Unit 8 IP
Futuring and Innovation 2
Michael Pry
Colorado Technical University
CS875 Futuring and Innovation
Unit 8 IP
Dr. Calongne
October 9, 2022
Sociotechnical Plan for Implantable Biometric Identification – Part 1
Introduction:
In every society, there is a need for its citizens to be able to identify themselves. This is driven by the need for individual accountability for their actions to differentiate the group members from one another and regulate access to resources. In the field of cybersecurity, personal identification falls under the domain of access controls. "Access control is a way of limiting access to a system or physical or virtual resources. In Computing, access control is a process by which users are granted access and certain privileges to systems, resources, or information (Techopedia, 2017)." With this definition, the purpose of access controls is understood as a way of limiting access to resources, otherwise known as control of access. In cybersecurity, we control access to resources to provide for the confidentiality of data so that only those with a right to see it can see it. We also provide control of access to data so that we can provide for integrity. With access controls, the integrity of data is maintained by preventing unauthorized changes to the data. Access controls also provide for accountability. Information technology-based access controls are supported through a logging process, which documents user actions and records a date and time of those actions, providing a future audit trail should it be needed. Access controls also apply to physical structures. The rights to enter a building and gain access to a room, vehicle or other physical resources must also be controlled. "In access control systems, users must present credentials before they can be granted access. In physical systems, these credentials may come in many forms, but credentials that can't be transferred provide the most security (Techopedia, 2017)." Access controls are necessary for information technology or physical resources to ensure the security of assets, an orderly and well-regulated workplace, and society as a whole.
Access controls have many forms, including a user id, a unique identification made up of letters and numbers used to tell people or systems apart from one another and assign roles and rights. The user id is the central construct in access rights management. A user id is commonly paired with another secure identifier such as a password (something that I know), a unique swipe (something that I do), or a biometric identifier such as a fingerprint, retina scan, or facial image (something that I am) (Maayan, 2020) The combination of the user id and password is used to authenticate and authorize an individual with access to a system and its resources. An emerging methodology of using multifactor authentication is now being added to using a user id and password as another way to authenticate a user further and reduce the risk of compromised credentials. Modern access controls have become reliant upon the user id, password, and multifactor authentication process to validate users and control access to resources. However, a problem exists in this model: users forget their passwords, have their passwords compromised by hackers and resist adopting what is perceived as additional complexity with multifactor authentication.
A future innovation that may have the promise of solving the problem of users remembering their user id's for multiple systems, remembering their passwords, creating passwords that are strong enough to resist a brute force attack and to overcome the perceived added complexity and inconvenience of multifactor authentication is the "human microchip implant" with multifactor biometric identifiers using a single sign-on passwordless model of identification, authorization, and access control. To provide a name to this future innovation which is a composite of current technologies supplmeneted with future technologies, we will call it Prydentification. The Prydentifciation technology has the vision of using an implantable microchip placed in a person's right forearm. This microchip would use radio frequency identification (RFID) technology to read the encoded user id from the microchip. The user id would be a form of digital certificate cryptographically generated from a person's DNA molecule (Kar,2018). When a person needs to sign into a computer system or enter a building, they will pass their arm near an RFID reader, which will pull their user id, and then the system will scan their face to authenticate them to the system to authorize their access. For information technology systems, the process will take another step and combine the MAC address from the person's computer to generate a secure token that will be used to sign them securely into all applications and processes they are permitted to use. Their PC's MAC address will serve as a form of multifactor authentication and allow the creation of a passwordless system. The MAC address will be compared to a table of permitted MAC addresses maintained by the system administrator. Prydentifcation credentials will be authorized to use all approved systems when used in conjunction with the users. The future innovation of Prydentifcation access control will revolutionize access controls for the modern era by eliminating user frustatation with the current model and through improved security controls that will be resilient to any attack.
Scope:
The Prydentication innovation will contain the following features.
1. The use of human microchip implants for storing user identification information. This feature will benefit end users by eliminating the need to remember multiple user identification names, and it will help system administrators by eliminating the risk of forged credentials.
2. Using a cryptographically calculated digital certificate based on the user's DNA molecule. This will create a unique user id that cannot be guessed or calculated by a hacker and will help assure the end user's positive identification for logging and accountability. It will eliminate sharing user IDs and passwords, which currently reduces the effectiveness of modern access controls.
3. For information technology systems, using the end user's computer's MAC address in creating the single sign-on token and combined with the user's digital certificate will further contain the authorization to access resources to only known and trusted individuals using only known and trusted devices.
4. One significant limitation of this model is that it assumes the end user will always be using a known computing device where the MAC address has been added to the authorized database. It would eliminate a person's ability to use other devices to access resources.
Purpose:
The Prydentification technology is needed to provide for improved cybersecurity access controls, improve the users experience with security, and address emerging risks of compromised user credentials.
Supporting Forces:
The forces that would support the adoption of the Prydentificaiton system include the following:
1. It would address end users frustration in remembering multiple user ids and passwords.
2. It would eliminate the need for individuals to carry identification cards
3. The technology already exists in many forms, and this model would adapt to existing and proven technologies.
4. Successful experimentation has already occurred related to human implantable chips.
5. Cybersecurity breaches have been increasing over the years and compromised user creditentials is one of the top reasons these breaches have been successful. The Prydentifcation model would eliminate the risk of compromised credentials and end the volume of security breaches that affected the world.
6. The Russian War in Ukraine and the Russian use of cyberwarefare has significantly elevated the United States focus on preventing cyber attacks through improved user credentials and multifactor authentication controls. This model would further carry that mission forward when the risk is perceived as high, and the response to the risk is perceived as inadequate.
Challenging Forces:
The most challenging aspect of the Prydentifcation model is the use of human implantable chips. There are three known challenges to using microchip implants: society, business, and technology. Concerning the technology, it is not yet fully understood if the chips could be hacked and data extracted, thus compromising the chip. The impact on health and having a chip placed in our body has not been studied enough to know if there are any long-term consequences (OpenMind BVA, 2021) . The second relates to business and how businesses use chip data to deliver business and employee productivity insights. The risk of employee privacy and people's response to having their employer require the implanted chip may have socio-economic consequences (OpenMind BVA, 2021) And finally, there is society. Community members are expected to have concerns about their personal privacy and security. Goverments such as the California State government have already enacted laws such as the CCPA or "right to be forgotten" provision, which may add new rules for the use of this type of technology and how the data collected from it can be stored, used, and shared (OpenMind BVA, 2021). The formidable forces of this model are many. With all of the moving parts, including the perceptions and fears of society and the response to government regulations, there will be many challenges to overcome between the vision of this product and its successful adoption.
Methods:
To begin to uncover the response society may have with the use of the Prydentifcation technologies, a research study should be performed. The Nominal Group Technique would be a valuable methodology to uncover societal perceptions of using the Prydentification technology. From a research perspective, it would be helpful to know if people would embrace or resist implanting a chip into their arm. To gather these perceptions, the Nominal Group Technique would provide for gathering the input of all identified focus group members. NGT is useful when some group members are more vocal than others when some prefer to think and respond in silence, when there is a risk that some group members may not participate, and when the issue is controversial and heated conflict is expected (ASQ, 2022).
References
ASQ. (2022). What is Nominal Group Technique? Retrieved from ASQ.org: https://asq.org/quality-resources/nominal-group-technique
Kar, D. M., Ray, I., Gallegos, J., & Peccoud, J. (2018, August). Digital signatures to ensure the authenticity and integrity of synthetic DNA molecules. In Proceedings of the New Security Paradigms Workshop (pp. 110-122).
Maayan, G. (2020). 5 User Authentication Methods that Can Prevent The Next Breach. Retrieved from ID R&D: https://www.idrnd.ai/5-authentication-methods-that-can-prevent-the-next-breach/
OpenMind BVA. (2021, April 05). Technology Under Your Skin: 3 Challenges of Microchip Implants. Retrieved from BBAOpenMind.com: https://www.bbvaopenmind.com/en/technology/innovation/technology-under-your-skin/
Techopedia. (2017, November 29). Access Control. Retrieved from Techopedia.com: https://www.techopedia.com/definition/5831/access-control
Sociotechnical Plan for Implantable Biometric Identification – Part 2
Models:
Analytical Plan:
Anticipated Results:
Conclusion:
Areas of Future Research:
References
Comments
Post a Comment