Larger Attack Surface on User’s Device
I today take up this The Register report - “Client-side content scanning as an unworkable, insecure disaster for democracy” https://www.theregister.com/2021/10/15/clientside_side_scanning/
Glancing over this worrying report, I found this paragraph especially eye-catching; “It goes on to look at all the potential problems with CSS systems. These include the possibility of abuse by authorized and unauthorized parties, as well as local adversaries – a user's partner, ex-partner, other family member, or rival who has access to the user's device.”
This kind of threat is supposed to be mitigated by a secure login. In this aspect, we know that Apple is shooting itself in the foot by increasing the attack surface (=increasing the vulnerability) of the login security as the result of adding a probabilistic back door of biometrics login such as TouchID and FaceID on top of the deterministic front door of a default pincode/password.
If there is nothing particularly wrong in using two authenticators in a ‘two-entrance’ deployment for convenience's sake, it is absolutely wrong to lead the consumers to wrongly believe that the security has been improved.
Actually, it has brought down identity security, spreading a false sense of security among consumers.
Well, as for the security effect of deploying two authenticators in ‘multi-entrance’ deployment (as against ‘multi-layer’ deployment), you might well be interested in these posts -
“Biometrics is to Password what Back door is to Front door”
“Step-by-Step Analysis of Why and How Biometrics Brings Down Security”
“Get graphs to talk the nature of probabilistic biometrics”
False Acceptance Rates and False Rejection Rates
10
10%
10°
38 (Equa ror Rates)
procucts
(more accurate)
00 100 ar 100 10
FAR (Fale Accegtarce Rates)Worry about a backdoor?">
Key References
Biometrics is to Password what Back door is to Front door
Removal of Passwords and Its Security Effect
Negative Security Effect of Biometrics Deployed in Cyberspace
External Body Features Viewed as ‘What We Are’
Additional References
For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)
What We Know for Certain about Authentication Factors
Digital Identity for Global Citizens
Image-to-Code Conversion by Expanded Password System
Summary and Brief History - Expanded Password System
Proposition on How to Build Sustainable Digital Identity Platform
Account Recovery with Expanded Password System
History, Current Status and Future Scenarios of Expanded Password System
Update: Questions and Answers - Expanded Password System and Related Issues
< Videos on YouTube>
Slide: Outline of Expanded Password System (3minutes 2seconds)
Digital Identity for Global Citizens (10minutes - narrated)
Demo: Simplified Operation on Smartphone for consumers (1m41s)
Demo: High-Security Operation on PC for managers (4m28s)
Demo: Simple capture and registration of pictures by users (1m26s)
Slide: Biometrics in Cyber Space - "below-one" factor authentication
Hitoshi Kokumaiの記事
ブログを見るTaken up today is this TechRepublic report on voice print as a new password - https://www.techrepubl ...
The quantum computer held in a bad guy’s hand is indeed a big threat. So is the artificial intellige ...
I got interested in this article -on the password problem · “Tech Q&A” · https://www.unionleader.c ...
この職種に興味がある方はこちら
-
ホールスタッフ
次の場所にあります: Whatjobs JP C2 - 17時間前
トリコミート 京橋店 Osaka, 日本【職種名】 · ホールスタッフ · 【会社名・店舗名・施設名】 · トリコミート 京橋店 · 【勤務地】 · 大阪府大阪市北区 · 【アクセス】 · 京橋 (大阪メトロ長堀鶴見緑地線),京橋 (京阪本線) · 【雇用形態】 · 正社員 · 【給与】 · 月収25万円~35万円 · 【仕事内容】 · 【成長企業】SNSで人気店舗の正社員候補を大募集 · 【仕事内容】 · あなたには店舗運営等のホールでの接客対応までをお任せします。 · まずはお客様対応をメインに、お店・仕事・スタッフに馴染む所から始めてください。 · 和気藹々としていて、とても働きやすい雰 ...
-
ヘアメイク
次の場所にあります: Whatjobs JP C2 - 4日前
合同会社MFS Nagoya, 日本**【アピールポイント】**:【働く時間や日数が選べます】 · 訪問美容師募集 · - 時給1,750円~2,500円の高時給 · - 入社直後でも能力、実績により随時昇給 · - 美容師に嬉しい土日完全休み · - 短時間勤務OKで残業なし · まずはお気軽にお電話ください · **【仕事内容】**:美容師免許をお持ちの方、必見です。 · 老人ホームやご自宅などへの訪問美容サービスをお任せします。 · - 具体的なお仕事内容 · 高齢やご病気などで美容室へ行くことが難しいお客様のために自動車などで訪問し、美容室・理容室と同様のサービスを行います。 · ...
-
保育士
次の場所にあります: Whatjobs JP C2 - 6日前
社会福祉法人 宮の沢福祉会 宮の沢さくら保育園 Sapporo, 日本**タイトル**: · 保育士 · **このお仕事の特徴**: · 急募 即日勤務OK · **勤務先名**: · 社会福祉法人 宮の沢福祉会 宮の沢さくら保育園 · **職種**: · 保育士 · **仕事内容**: · - 保育士資格を活かして心機一転スタートしませんか? · 嬉しい賞与あり頑張りが認められる遣り甲斐のある職場です経験者歓迎彡経験を活かして働きませんかスキルアップを目指したい方にもおススメですマイカー通勤OK天候に左右されず通勤できるのは嬉しいですね · スタッフ同士、困ったときは協力しあえる温かな雰囲気の職場です · **勤務地** ...
コメント