IOTA: A Key Ingredient of The Definitive Solution to the Cyber Identity Crisis
Cyber Security is failing because of two fundamental issues: holes and identities. When you hide within a castle with a thousand gates then it is human nature to neglect a gate or two, and leave them open for the bad guys to sneak in. This is a matter of paying attention, alertness and thoroughness. Identities though, are a different matter. In cyber space, unlike in physical space, the identity of players is reduced to a string of bits of a rather small and fixed size. Once a bad actor gets a hold of this identity string, he assumes the power to game the system, and nothing will stop him. It is all about credentials — if you fake them, you are in, and no amount of countermeasures expensive and expansive as they may be, will be of any help. This is the fundamental cyber identity crisis. The entire breadth of the science of cryptography is based on discriminating between a key holder and a non key holder. There is nothing in all the elaborate math of crypto algorithms that distinguishes between one whose key is rightfully owned, and the one whose key is skillfully stealed. And therefore, in a very fundamental way, to achieve cyber security we need to do something about the cyber identity crisis.
The problem with cyber identity is the fact that it boils down to a fixed number, or a fixed bit string: a name, a personal identification number, a password, a crypto key — all can be wrapped up into a single fixed natural number. If this number is guessed, or compromised then the thief can penetrate through the thickest wall into the most secret system where the theft victim has privileges.
It is therefore that in a very fundamental way, the best countermeasures are to render the cyber identity into an evolving dynamic entity. How do we ascertain human identity in the physical world? We recognize a friend by her behavior which is consistent with what happened between her and us earlier. If Frida, the fraudster, would use makeup and wear a toupee so she looks like Alice, then her looks might confuse you. But when you mention to her the great laugh you had last week at the party, and she is clueless, then your suspicions will arouse. Let’s emulate the same idea of an evolving identity in cyber space. We need a structured way to allow identities to evolve so that stealing once, a fixed identity number will not be good enough. Such evolution amounts to an ever growing identity string, where the growth reflects the behavior of identity subject as monitored by its peers. Does this sound familiar? A growing string sanctioned by peers is what the much discussed blockchain concept is all about. And similarly we need means to compress, hash the strings, and most importantly, we need to prevent a small subset of colluding peers to steal identities by growing a falsely evolving identity string. It is this need which the famous Nakamoto solution has some issues with, that we need to be very careful about. Which is where IOTA comes in. A more flexible, more versatile solution. And most importantly, IOTA is embryonic, it is shapeable to meet its various challenges. We at BitMint see IOTA as a promising platform to carry on it our vision of universal frictionless tethered money, and we wish to join forces with creative others to specify a protocol for dynamic identities that will tip the scale from cyber insecurity to cyber security.