Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Blind Spot In Our Mind & Eye-Opening Experience

Biometric solutions operated with a fallback password should be called a “less-than-one”-factor authentication, since it makes the users less safe than a password-only single-factor authentication.

The false sense of security is often worse than the lack of security itself. Biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security in cyber space.

  • Sé el primero en comentar

Blind Spot In Our Mind & Eye-Opening Experience

  1. 1. False Sense of Security blind spot in our mind and eye-opening experience 18th January, 2016 Mnemonic Security, Inc., Japan/UK
  2. 2. Which model do you think is securer? 1/3 < Given information > Model A is protected by Pincode while Model B is protected by both Pincode and Fingerprints Model A Model B
  3. 3. Which model do you think is securer? 2/3 < Given information > Model A can be unlocked by Pincode while Model B can be unlocked by both Pincode and Fingerprints Model A Model B
  4. 4. Which model do you think is securer? 3/3 < Given information > Model A can be attacked only by Pincode while Model B can be attacked by both Pincode and Fingerprints Model A Model B
  5. 5. One Door or Two Doors (1) (2) There are two houses – (1) with one door and (2) with two doors in parallel. Which is safer against burglars? The answer is (1). It is too obvious for everyone of us. Similarly (1) the login by a password alone is safer than (2) the login by a biometric product backed up by a fallback password.
  6. 6. (A and B) or (A or B) Biometrics could help for better security ONLY WHEN it is operated together with a password by AND/Conjunction (we need to go through both of the two), NOT WHEN operated with a password by OR /Disjunction (we need only to go through either one of the two) as in the cases of most of the biometric products on the market. Biometrics and password operated together by OR/Disjunction only increases the convenience by bringing down the security. Mixing up the case of OR/Disjunction with that of AND/Conjunction, we would be trapped in a false sense of security (We wrongly feel safer when we are actually less safe).
  7. 7. More about “OR/Disjunction” Biometric sensors and monitors, whether static, behavioral or electromagnetic, can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. The cases of (1) are hardly known in the real world because the falsely rejected users would have to give up the access altogether even if they can recall their passwords. Most of the biometric products are operated by (2) so that the falsely rejected users can unlock the devices by registered passwords. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y - xy) is necessarily larger than the vulnerability of a password (y), say, the devices with biometric sensors are less secure than the devices protected by a password-only authentication.
  8. 8. Recommendations As such, biometric solutions operated with a fallback password should be called a “below-one factor authentication”, since it makes the users less safe than a password-only single-factor authentication. The false sense of security is often worse than the lack of security itself. Biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security in cyber space. Thank you

×