What’s in a Name?

##AUTHORSPLIT##<--->

A lot more than there used to be. In today’s high-tech educational environment, theprocess of creating and securing network identities is more problematic than ever.

PETER STEINER CAPTURED the essential problem of identity in the electronic age with his 1993 New Yorker cartoon that showed two dogs in front of a computer, with the caption, “On the Internet, nobody knows you’re a dog.” In the popular Ender Wiggins series of science fiction books, brilliant kids pretend to be adults in online political discussions. But on thedarker side, adults on the Web can pretend to be kids.

In an era of ubiquitous computers and networks, issues of identity as they impact security have become critical. How do you know if a user is who he claims to be, or if he has a rightto the resource he is trying to access?

Identity management (IdM) is the new term that applies to these questions, and it’s relevant to situations ranging from getting money from an ATM to enrolling for classes. IdM hasfour underlying components:

  • Identification: your name or network/system identifier
  • Authentication: proof you are who you say you are
  • Authorization: which resources you have permission to access
  • Directory: information about you and what you are allowed to do per the system settings

Choosing an Identifier

At the core of identity is a name. Historically, single names such as John evolved into first and last names such as John Doe, and more recently into unique identifiers such as Social Security numbers. Unfortunately, the use of SSNs as identifiers creates identity-theft risks and privacy concerns, and doesn’t translate well to educational settings. We’re left with a need for a new identifier for students, faculty, and staff, onewith the following characteristics:

  • It’s unique within the largest population set in which it is used. In other words, if there are two Jane Smiths in a school district, they should have different identifiers.
  • It cannot be used to facilitate identity theft or in other ways that violate individual privacy rights.
  • It’s easy to remember. Some schools assign each student a unique but easy-to-remember ID and password that maps to another unique but more complex multidigit identifier used in the background by computer systems.
  • It’s scalable in the event of population-set growth. Early e-mail addresses such as [email protected] worked just fine until everyone on campus started using e-mail.

Now Prove It

Education involves multiple authentications. For example, a parent enrolling a child in school may have to present thechild’s birth certificate and her own driver’s license.

Although the details can get complicated, there are only three ways to prove identity: by something we have (a key or a birth certificate); something we know (a password); or somethingwe are (a photograph or fingerprints).

Something we have is used in education in two ways. First, items such as a child’s birth certificate and a parent’s driver’s license are used to establish a student’s identity initially. Subsequently, things such as a key or an ID card are used to establish identity before a student can gain access to something. Whether it’s an old-fashioned metal key or a high-tech token, the advantage of “something we have” is convenience; the disadvantage is that it can be lost, stolen,or forged, and then used by someone else.

Something we know usually takes the form of a password. Passwords are inexpensive but can be forgotten, and they can be stolen while being transmitted over a network. Plus, we tend to pick passwords that are easy to remember—and can be easily guessed by hackers or password-cracker programs. Passwords are safer if: they have at least eight characters with a mix of letters, numbers, and special characters; theyare not written down; and they are changed regularly.

Something you are is the oldest authentication technique. Facial recognition has been used to identify people for thousands of years. The last few years, however, have seen the emergence of relatively low-cost electronic devices that use biometrics or an individual’s physical characteristics to establish identity. Through eye scans, voice analysis, facial scans, DNA analysis, fingerprint scans—even keystroke dynamics or hand geometry—such devices can confirm anindividual’s identity with about 70 to 100 percent accuracy.

Technology Trends and Next Steps

The greatest challenges in identity management are procedural, not technical. For example, the verification of a student’s identity at the time of enrollment is complicated by the fact that birth certificates are not standardized nationally, let alone globally. While issues such as these go beyond what an individual school board or administrator can address, schools need to consider a few prevailing technologytrends as they decide how to meet local needs.

The increased use of two-factor authentication. For example, to get money from an ATM, you need to swipe your card— something you have—and enter a PIN—something you know. In an educational environment, a student’s ID card, like an ATM card, stores data and works with a PIN. But if the PIN and the information on the card are fraudulently captured during use, that data can subsequently be used for unauthorized access. Nevertheless, simple two-factor authentication is a compromise between rigorous security on the one hand, andconvenience and reasonable cost on the other.

The increased use of “smart cards.” Smart cards make use of more-sophisticated two-factor authentication schemes. In one scheme, the host computer system and the user share a secret password. The host computer sends a number (the“challenge”) to the user. The user then encrypts the challengenumber with the shared password using the smartcard and returns the result (the “response”) to the hostcomputer. The host computer independently encrypts thechallenge and compares the result with the user’s response.If the two agree, the user is given access. Even if the informationis captured during transmission over the network,the system remains uncompromised. The big drawback ofsmart cards is their cost—$60 to $100 per person—andthe cost of supporting a more complex infrastructure.

The increased use of biometrics. Fingerprint and retinal scanners are no longer merely the stuff of science fiction novels. Now they are used to speed kids through lunch lines and to control access to nursery facilities. Cost and privacy concerns are the major drawbacks.

In making technology decisions, however, educators need to remember that there aren’t any one-size-fits-all solutions. What works for a large urban high school may not be appropriate for a small, rural elementary school. A healthy dose of common sense is in order. Throwing technology at hypothetical problems that may have minimal negative consequences makes no more sense than ignoring the serious identity-management challenges introduced by computers, networks, and the globalization of education.

Doug Gale is president of Information Technology Associates, an IT consultancy specializing in higher education.

Featured

  •  classroom scene with students gathered around a laptop showing a virtual tour interface

    Discovery Education Announces Spring Lineup of Free Virtual Field Trips

    This Spring, Discovery Education is collaborating with partners such as Warner Bros., DC Comics, National Science Foundation, NBA, and more to present a series of free virtual field trips for K-12 students.

  • glowing padlock shape integrated into a network of interconnected neon-blue lines and digital nodes, set against a soft, blurred geometric background

    3 in 4 Administrators Expect a Security Incident to Impact Their School This Year

    In an annual survey from education identity platform Clever, 74% of administrators admitted that they believe a security incident is likely to impact their school system in the coming year. That's up from 71% who said the same last year.

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • pattern of icons for math and reading, including a pi symbol, calculator, and open book

    HMH Launches Personalized Path Solution

    Adaptive learning company HMH has introduced HMH Personalized Path, a K-8 ELA and math product that combines intervention curriculum, adaptive practice, and assessment for students of all achievement levels.