Fake Mesh ID and your MUSE

Sat, 2012-11-03 08:29

#2

Arenamontanus Arenamontanus's picture

Keeping multiple false

Keeping multiple false identities separate requires a bit of planning: I would judge that characters without InfoSec are very likely to do things that break them. After all, just logging into some account belonging to ID1 while as ID2 is pretty strong evidence that the identities belong to the same person. You need to add an anonymization step somewhere. Second nature for the paranoid InfoSec person, but likely not for the ordinary guy. When you create a false ID I assume you will make a false ID for the muse too. It is likely not too hard: loads of AIs are created every day, all acquiring new public keys that are logged in vast databases. Creating a "new" muse with new keys for ID2 is not hard.

—

Sat, 2012-11-03 10:14

#3

GreyBrother GreyBrother's picture

I always assumed, that muses

I always assumed, that muses send from the general ID of the ego and don't need a fake ID seperately. I mean its a program that runs in your mesh inserts, so why wouldn't it?

Sat, 2012-11-03 15:02

#4

NewtonPulsifer NewtonPulsifer's picture

My character uses disposable

My character uses disposable ectos which he nanofabricates by the stack. EDIT: To elaborate, you hard-code your id access and accounts to/through the ecto. It makes oopsies less likely. Another way to reduce oopsies is to disable non-haptic interfacing so you don't make mistakes at the speed of thought. EDIT2: Ectos have a better radio than mesh inserts, too.

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Sat, 2012-11-03 15:01

#5

RustedPantheress RustedPantheress's picture

I think that MUSEs use the

I think that MUSEs use the same mesh ID as the person they're attached to. And it's easy to route through a disposable ecto that is generating false IDs and stealthing the signal.

—

Somebody is using bad science! Snark, facts, snark. Your body is corrupted: Cool, do more science to it. Your mind is warped: That's nice, want a cookie? What do we say to the God of Death? Not today!

Sat, 2012-11-03 16:41

#6

OneTrikPony OneTrikPony's picture

Sorry I've confused

Sorry I've confused Terminology [b]Mesh ID[/b] assuming it's something like an IP address, is apparently easily anonymized. (p 252) [b]Ego ID[/b](p.280) is more troublesome. How do you switch ID's without switching your muse? Can your muse' informorph be disguised to the point that it won't be recognized? And is that a simple or a complex thing to accomplish?

Arenamontanus wrote:
Keeping multiple false identities separate requires a bit of planning: I would judge that characters without InfoSec are very likely to do things that break them. After all, just logging into some account belonging to ID1 while as ID2 is pretty strong evidence that the identities belong to the same person.

This is exactly what I'm worried about. I had thought that the muse would be capable of doing all this for you. (One of the handy uses for the muse' infosec skill.) I'm pretty sure that most people actually never log on to their accounts because that's what muses do. While I can see some arguments for Muse/Mesh IP addy being the same, the mesh itself provides an argument against. If a muse must be tied to a single bit of dedicated hardware than an Infomorph must be also, and I don't think that's the case. If you believe that mesh architecture will ever exist you understand that it's not just a bunch of nodes sharing modems, it's distributed processing and memory (3rd gen, open, cloud computing). So how ever IP works in that architecture software can be independent of specific hardware and would need it's own IP address.

—

Mea Culpa: My mode of speech can make others feel uninvited to argue or participate. This is the EXACT opposite of what I intend when I post.

Sat, 2012-11-03 16:56

#7

RustedPantheress RustedPantheress's picture

Hmm... Mesh ID is not tied to

Hmm... Mesh ID is not tied to your Ego ID, Mesh ID is tied to your Mesh Insert, and your MUSE resides in that, and you just create fakes if needed. And pretty much everything has a Mesh ID unless they've been deliberately made without that (if it can interact with the mesh, it has a Mesh ID). You, the person, don't have a mesh ID, but your inserts do. You can get fake Ego IDs via the black market, which involve registering a fake persona with a station (although many of them are known to be havens for that), and changing the Nanotat ID on your fingertip to reflect that.

—

Somebody is using bad science! Snark, facts, snark. Your body is corrupted: Cool, do more science to it. Your mind is warped: That's nice, want a cookie? What do we say to the God of Death? Not today!

Sat, 2012-11-03 17:38

#8

NewtonPulsifer NewtonPulsifer's picture

Here's how I understand it:

Here's how I understand it: Mesh ID - any mesh enabled radio has a unique Mesh ID. Can easily be changed with a software setting on many devices, although I'm sure many cheap-o items cannot change it without a shot of pre-programmed repair spray. Nanotat ID - morph ID written onto the fingertips (or equivalent) of a morph. Would need a Nanoswarm or Medical Vat to rewrite a new one. A "field changable" Nanotat ID Flux personal augmentation with cost [Expensive] is available, usually highly illegal. Not sure why it costs so much. FWIW I'm sure vehicles, bots, animals, and anything capable of hosting an informorph (e.g. ectos) have these too. Laws might require a timely update of a Morph's Nanotat ID database entry if somebody's appearance is changed (time in a vat, biosculpting, or a synthmorph rebuild). Ego ID - This is your unique personal digital code on file somewhere. Augmented with a brainprint scan in c-rep areas, and generally on government servers in that case too. EDIT: Check out pg. 279 of the 3rd printing.

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Sat, 2012-11-03 17:46

#9

RustedPantheress RustedPantheress's picture

No, Nanotat ID is based off

No, Nanotat ID is based off your Ego ID. If you look at Panopticon, you have two things: Brainprint or Digital Code (Digital code is used for AIs, AGIs, Infomorphs, and backups). Your Ego ID is these, combined with your known history and data (Name, Gender, Date of Birth, Place of Birth, Place of Residence, etc). Your Nanotat ID is your Ego ID imprinted into your fingertip, minus any info that's not required. Infomorphs housed in anything other than a morph get their digital code checked, while bio and synthmorphs get their Nanotat ID checked. If the security check is more rigorous, you get a quick brainprint scan, taking 5 minutes for biomorphs and a few seconds for synth and infomorphs, and the results are checked against the local database. Morph looks don't really enter into it, except for when you're looking for somebody, but nanotat or brainsprint is always used for ID verification.

—

Somebody is using bad science! Snark, facts, snark. Your body is corrupted: Cool, do more science to it. Your mind is warped: That's nice, want a cookie? What do we say to the God of Death? Not today!

Sat, 2012-11-03 18:44

#10

NewtonPulsifer NewtonPulsifer's picture

Ah, okay.

Ah, okay. Having that amount of data on a nanotat id "in the clear" seems ripe for abuse, however. I'd definitely wrap that finger up with something scanner proof until I was ready to have it scanned. I wouldn't want some criminal scanning my nanotat id by rigging up a doorknob.

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Sat, 2012-11-03 20:07

#11

RustedPantheress RustedPantheress's picture

Apparently it's really tiny

Apparently it's really tiny and most doors are opening by a command sent through the mesh anyways. "This door, open." and it opens, unless it's locked.

—

Somebody is using bad science! Snark, facts, snark. Your body is corrupted: Cool, do more science to it. Your mind is warped: That's nice, want a cookie? What do we say to the God of Death? Not today!

Wed, 2012-11-07 20:18

#12

Decivre

NewtonPulsifer wrote:Ah, okay

NewtonPulsifer wrote:
Ah, okay. Having that amount of data on a nanotat id "in the clear" seems ripe for abuse, however. I'd definitely wrap that finger up with something scanner proof until I was ready to have it scanned. I wouldn't want some criminal scanning my nanotat id by rigging up a doorknob.

My guess is that your nanotat is encrypted utilizing a hidden value based on your current morph. And probably other factors like a timestamp applied each time it is checked. So simply having a copy of your nanotat is not sufficient for stealing your ID.

—

Transhumans will one day be the Luddites of the posthuman age. [url=http://bit.ly/2p3wk7c]Help me get my gaming fix, if you want.[/url]

Wed, 2012-11-07 20:29

#13

CodeBreaker CodeBreaker's picture

ID nanotats include

ID nanotats include information on the company that did the resleeving, so that the data may be accessed and verified with their records online. The data on the nanotat is also cryptographically signed with the company’s public key, meaning that anyone who checks the data and the signature online can tell if the data has been altered. If the nanotat is cryptographically signed with the company's public key, that means that anyone using the nanotat would have to have acquired not only an exact duplicate of your nanotat, but also an exact duplicate of your morph. So if you want to steal someone’s identity via their nanotat, they have to go to extreme lengths to do so.

—

-

Wed, 2012-11-07 22:08

#14

NewtonPulsifer NewtonPulsifer's picture

So a nanotat is useless for

So a nanotat is useless for id verification if the mesh is down? Also I'm confused on what you're saying. If I just copy the data on your nanotat, wipe my own nanotat, and copy that data to my nanotat how would a nanotat reader know the difference between us?

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Wed, 2012-11-07 22:58

#15

Justin Alexander Justin Alexander's picture

As described on pg. 279 of

As described on pg. 279 of the core rulebook: Ego ID is just a serial number. It's like your driver's license or social security number. And just like your driver's license or social security number, your Ego ID is associated with you in various databases -- citizenship, legal status, credit accounts, licensing, etc. Instead of ID cards, however, your ego ID is associated with you in two ways: First, a digital copy is stored in your infomorph. Second, resleeving clinics are legally bound to nanotattoo the ID onto your finger. In addition, these nanotattoos contain nanobots containing encrypted information associated with your ego ID. The amount of information included varies depending on the habitat: In some cases it'll basically be equivalent to what's on your driver's license. In other cases it'll be equivalent to carrying around your complete legal, medical, and credit history. Is this a security risk? Hypothetically. But since the information is encrypted, it's actually more secure than the packet of identification documents you're currently carrying in your wallet.

NewtonPulsifer wrote:
If I just copy the data on your nanotat, wipe my own nanotat, and copy that data to my nanotat how would a nanotat reader know the difference between us?

Well, it's cryptographically signed and associated with your specific morph. So you've got to crack the encryption, get access to my tattoo, copy the tattoo's information, alter the tattoo to make it look like I resleeved into your morph, re-encrypt it, and then place it on your own finger. And it'll still fail to verify unless you've also hacked into the master databases. That's obviously not impossible. But it's tougher than just "copying the data to your nanotat". It's a little like saying, "What's to stop my from photocopying your driver's ID and putting the copy in my wallet?" Except, in addition to all the other logistical problems that scheme has, the information on my license is encrypted and anyone using it for identification purposes will cross-check it with an encrypted, centralized database.

—

The Alexandrian

Wed, 2012-11-07 23:59

#16

NewtonPulsifer NewtonPulsifer's picture

I'm still not following.

I'm still not following. Encrypted data can still be copied without cracking it. And then I can use it. Because presumably a nanotat reader can read your nanotat id without your intervention? Or do you have to consciously decrypt your own nanotat data so a nanotat id reader can read it in? And how exactly is a nanotat id "associated with your specific morph"?

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Thu, 2012-11-08 00:56

#17

NewtonPulsifer NewtonPulsifer's picture

To elaborate my confusion:

To elaborate my confusion: From my cursory reading it seems nanotat ids are *not* necessarily encrypted - but "encoded" (whatever that means exactly, that could mean a barcode), and are cryptographically signed by a public key to verify they have not been tampered with. They can be read with an ID Scanner as an "automatic affair". Rewriting a nanotat id is easily done, but the encryption must be cracked or it will fail its authorization online (from pg 280). This is the part I'm stuck on. Why would it fail the authorization online if the data is a bit for bit exact copy? It should work perfectly fine. [i]An exact copy has not been tampered with.[/i] Also, helpful posters have said a nanotat id is "associated with your specific morph" but I don't understand how that works either. Stuff from books: ID Scanner: This small hand-held device is used to read the nanotat IDs carried by most morphs. It scans the nanobots, decodes the data, and compares the information against linked online databases. To truly be effective, this device must have mesh access to ID databases. [Low] Nanotat IDs Verifying a nanotat ID with an ID scanner is an automatic affair. Morphs that have had their nanotat ID erased or that never had one in the ﬁrst place are likely to be viewed with extreme suspicion. Morphs using nanotat ID ﬂux nanoware are unlikely to be questioned; the deception can only be detected under close medical scrutiny with a Medicine: Nanomedicine Test. NANOTAT SCANS Special encoded nanobots are used to create a small nanotat on a person’s index finger. These nanobots contain encoded information that includes their name and identity, brainwave pattern, citizenship/legal status, credit account number, insurance information, and licenses. Depending on the local habitat laws, it may include other information such as criminal history, travel history, restricted implants, employment records, and so on. This nanotat may be read by anyone with a special ID scanner that reads the nanobot encoding. ID nanotats include information on the company that did the resleeving, so that the data may be accessed and verified with their records online. The data on the nanotat is also cryptographically signed with the company’s public key, meaning that anyone who checks the data and the signature online can tell if the data has been altered. ALTERING NANOTAT IDS Special nanobot treatments may be manufactured to erase, rewrite, or replace nanotat IDs. Erasing a nanotat is easy, but not having one is a crime and immediate grounds for suspicion in many habitats. Rewriting a nanotat is also easy, though this means that the nanotat will fail its authorization online unless the encryption has also been cracked (p. 254). Replacing a nanotat ID with a fake one is just as possible and is part of the process of acquiring a fake ID.

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Thu, 2012-11-08 19:03

#18

OneTrikPony OneTrikPony's picture

Back to the OP

Back to the OP I've decided that disgising your muse is as simple as having your muse fluctuate your mesh ID and applying a new 'skin', (that might require an AR illusion). I've also decided that awareness of how to accomplish the electronic, AR, and virtual components of an effective disguise is encompassed by the Disguise and Impersonation skills. I appreciate your input.

—

Mea Culpa: My mode of speech can make others feel uninvited to argue or participate. This is the EXACT opposite of what I intend when I post.

Sat, 2012-11-10 04:07

#19

Justin Alexander Justin Alexander's picture

NewtonPulsifer wrote:From my

NewtonPulsifer wrote:
From my cursory reading it seems nanotat ids are *not* necessarily encrypted - but "encoded"

Not to be dismissive here, but the word "encryption" is used explicitly on pg. 280 of the core rulebook. In fact, you QUOTE it in this very same message. So if you're still "confused" despite multiple people thoroughly explaining it to you, I recommend reading thoroughly and for comprehension instead of settling for your obviously inadequate "cursory" non-comprehension.

—

The Alexandrian

Sat, 2012-11-10 13:37

#20

NewtonPulsifer NewtonPulsifer's picture

Cryptographically signed data isn't the same as encrypted data

Justin Alexander wrote:
NewtonPulsifer wrote:
From my cursory reading it seems nanotat ids are *not* necessarily encrypted - but "encoded"
Not to be dismissive here, but the word "encryption" is used explicitly on pg. 280 of the core rulebook. In fact, you QUOTE it in this very same message. So if you're still "confused" despite multiple people thoroughly explaining it to you, I recommend reading thoroughly and for comprehension instead of settling for your obviously inadequate "cursory" non-comprehension.

Thanks for taking the time to post here and educate me. If you go back to pg. 279 the game book only mentions the nanotat data is cryptographically signed. Encrypting the whole dataset and cryptographically signing (also known as a "digital signature") an otherwise unencrypted message are two different things. Here's a link that describes the difference: http://www.youdzone.com/signature.html So I'm still confused as to why I cannot just copy the nanotat data (this being analogous to a digitally signed message) and just use it as my own.

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Sat, 2012-11-10 17:00

#21

NewtonPulsifer NewtonPulsifer's picture

Justin Alexander wrote:

Justin Alexander wrote:
It's a little like saying, "What's to stop my from photocopying your driver's ID and putting the copy in my wallet?" Except, in addition to all the other logistical problems that scheme has, the information on my license is encrypted and anyone using it for identification purposes will cross-check it with an encrypted, centralized database.

I'm curious why you think this is a good example. If I did have an exact copy of your driver's ID, I could use it. Whether there is only a cryptographic signature with the data unencrypted or if the entire thing is encrypted with a cryptographic key only stored in nanotat id readers is of no import to me. If a driving enforcement officer wanted my nanotat ID (and insisted on reading off the nanotatto on my finger in person with a nanotat ID reader), I would just use the ID I duplicated from you. It would run through and verify as a valid ID just fine.

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Wed, 2012-11-21 17:12

#22

Decivre

NewtonPulsifer wrote:I'm

NewtonPulsifer wrote:
I'm curious why you think this is a good example. If I did have an exact copy of your driver's ID, I could use it. Whether there is only a cryptographic signature with the data unencrypted or if the entire thing is encrypted with a cryptographic key only stored in nanotat id readers is of no import to me.

Driver licenses have something akin to a cryptographic certificate that allows a police officer with even a cursory level of intelligence to see through a ruse, effectively limiting your ability to use someone else's ID: your photo. If your face does not match the one on the ID, then any chance of you using it goes out the window. It doesn't matter that you have the original, nor would it matter if it was a flawless copy. In that same vein, there is likely a lot of data on a nanotat beyond a simple birthdate, name and number. Cryptographically-stored images of your current morph, the issuing hypercorp's certificate, and more is stored on it. And cryptographic certificates are not so easily duplicated simply by copying... they often contain hash data based on some unchangeable element about the system they are on. Your computer likely has cryptographically-stored certificates to ensure an authentic install of Windows or whatever, and those certificates may very well be linked to the components of your computer.

NewtonPulsifer wrote:
If a driving enforcement officer wanted my nanotat ID (and insisted on reading off the nanotatto on my finger in person with a nanotat ID reader), I would just use the ID I duplicated from you. It would run through and verify as a valid ID just fine.

Then he would ask why a synthmorph has a nanotat encoded for a Chinese woman's body, while he proceeded to pull out his gun.

—

Transhumans will one day be the Luddites of the posthuman age. [url=http://bit.ly/2p3wk7c]Help me get my gaming fix, if you want.[/url]

Wed, 2012-11-21 23:15

#23

NewtonPulsifer NewtonPulsifer's picture

And we're back full circle

And we're back full circle where you see why I assumed a nanotat id would include physical description information, here's the comment earlier in the thread: http://eclipsephase.com/comment/32226#comment-32226 Seems you agree with me.

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Thu, 2012-11-22 23:38

#24

Justin Alexander Justin Alexander's picture

Are there two different

Are there two different people using the NewtonPulsifer account to post? Because the guy writing posts #8 and #23 appears to be a completely different guy than the one writing posts #16 and #21.

—

The Alexandrian

Fri, 2012-11-23 05:20

#25

Lorsa

Justin Alexander wrote:Are

Justin Alexander wrote:
Are there two different people using the NewtonPulsifer account to post? Because the guy writing posts #8 and #23 appears to be a completely different guy than the one writing posts #16 and #21.

So there's a case of possible ID theft? Best do a brainscan!

—

Lorsa is a Forum moderator [color=red]Red text is for moderator stuff[/color]

Sun, 2012-11-25 16:11

#26

NewtonPulsifer NewtonPulsifer's picture

Justin Alexander wrote:Are

Justin Alexander wrote:
Are there two different people using the NewtonPulsifer account to post? Because the guy writing posts #8 and #23 appears to be a completely different guy than the one writing posts #16 and #21.

Eh? I'm not getting why.

—

"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve."- Isoroku Yamamoto

Tue, 2012-11-27 23:35

#27

The Doctor The Doctor's picture

Lorsa wrote:So there's a case

Lorsa wrote:
So there's a case of possible ID theft? Best do a brainscan!

Divergent beta fork()?

—

[img]http://drwho.virtadpt.net/graphics/info_userbar.jpg[/img] [img]http://drwho.virtadpt.net/graphics/argo_userbar.jpg[/img] [url=https://drwho.virtadpt.net/graphics/blankbadge.png][img]http://drwho.vir...