the private sector, which stands to benefit from a reduction in paper-based and account management processes; 
  3. Ease-of-use by automating identity solutions whenever possible and basing them on technology that is easy to operate with minimal training;
  4. Confidence that digital identities are adequately protected, thereby increasing the use of the Internet for various types of online transactions; 
  5. Increased privacy for individuals, who rely on their data being handled responsibly and who are routinely informed about those who are collecting their data and the purposes for which it is being used;
  6. Greater choice, as identity credentials and devices are offered by providers using interoperable platforms; and  Opportunities for innovation, as service providers develop or expand the services offered online, particularly those services that are inherently higher in risk;

The strategy proposes four primary goals and nine actions to implement and promote the Identity Ecosystem:

Goals

  1. Develop a comprehensive Identity Ecosystem Framework
  2. Build and implement an interoperable identity infrastructure aligned with the Identity Ecosystem Framework
  3. Enhance confidence and willingness to participate in the Identity Ecosystem
  4. Ensure the long-term success of the Identity Ecosystem

Actions

  1. Designate a Federal Agency to Lead the Public/Private Sector Efforts Associated
    with Achieving the Goals of the Strategy
  2. Develop a Shared, Comprehensive Public/Private Sector Implementation Plan
  3. Accelerate the Expansion of Federal Services, Pilots, and Policies that Align with
    the Identity Ecosystem
  4. Work Among the Public/Private Sectors to Implement Enhanced Privacy
    Protections
  5. Coordinate the Development and Refinement of Risk Models and Interoperability Standards
  6. Address the Liability Concerns of Service Providers and Individuals
  7. Perform Outreach and Awareness Across all Stakeholders 
  8. Continue Collaborating in International Efforts 
  9. Identify Other Means to Drive Adoption of the Identity Ecosystem across the
    Nation

The Strategy Document doesn’t discuss any specific technologies, but rather, addresses the needs and general concepts required for a national Identity Ecosystem.

If you would like to make public comments on the strategy, a good place to visit is this IdeaScale page hosted by the Department of Homeland Security. Reading comments from other parties on that page is quite interesting.

In other areas of Cyberspace, the reactions to this strategy are mixed.  For example, an active proponent is my friend Dazza Greenwood, who encourages everyone to become familiar with the strategy and actively give feedback:

At the other end of the spectrum is a blogger, Arnold Vintner, whom I do not know, who shares a much more pessimistic view. In his post, “Obama Administration Moves to Reduce Online Privacy,” Mr. Vintner opines:

The Obama administration is proposing a new identity management system for the Internet which is calls “Identity Ecosystem.” This new system will replace individually managed usernames and passwords with a taxpayer-funded federally-managed system.

The scheme is outlined in the National Strategy for Trusted Identities in Cyberspace. The planned system will tie together all of your accounts into one national online identity.  This will enable the federal government to easily track all online activity of every American.

The system will start with the federal government requiring the ID’s for use in accessing federal web sites — such as for filing your taxes online.  The federal government will then force businesses to adopt the system, starting with banks and credit card companies and slowly spreading to encompass the entire online environment. Once fully implemented, Internet users will no longer be able to comment anonymously on blogs or web forums, because all online identities will be verified with the U.S. government.

Where do you stand?  I personally like the idea of public dialog on this issue and the call for public and private entities to participate in a solution.  I look forward to giving feedback and tracking progress.

 
Copyright © 2005-2016, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.