Ultra Paranoid Computing
Much as I complain about some TV documentaries being dumbed down (for example, showing a clip of an explosion every time the presenter mentions The Big Bang in case you can't remember what an explosion looks and sounds like), I have to admit that a recent episode of the BBC Horizon series was an excellent in-depth examination of the latest nightmare scenario.
"Defeating the Hackers" explored two recent high-profile cases in detail; the hacking of Wired journalist Mat Honan, who had all of his online presence infiltrated, and the Stuxnet attack on Iran's nuclear plant. It also explained in layman's terms how SSL encryption works, and how the ongoing development of quantum computers will render our current secure communication techniques obsolete.
Of course, anyone following the current events in regard to online privacy and government access to our personal data will already be wondering if there is any security left. Or risk travelling through a UK airport where it seems that all of your digital belongings are open to detailed examination and confiscation. But that's another story.
Anyway, getting back to the Horizon documentary, most of the topics are probably well known to most IT people. But there was one that I hadn't come across before: Ultra Paranoid Computing. It's obviously not a mainstream topic. Wikipedia doesn't know about it and there's little on the web. However, I did find one article on the National Science Foundation site that covers the same ground as the TV program.
Ultra Paranoid Computing attempts to deal with the scenario where every other computer on the planet has been taken over by malware (I guess that's where the "ultra-paranoid" bit comes in – I thought I was a paranoid but I never considered this one). As well as the nightmare scenario of all of our utilities (water, electricity, gas, telephone) being hacked and disrupted, and global finance being completely broken, we need to protect ourselves by finding a way to securely identify users and other computers.
However, all of the techniques we currently use for this can, they say, be defeated. The new quantum computers will crack passwords and certificate keys instantly, and be able to read encrypted data. Even fingerprints and retina scans can be imitated, the program suggested, and so a new way of identifying ourselves - which cannot be replicated - is required.
The NSF article mentions an approach called Rubber Hose Resistant Passwords. I couldn't help getting visions of trying to log on with an elastic stocking by waving a leg in front of some specialist detector, but I'm going to assume that's not the case (I couldn't get the video that explains it to play). But typically our identity will need to be confirmed by some technique that makes use of physical attributes.
In the TV program, they showed an interesting approach using the guitar from the Microsoft Xbox 360 Guitar Hero game. You play a tune several times until the computer has built up a pattern of your timing, mistakes, and responses; and this becomes your physical passkey. You just need to play the same song again (in exactly the same way, of course) to log in. Maybe companies will have a central guitar station where you go to sign into the network every morning. Or, more likely, everyone will turn up for work disguised as an itinerant rock star with a guitar slung across their back, like they showed in the program.
Talking of disguises, I suppose I should keep up my usual tradition of helping to publicize the results of the best joke competition at this year's Edinburgh Festival. Jack: "I'm thinking of going to a fancy dress party disguised as a Mediterranean island." John: "Don't be Scicily!"
Meanwhile, I wonder if I can put in for promotion from just being paranoid to being "ultra-paranoid." Though I doubt it comes with a pay raise...