The Case of the Two Coupons

Valet parking has always fascinated me. You drive into a hotel or restaurant, hand your car keys to a complete stranger who parks your car in exchange for a coupon and brings it back to you when you are ready. He hands you one coupon, and the other gets stubbed with your car key and stored in valet ‘central’. And just to try and make the system a bit more foolproof, some might even note down the license plate number of the car on both coupons. But all in all, how incredibly convenient.

And this was still convenient until a valet pulled up with the wrong car. So I shook my head and said that’s not my vehicle. In his shock, the valet gave my copy of the coupon, which was in his hand, a look and said that the license plates match. The problem was the license plate did match, but only one part of the alpha-numeric identifier. So let’s say my car license plate was HRT745; the 745 matched, which was the only parameter that the valet had used to compare the coupons, and brought the wrong car out to me.

So this highlights a grave vulnerability in this manual system that the valet parking chaps have running and here’s one of my nightmares catching upto me: there are only two coupons in this transaction; one for the car owner and the second for the valet central. When you’re ready to go, you hand your coupon over to the valet, who runs off with it leaving you empty-handed. When he returns with the car and calls out to the person who the car may belong to. The same person who, as dictated by Murphy’s Law, will never be within earshot, will probably not hear those calls.

In this scenario, can someone please explain to me what the guarantee is that the valet will actually be turning the car over to the owner of the car, and not just someone random walking out of the crowd of people waiting for their vehicles? Where’s the final identification check or authentication?

Security in general is about identifying vulnerabilities and assessing risk. The manual system we function in is so vulnerable, I doubt many people give it too much thought. So what’s the patch for this vulnerability?



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement | WordPress Tutorials

0 comments:

Leave a Comment