The present invention relates to security associated with digital devices. More particularly, but not exclusively, the present invention relates to using analog properties of communications associated with digital devices for security purposes. Three general areas of security concerns include digital forensics, intrusion detection, and authentication.
Digital Forensics is a growing field that deals with investigating and prosecuting crimes involving digital storage media and devices. Current methods require that the illicit interaction left a record on the subject device's storage device and that the user had not erased said record.
Intrusion Detection (ID) is the automatic detection of a policy violation in a computer system or network. The subject of ID is widely studied at the layers above the physical layer and in host operating systems and applications. In particular, it is believed that in the 1990s such work was being done in the context of cell phones. However, we are unaware of published work in intrusion detection for consumer security devices. ID is based on the notion of detecting signatures of specific attacks (misuse detection) or detecting variations from a behavior profile of a subject (anomaly detention).
Authentication is the verification of a claimed identity. Traditional authentication involves managing secrets such as passwords or private keys that are later verified. This creates a significant level of administrative overhead in managing keys, key revocation, and/or passwords. Furthermore, if the secret is somehow compromised, the authentication method is compromised until new secrets can be chosen and distributed.
Examples of these security issues are apparent when one considers modern local area networks (LANS). It should be appreciated that the present invention is not limited to use in network devices, however, a discussion of some of these security issues in the context of networks is believed to be helpful in understanding the effect of these security issues. LANs lack strong identification/authentication of devices. Networks are considered to be too easy to connect to. Some network devices use a Media Access Control (MAC) or hardware address associated with the card to ensure that intruders do not substitute devices, but these are trivially defeated by changing the hardware address on the intruding card. In addition, MAC addresses (as well as IP addresses) are notoriously spoofable. Thus, it is difficult to prove that a particular device was involved in an attack.
The growing use of wireless access points adds to the security issues. Wireless access points tempt users to open internal networks to the world and greatly simplify spoofing, making spoofing as easy as “point and click.” Moreover, existing wireless access points are often deployed “out of the box’ without security features turned on. By one measure, approximately 60 percent of wireless access points are insecure.
Thus, there are numerous problems associated with LAN identity and assurance management. These include detecting unauthorized devices on the network, forensic linkage of devices to records, authentication of device identity, and detection of pending failure/degradation of devices.