Forged credentials and security

March 2006 News

Verifying credentials is a difficult task. Here is a real story about that very problem: (see full story at http://www.suntimes.com/output/news/cst-nws-fake08.html)

When Frank Coco pulled over a 24-year-old carpenter for driving erratically on Interstate 55, Coco was furious. Coco was driving his white Chevy Caprice with flashing lights and had to race in front of the young man and slam on his brakes to force him to stop.

Coco flashed his badge and shouted at the driver, Joe Lilja: "I am a cop and when I tell you to pull over, you pull over, you -----!"

Coco punched Lilja in the face and tried to drag him out of his car.

But Lilja was not resisting arrest. He was not even sure what he had done wrong.

It was only after Lilja sped off to escape - leading Coco on a tyre-squealing, 90-mph chase through the southwest suburbs - that Lilja learned the truth.

Coco was not a cop at all, he was a criminal.

There is no obvious way to solve this. This is some of what I wrote in Beyond Fear:

Authentication systems suffer when they are rarely used and when people are not trained to use them.

Imagine you are on an aeroplane, and Man A starts attacking a flight attendant. Man B jumps out of his seat, announces that he is a sky marshal, and that he is taking control of the flight and the attacker. (Presumably, the rest of the plane has subdued Man A by now.) Man C then stands up and says: "Do not believe Man B. He is not a sky marshal. He is one of Man A's cohorts. I am really the sky marshal."

What do you do? You could ask Man B for his sky marshal identification card, but how do you know what an authentic one looks like? If sky marshals travel completely incognito, perhaps neither the pilots nor the flight attendants know what a sky marshal identification card looks like. It does not matter if the identification card is hard to forge if the person authenticating the credential does not have any idea what a real card looks like.

Many authentication systems are even more informal. When someone knocks on your door wearing an electric company uniform, you assume she is there to read the meter. Similarly with deliverymen, service workers, and parking lot attendants. When I return my rental car, I do not think twice about giving the keys to someone wearing the correct colour uniform. And how often do people inspect a police officer's badge? The potential for intimidation makes this security system even less effective.





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Consumer robotics is a market in transition
September 2019 , Home Security, News
ABI Research says smart home integration will drive consumer robot shipments into the home to the tune of 39 million units per year by 2024.

Read more...
TAPA: The role of an effective treasury function in business risk management
June 2019, Technews Publishing , News
Neil Le Roux, the Founder of Diligent Advisors will speak at the TAPA SA (Transported Asset Protection Association) annual conference on 26 July 2019.

Read more...
From the editor's desk: More things change
September 2019, Technews Publishing , News
Welcome to the CCTV Handbook 2019. This year’s handbook breaks a long tradition of publishing the handbook in the first half of the year by releasing it along with the October issue of Hi-Tech Security ...

Read more...
From the editor's desk: Six-and-a-half impossible things
October 2019 , News
When it comes to people named Alice, there are two that are noteworthy in the greater scheme of things and specifically when it comes to security in South Africa. Interestingly enough, they both faced ...

Read more...
Invixium and Pyro-Tech partner in South Africa
October 2019 , News, Access Control & Identity Management
Invixium, a manufacturer of IP-based biometric solutions and Pyro-Tech Security Suppliers have announced a new distribution partnership.

Read more...
Hikvision achieves ISO 28000:2007 certification
October 2019, Hikvision South Africa , News
Hikvision has announced its ISO 28000:2007 certification, marking a further strengthening of the company's supply chain security assurance.

Read more...
SALTO Systems SA partners with Training Ninja
October 2019, Salto Systems Africa , News, Training & Education
SALTO Systems has partnered with Training Ninja to extend its training footprint to the coastal regions of South Africa.

Read more...
Duxbury partners with TVT
October 2019, Duxbury Networking , News, CCTV, Surveillance & Remote Monitoring
Duxbury Networking has announced its new partnership with TVT Digital Technology to provide South African resellers and customers with a wider range of options for surveillance equipment.

Read more...
Mallett appointed as Elvey sales director
October 2019, Elvey Security Technologies , News
Ernest Mallett has been appointed as sales director of the Elvey Security Technologies group of companies.

Read more...
Three words that could save your life
October 2019 , News
Technology company what3words has mapped the world into a grid of 3m x 3m squares, and given each one a unique what3words address.

Read more...