When first discovered in 2010, the Stuxnet computer worm posed a baffling puzzle. Beyond its unusually high level of sophistication loomed a more troubling mystery: its purpose. Ralph Langner and team helped crack the code that revealed this digital warhead’s final target — and its covert origins. In a fascinating look inside cyber-forensics, he explains how.
Ralph Langner is a German control system security consultant. He has received worldwide recognition for his analysis of the Stuxnet malware.
Identity card issued by the employer is the typical mechanism to identify an employee. However, verifying each and every card presented by personnel requires a dedicated person or an automated system. Credentials, such as an identity card, are more effectively verified using an automated system. However, most of the verification systems are incapable of verifying if the person who presented the credential is actually its owner. Similar is the case where passwords or PINs are used as credentials.
Buddy punching, otherwise known as ghost punching or proxy punching, is an activity where tardy and absent employees will have their co-workers “punch” the time clock for them. This activity alone will significantly impact the profitability of a company that ends up paying wages of employees who never showed up for work. The company not only get ripped off, but the entire operation may be degraded by a shortage of personnel.
There is always a chance of sharing any type of information or material, which the employee is required to know or carry, granting unauthorized access to employer facilities. Use of biometrics will avoid such chances as the verification of the credential is what the employee is – not on what they know or have. Fingerprint, hand print, face, and eye are some of the popular biometrics used for personnel identification.
Passwords and personal identification numbers (PIN) are information that we need to remember since the day we started interacting with digital systems. Do we know the count of passwords we need to remember? Do we know if we forgot a password already? Some of these passwords also known as passphrase are long to remember that we need to come up with a pattern to create such passwords. We sometimes rely on tools such as a sticky, PDA or text file to store these lists of passwords.
Would it be easy to identify yourself as if you are been seen by another individual acknowledging their acquaintance with you? That’s exactly what a biometric authentication technology does. It uses a physical or psychological trait that the individual always has with him or her for identification and/or authentication.
In this system, the physical or psychological trait of an individual is measured, recorded and quantified to obtain a biometric enrollment. The system can be sure to a degree of certainty that a person is who he/she claims to be based on this initial enrollment. A template, which is a long string of alphanumeric characters that describes the characteristics or features of the person, is created at each enrollment based on a biometric algorithm. The algorithm that translates physical traits to a digital representation is called the biometric algorithm. The algorithm also allows matching of a newly created template (live template) with that of the initially created one. If the matching is not closed enough, the person will not be verified.