Quantitative Examination of Multiple Authenticator Deployment
It appears that there are so many security professionals who pay no attention to the exactly opposite effects of 'multi-layer' and 'multi-entrance deployments. ‘Multi-Layer’ is also represented by ‘In-Series’, ‘In-Addition-To’, ‘All/BothAnd’ and ‘Conjunction’ in logic, while
‘Multi-Entrance’ by ‘In-Parallel’, ‘In-Stead-Of’, ‘EitherOr’ and ‘Disjunction’. Let me offer a quantitative examination of multiple authenticators deployed in two different ways.
Vulnerability (attack surface) of an authenticator is generally presented as a figure between 0 and 1. The larger the figure is, the larger the attack surface is, i.e., the more vulnerable. Assume, for instance, as just a thought experiment, that the vulnerability of the PKI-enabled token (x) be 1/10,000 and that of the password (y) be 10 times more vulnerable, say. 1/1,000. When the two are deployed in ‘multi-layer’ method, the total vulnerability (attack surface) is the product of the two, say, (x) and (y) multiplied. The figure of 1/10,000,000 means it is 1,000 times more secure than (x) alone.
On the other hand, when the two are deployed in ‘multi-entrance’ method, the total vulnerability (attack surface) is obtained by (x) + (y) – (xy), approximately 0.0011. It is about 11 times less secure than (x) alone.
So long as the figures are below 1, whatever figures are given to (x) and (y), deployment of 2 authenticators in ‘multi-layer’ method brings higher security while ‘multi-entrance’ deployment brings lower security. As such ‘multi-layer’ and ‘multi-entrance’ must be distinctly separated when talking about security effects of multiple authenticators.
Remark: Some people may wonder why (xy) is deducted from the sum of (x)+(y).
When (x) and (y) is very small, the (xy) is very close to 0, which we can practically ignore. But we should not ignore it when the figures are considerably large.
Imagine a case that both the two authenticators are deployed in an extremely careless manner, for instance, that the attack surfaces of (x) and (y) reach 70% (0.7) and 60% (0.6) respectively. If simply added, the figure would be 130% (1.3). It conflicts with the starting proposition the figures being between 0 and 1.
Imagine a white surface area. Painting 70% of it in black leaves 30% white surface. Painting 60% of the remaining 30% in black will result in 88% black and 12% white surfaces. Painting 60% first in black and then painting 70% of the remaining 40% brings the same result of 88% black and 12% white. So does “(x)+(y)-(xy)”. The overall vulnerability (attack surface) is 0.88 (88%) in this case.
Hitoshi Kokumaiの記事
ブログを見る
There is actually a valid methodology that enable us to maximize the entropy of the secret credentia ...
Another topic for today is “Passwordless made simple with user empowerment” · https://www.securitym ...
The quantum computer held in a bad guy’s hand is indeed a big threat. So is the artificial intellige ...
この職種に興味がある方はこちら
-
株式会社リアンコネクト ヒューマンリソース部
次の場所にあります: Talent JP C2 - 1日前
Lian Connect Higashisonogi, 日本お仕事情報 · お仕事内容 · 組み立て・加工・検査・機械オペレーターなどカンタン作業をお任せします · 希望に合った工場のお仕事をご紹介します。 · ・組み立て · →マニュアルに沿って部品を組み立てるお仕事です。 · 単純作業で未経験でも安心です。 · ・機械オペレーター · →装置に部品をセットして、マニュアルに沿ってボタンを操作するお仕事です。 · 最初は覚える事もありますが、機械が製造する為、操作が中心で体の負担が少ないお仕事です。 · その他、検査や部品供給、塗装、加工など様々なお仕事がございます · ご希望やご経験をお伺いした上でご紹 ...
-
保育業務(要保育士資格)
次の場所にあります: Whatjobs JP C2 - 6日前
SCグッジョブ Yokohama, 日本【職種】 · 保育士 · 【お仕事内容】 · 子どもたちの笑顔溢れる環境でお仕事をしてみませんか? · 様々な経験や体験をしながら · 子供たちの成長を実感できるやりがいのある仕事です · 駅近2分 定員30名の小規模園なので一人ひとり向き合えます · ・食事や着替えのサポート · ・レクリエーション · (絵本やお絵かき、工作、遊具運動) · ・健康管理 · ・連絡帳などの事務業務 · ・発表会や運動会準備など · 保育に従事するお仕事をお任せします。 · 【勤務場所】 · JR京浜東北線 関内駅より徒歩2分 · 【雇用形態】 · 正社員 · 【給与】 ...
-
障害者採用】軽作業
次の場所にあります: Whatjobs JP C2 - 6日前
ニール 株式会社 Osaka, 日本**ハローワーク 求人番号** · **受付年月日** · - 2023年11月1日**紹介期限日** · - 2024年1月31日**受理安定所** · - 大阪東公共職業安定所**求人区分** · - パート(障)**オンライン自主応募の受付** · - 不可**産業分類** · - 障害者福祉事業**就労継続支援A型事業の利用者募集** · - 該当**トライアル雇用併用の希望** · - 希望しない 求人事業所 · **事業所番号** · **事業所名** · - ニール カブシキガイシャ- ニール 株式会社**所在地** · - 〒 大阪府大阪 ...
コメント