Hitoshi Kokumai

1ヶ月前 · 2 分の読書時間 · visibility ~10 ·

chat 著者への問い合わせ

thumb_up 関連性 message コメント

Biometrics is to Password what Back door is to Front door

uSqJ3.pngDistracted “A

Let me try to make the relation of a biometrics and a default password clearer with the picture of a house with a front door of a deterministic password system, to which a back door of a probabilistic biometrics system was added as another entrance.

Residents are required to use the seemingly-convenient back door as the first choice for entry, until they get falsely rejected there.  The residents rejected by the probabilistic biometrics authentication at the backdoor would be required to try the front door of a deterministic password authentication. The correct residents with correct memory will enter the house.

If the one-door house was not secure enough in the first place, the two-doored house is made even less secure. Bad guys, who are now given the chance to break the back door as well as the front door, can enjoy an increased attack surface., i.e., lowered defense.

Now, we have thus reconfirmed that the claim that biometrics contributes to identity security is falsity.

Ref: “What's driving those people to keep spreading the biometrics misinformation”

Incidentally, what ‘being probabilistic’ means is that it cannot escape the trade-off between False Acceptance (false positive/false match) and False Rejection (false negative/false non-match) and therefore it cannot be used on its own without sacrificing the availability, whereas ‘being deterministic’ means that it can be used on its own.

FRR (False Rejection Rages)<br />
<br />
 <br />
<br />
False Acceptance Rates and False Rejection Rates<br />
<br />
 <br />
<br />
10<br />
<br />
10%<br />
<br />
10°<br />
<br />
    <br />
    <br />
<br />
38 (Equa ror Rates)<br />
<br />
procucts<br />
(more accurate)<br />
<br />
  <br />
<br />
 <br />
 <br />
<br />
00 100 ar 100 10<br />
FAR (Fale Accegtarce Rates)

Key References 
 

 “What we need to do for NOT achieving Solid Digital Identity”

Removal of Passwords and Its Security Effect 

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

8bb927ea.pngSecret Credenti<br />
<br />
 <br />
   <br />
 <br />
<br />
Memories<br />
<br />
Episodic Memory


Additional References
 

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens
 Image-to-Code Conversion by Expanded Password System

Summary and Brief History - Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System 

 History, Current Status and Future Scenarios of Expanded Password System 

Availability-First Approach 

Update: Questions and Answers - Expanded Password System and Related Issues 

kwP3E.jpeg“Expanded Password System<br />
<br />
wane = Only I can select all of<br />
BS] them correctly<br />
<br />
Broader choices with both images and characters accepted<br />
<br />
i<br />
<br />
 <br />
<br />
 <br />
<br />
 <br />
<br />
 <br />
<br />
Easy to manage relenons between accounts and corresponding passwords.<br />
<br />
&<br />
<br />
Torturous login is history. Login is now comfortable, relaxing and healing<br />
<br />
BO<br />
250<br />
08


 

 < Videos on YouTube>
 

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes - narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space - "below-one" factor authentication

8kzW0.pngWorry about a backdoor?
thumb_up 関連性 message コメント
コメント
Zacharias 🐝 Voulgaris

Zacharias 🐝 Voulgaris

1ヶ月前 #3

Hitoshi Kokumai

Hitoshi Kokumai

1ヶ月前 #2

Zacharias 🐝 Voulgaris

Zacharias 🐝 Voulgaris

1ヶ月前 #1

Probabilistic (or stochastic as it's often called) is the biggest cop-out to any problem that needs to be solved in science, in a reasonable amount of time. If you ask any scientist worth his salt he'd tell you that he prefers a deterministic solution whenever possible. The sad thing is that there are deterministic solutions to many problems (e.g., data sampling and even clustering), but the engineers involved were never asked to solve these problems properly. I don't think it's the engineers that are to blame though. Sometimes, the problem is more complicated as there are requirements regarding the time the solution takes. In CS it's not any different apparently, since convenience has become the main requirement for many systems. Cheers

その他の記事 Hitoshi Kokumai

ブログを見る