The chaos theory, a mathematics discovery first observed in the second half of the 20 century, aims to explain or even give some predictability to complex systems.
At first glance, the chaos theory resembles most mathematical discoveries—a theoretical pursuit. Yet by using these chaotic systems, mathematicians find patterns (i.e., fully predictable mathematical models) named strange attractors.
The chaos theory also identifies dimensions of space that are no longer whole, named fractals. These infinite replications of the same design are found everywhere in nature (e.g., blood vessels, broccoli flowers and mountain ranges).
The chaos theory is used in weather forecasting, economics, to explain how brain cells increase and in IT cryptography. Introducing chaotic processes in technology may help address security challenges.
The chaos theory concepts can be used to and optimal solutions to critical security problems in information systems such as identity theft and counterfeiting and make information systems more secure.
This can be illustrated through the example of a new electronic identification card. This card integrates chaotic processes in all aspects of its operation and design. It accounts for erratic microcircuits cabling, defects in the physical structure and multifrequency variations.
The chaos theory concepts can be used to
End optimal solutions to critical security problems in information systems such as identity theft and counterfeiting and make information systems more secure
To strengthen and test the idea of digitalizing chaos to protect personal data and machines (e.g., PCs, planes and drones) from any accidental or malicious manipulation or to guarantee authenticity (e.g., for medicines, wines and perfumes), researchers designed a computer containing algorithms and chaos logic circuits that allow it to function according to the chaos theory.
This computer is a polymer chip card with the dimensions of a credit card. The card stores the genetic, biometric and birth date data of a new born child. This card will be an integral part of the life of its owner (from birth to death) and will help the owner to identify and authenticate his or her identity during certain crucial activities where the con? dentiality, integrity and availability criteria are mandatory. The chip is fabricated with a stable polymer that is inalterable and immutable by temperature or time.
It is impossible to use sight and touch to distinguish between chip cards. If the cards are scanned with a laser beam of a few microns in diameter, differences are revealed. The scan shows that the chip cards have bumps and hollows. In addition, the machine that inserts the chip on cards varies the chip placement.
For example, the chip of card 1 is placed 10 microns from the right side of the card, the chip of card 2 is placed 11 microns from the right side of the card and the chip of card 3 is placed at 12 microns from the right side of the card.
These slight variations, undetectable to the naked eye, strengthen the uniqueness of each card. The machine that produces these cards can further strengthen their uniqueness by registering their creation time.
The genetic and biometric data of a new born child are recorded and analyzed by an authentication server (AS) that stores information about the physical characteristics of the card, the child’s genetic and biometric data, and date of birth to the nearest millisecond. This AS is the property of the government and should be replicated throughout some government o? ces, such as hospitals and embassies. The chip card communicates with this AS each time this child’s identity must be authenticated. The biometric fingerprint and genetic (DNA) data are more than enough to authenticate the identity of the child.
A name or a Social Security Number (SSN) must be added to the card, but this information would not allow someone to conduct a fraudulent transaction by posing as this person. Furthermore, the name and SSN of the person should be printed on the card because this is the only way of distinguishing the cards during mass data collection. Because the genetic and biometric data are collected and analyzed on micron scales, they cannot be reproduced.
The examination and storage of this phenomenal amount of information at these microscopic scales is possible due to the ability to save terabytesof data in smaller and smaller volumes. One of the weaknesses of biometric-based security systems is that the data come from a sample that has been digitalized. The case is different for the researchers’ proposed system.
The machine detects the relief (the surface roughness) of the card. Referring to layer 1 of the Open Systems Interconnection (OSI) model, the physical characteristics of the system (the card and the AS working together) are not limited only to electronic ci rculation or bandwidth.
The machine’ s authentication server checks the initial roughness on a card to be certain that it is the same card that it analyzed initially and kept in memory.
If the machine does not and the same topography, it refuses to Addressing Weaknesses with Biometric Security authenticate the transaction. Because this roughness is digitized (e.g., 1 indicates a hump, 0 indicates a hollow), this information is part of the encryption process or the key to decoding useful information. This roughness does not exist in current systems. The decoding ability ensures the system’s inviolability.
Indeed, a man-in-the-middle exploit can still use a classic or quantum compiler, but it will never be able to determine if the bit that is isolated constitutes part of the physical medium of the information or represents a part of the information itself. Before authorizing any transaction, the server veri? es if a card, with intrinsic physical characteristics and all the information stored on it, is part of its database.
The slightest space-time discrepancy results in the rejection of the transaction. This interaction between the card and authentication server takes place at the level of the physical layer of the OSI model. Other communication and upper-layer transport protocols are only considered after this unavoidable physical contact. In addition to these explicit parameters, other patterns that are undetectable by human understanding and invisible to human senses are stored on the authentication server.
Using the researchers’ proposed card to make a withdrawal from an automated teller machine (ATM) is a simple example to show the computer’s chaos theory functionality. Figure 1 shows how the researchers’ proposed red card (next to the person’s left hand) is used to make an ATM withdrawal: ·The input is the customer-entered data (black bits). Other data (coloured bits) are added to the transaction (card physical characteristics.
All the tools (e.g., algorithms, circuits) to realize this digital card are currently under study. Theoretically, some are already designed. This card is designed to protect the user against identity theft and counterfeiting.
It uses unique and inviolable data. The card’s imprint, the spatio-temporal landmarks, and the genetic and biometric data of the owner are closely linked. By backing up these data on centralized authentication servers and on the card, the biometric and genetic data of the user are prevented from being in the wild or being handled dishonestly or uncontrollably by unauthorized and unknown people.
Some say that the proposed system will never be tamperproof, but its goal is not to eradicate cybercrime. The goal of the system is to reduce fraud. Unlike existing systems, the probability of impunity (committing fraud and going unnoticed) becomes almost nil with the proposed system and building systemswith chaos theories in mind can help reduce the likelihood of fraud.