The volitional password is absolutely necessary(where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees).
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.
This slide was used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Presentation with Scripts at CIWEU2018
1. スライド 1
Identity Assurance by
Our Own Volition and Memory
The safety of our cyber life depends on identity assurance
which in turn relies on remembered passwords
Hitoshi Kokumai
President, Mnemonic Security, Inc.
kokumai@mneme.co.jp
Enabling
Self-Sovereign Identity
30/Oct/2018
Our identity as human
being is made of our
autobiographic memory
Hello,
I am Hitoshi Kokumai, advocate of ‘Identity Assurance by Our Own Volition and
Memory’. I’ve been promoting this principle for 17 years now.
And, this principle now makes the foundation for the emerging concept of
Self-Sovereign Identity.
However, this principle would be a pipe dream if it is not supported by a practicable
means of identity authentication that is secure and yet stress-free, desirably giving us
joy and fun.
2. スライド 2
The problem: passwords could work
– but they need help
Passwords are
Hard to manage
And yet, absolutely necessary
Identity theft and security
breaches are proliferating
A critical problem requiring
urgent practical solutions
30/Oct/2018 2
We have a big headache. Passwords are hard to manage, and yet, the passwords
are absolutely necessary. Why?
That’s because democracy would be lost where the password was lost and we were
deprived of the chances and means of getting our own volition confirmed in having
our identity authenticated. When authentication happens without our knowledge or
against our will, it is a 1984-like Dystopia.
It seems that the word ‘password’ is poly-semantic and context-dependent.
Sometimes it’s narrowly interpreted as ‘remembered text password’ and sometimes
it’s taken broadly as ‘whatever we remember for authentication’. Please interpret this
word ‘password’ from the context in my presentation as well.
Identity theft and security breaches are proliferating. This critical problem requires
urgent practical solutions.•@•@
3. スライド 3
There are
several known
pictures in the
matrix
I can easily find all of
them right away
Only I can select all of
them correctly
Expanded Password System
Broader choices: images AND characters
Torturous login is history. Login is now comfortable, relaxing and healing.
Easy to manage relations between accounts and corresponding passwords.
There are
several known
pictures in the
matrix
I can easily find all of
them right away
Only I can select all of
them correctly
Expanded Password System
Broader choices: images AND characters
Torturous login is history. Login is now comfortable and even fun.
Easy to manage relations between accounts and corresponding passwords.
30/Oct/2018 3
Our proposition is Expanded Password System. In the matrix, there are several
KNOWN images.•@I can easily find all of them right away.
Or, rather, the KNOWN images jump into my eye. And, only I can select all of
them correctly.
We can use both images and characters. It’s easy to manage the relation between
accounts and the corresponding passwords. Torturous login is history. It’s now
comfortable and even fun. I’ll talk more about these points later.
4. スライド 4
A Fun Way to Enhance Your Passwords
A fun first step
• Get the images in your password matrix registered. It’s easy.
Huge Improvement
• Password fatigue alleviated for all
• Better security for password-managers and SSO services
• Even better security for two/multi-factor authentications
• Less vulnerable security for biometric products
Backward-Compatible
• Nothing lost for users who wish to keep using text passwords.
30/Oct/2018 4
Indispensable though unloved. Passwords could be both secure and stress-free.
It’s a fun way to enhance your passwords. Get the images in your matrix
registered. It’s easy.
People who enjoy handling images will gain both better security and better
convenience. The only extra effort required is to get these images registered;
but people already do that across social media platforms and seem to love it.•@
Then, huge improvement. Password fatigue would be alleviated for all.
Better security for password mangers and single-sign-on services. Even better
security for multi-factor authentications. Less vulnerable security for biometrics.
And, It’s backward-compatible. Nothing would be lost for the people who wish
to keep using text passwords.
5. スライド 5
We Need a Broader Choice
If only text and # are OK It’s a steep climb …
to memorize
text/number passwords
to lighten the load of
text passwords
to make use of
memorized images
3UVB9KUW
【Text Mode】 【Graphics Mode】 【Original Picture Mode】
Recall the remembered
password
Recognize the pictures
remembered in stories
Recognize the unforgettable
pictures of episodic memories
Think of all those ladders you have to climb in Donkey Kong ;-)
Low memory ceiling Very high memory ceilingHigh memory ceiling
+ +
30/Oct/2018 5
Shall we have a bit closer look at what it offers?
So far, only texts have been accepted. It was, as it were, we have no choice
but to walk up a long steep staircase. With Expanded Password System, we
could imagine a situation that escalators and elevators are provided along with
the staircase. Or, some of us could think of all those ladders we have for
climbing in Donkey Kong.
Where we want to continue to use textual passwords, we could opt to recall the
remembered passwords, although the memory ceiling is very low,. Most of us can
manage only up to several of them.
We could opt to recognize the pictures remembered in stories where we want to
reduce the burden of textual passwords. The memory ceiling is high, say, we
would be able to manage more and more of them.
Where we choose to make use of episodic image memory, we would only need to
recognize the unforgettable images, say, KNOWN images. There is virtually
no memory ceiling, that is, we would be able to manage as many passwords as
we like, without any extra efforts.
6. スライド 6
Volition and Memory
(1) Volition of the User
– with Self-Determination
(2) Practicability of the Means
– for Use by Homo sapiens
(3) Confidentiality of the Credentials
– by ‘Secret’ as against ‘Unique’
30/Oct/2018 6
We are of the belief that there must be three prerequisites for identity
assurance.
First of all, identity assurance with NO confirmation of the user’s volition would
lead to a world where criminals and tyrants dominate citizens. Democracy would
be dead where our volition was not involved in our identity assurance.•@We must
be against any attempts to do without what we remember, recall , recognize and feed
to login volitionally.
Secondly, mathematical strength of a security means makes sense so long as the
means is practicable for us Homo sapiens. A big cake could be appreciated only
if it’s edible.
Thirdly, being ‘unique’ is different from being ‘secret’. ‘Passwords’ must not be
displaced by the likes of ‘User ID’. I mean, we should be very careful when using
biometrics for the purpose of identity authentication, although we don’t see so
big a problem when using biometrics for the purpose of personal identification.
Identification is to give an answer to the question of “Who are they?”, whereas
authentication is to give the answer to the question of “Are they the persons who claim
to be?” Authentication and identification belong to totally different domains.
7. スライド 7
What’s New?
The idea of using pictures has been around for two decades.
New is encouraging people to make use of episodic image memories.
80-second video YouTube
Keyword – Smallest Interference of Memory
30/Oct/2018 7
The idea of using pictures for passwords is not new. It’s been around for more
than two decades but the simple forms of pictorial passwords were not as useful
as had been expected. UNKNOWN pictures we manage to remember afresh are
still easy to forget or get confused, if not as badly as random alphanumeric
characters.
Expanded Password System is new in that it offers a choice to make use of KNOWN
images that are associated with our autobiographic/ episodic memories. Please
have a look at this 80-second video?
Since these images are the least subject to the INTERFERENCE of MEMORY, it
enables us to manage dozens of unique strong passwords without reusing the
same password across many accounts or carrying around a memo with
passwords on it.
And, handling memorable images makes us feel comfortable, relaxed and even
healed.
8. スライド 8
Isn’t Episodic Memory Changeable?
We know that
episodic memories
can change easily.
… But that doesn’t
matter for
authentication. It
could even help.
30/Oct/2018 8
It’s known that episodic memories are easily changeable.
What we remember as our experience may have been transformed and not
objectively factual. But it would not matter for Expanded Password System.
What we subjectively remember as our episodic memory could suffice.
From confidentiality’s point of view,•@ it could be even better than objectively
factual memories since no clues are given to attackers.
9. スライド 9
What
about
Entropy?
A PASSWORD LIKE ‘CBA123’ IS
ABSURDLY WEAK.
WHAT IF ‘C’ AS AN IMAGE GETS
PRESENTED BY SOMETHING LIKE
‘X4S&EI0W’ ?
WHAT IF
‘X4S&EIWDOEX7RVB%9UB3MJVK’
INSTEAD OF ‘CBA123’ GETS
HASHED?
30/Oct/2018 9
Generally speaking, hard-to-break passwords are hard-to-remember. But it’s not
the fate of what we remember.
It would be easily possible to safely manage many of high-entropy passwords
with Expanded Password System that handles characters as images.
Each image or character is presented by the image identifier data which can be
of any length.
Assume that your password is “CBA123” and that the image ‘C’ is identified as X4s&
eI0w, and so on.
When you input CBA123, the authentication data that the server receives is not
the easy-to-break “CBA123”, but something like “X4s&eI0wdoex7RVb%9Ub3mJvk”,
which could be automatically altered periodically or at each access where
desired.
10. スライド 10
Relation of Accounts & Passwords
Account A Account B Account C Account D
Account E,
F, G, H, I, J,
K, L-----------
• Unique matrices of images allocated to different accounts.
• At a glance you will immediately realize what images you should pick
up as your passwords for this or that account.
30/Oct/2018 10
Being able to recall strong passwords is one thing. Being able to recall the relation
between accounts and the corresponding passwords is another.
When unique matrices of images are allocated to different accounts, those
unique image matrices will be telling you what images you should pick up as
your password for this or that account.
When using images of our episodic memories, the Expanded Password System will thus
free us from the burden of managing the relation between accounts and the
corresponding passwords.
11. スライド 11
In the Field
Practicable with both
hands busy ?
In panic? With injuries?
Seizure of memos,
devices, tokens
Seizure of
body features
With protection gear on?
Disaster Recovery
Cards and tokens
possessed?
Biometrics
practicable?
Even in severe panic, we can quickly
recognize unforgettable images of
episodic memories.
Identity Assurance in Emergencies
30/Oct/2018 11
How can we login reliably in a panicky situation?
Do we assume that people never forget to possess cards and tokens?
Do we assume that biometrics is practicable for injured or panicked people?
Do we assume that panicked people can recall strong text passwords right away?
It’s the obligation of the democratic societies to provide the citizens with identity
authentication measures that are practicable in these emergencies. Using
unforgettable images WILL help.
12. スライド 12
Competition
or
Opportunity
Biometrics?
Passwords required
as a backup means:
Opportunity.
Password-managers,
single-sign-on
service?
Two/multi-factor
authentication?
Passwords required
as one of the factors:
Opportunity.
Pattern-on-grid,
emoji, conventional
picture passwords?
Deployable on our
platform:
Opportunity.
Passwords required as
the master-password:
Opportunity.
30/Oct/2018 12
What can be thought of as competition to Expanded Password System?
Biometrics requires passwords as a fallback means.
Password-managers and single-sign-on services require passwords as the
master-password.
Multi-factor authentications require passwords as one of the factors.
Pattern-on-grid, conventional picture passwords and emoji-passwords can all be
deployed on our platform.
So, competition could be thinkable only among the different products of
Expanded Password System.
By the way, some people claimthat PIN can eliminate passwords, but logic dictates that
it can never happen since PIN is no more than the weakest form of numbers-only
password. Neither can Passphrase, which is no more than a long password.
There are also some people who talk about the likes of PKI and onetime passwords as
an alternative to passwords. But it is like talking about a weak door and proposing to
enhance the door panel as an alternative to enhancing the lock and key.
13. スライド 13
Client Software
for
Device Login
Applications Login
Image-to-Code Conversion
Server Software
for
Online-Access
2-Factor Scheme
Open ID Compatible
Data Encryption Software
with on-the-fly key generation
Single & Distributed Authority
Unlimited Use Cases
30/Oct/2018 13
Applications of Expanded Password System will be found
Wherever people have been using the text passwords and numerical PINS,
Wherever people need a means of identity authentication even if we still do not
know what it will be.
14. スライド 14
OASIS Open
Projects
• Proposition of Expanded
Password System at ‘Draft
Proposal’ stage
• With 56 individual
participants
• Going to secure some more
participants
• Corporate members in
particular
30/Oct/2018 14
The proposition of Expanded Password System that drastically alleviates the password
fatigue is now acknowledged as a ‘Draft Proposal’ for OASIS Open Projects
that OASIS has recently launched as a new standardization program. We have
publicized a draft specification of Expanded Password System there.
We are going to secure some more participants, corporate members in particular,
who are looking for blue-ocean business opportunities in the expanding domain
of identity assurance in cyberspace.
15. スライド 15
How We Position
Our Proposition
We make identity authentication schemes
better by leveraging the time-honored
tradition of seals and autographs
The underpinning principle of Expanded
Password System will not go away so long
as people want our own volition and
memory to remain involved in identity
authentication.
30/Oct/2018 15
Starting with the perception that our continuous identity as human being is made of
our autobiographic memory, we are making identity authentication schemes better
by leveraging the time-honored tradition of seals and autographs
The underpinning principle of Expanded Password System shall not go away so
long as people want our own volition and memory to remain involved in identity
assurance.
16. スライド 16
Some More Topics about
Identity
• Isn’t Biometrics killing Passwords?
• Brain-Machine-Interface
• 2-Factor Expanded Password System
• No-Cost 2-Factor Authentication
30/Oct/2018 16
Well, let me talk about some more topics related to digital identity. They are
Biometrics supposed to kill passwords
Two-factor authentication built on 2 kinds of passwords
And, the concept of Expanded Password System applied to BMI.
17. スライド 17
Isn’t Biometrics killing
Passwords?
Fact 1: Biometrics used with a fallback password brings down
the security that the password has provided.
30-second Video YouTube
Specifically, old iPhones with PINCODE only were safer than
newer iPhones featuring TouchID and FaceID. What has
improved is convenience, not security.
Fact 2: Biometrics dependent on a password as a fallback
means cannot kill the password dead.
Fact 3: A false acceptance rate does not make sense unless it
comes with the corresponding false rejection rate.
30/Oct/2018 17
Every time I speak about Expanded Password System, I am flooded with this
question. My answer is.
Biometrics used with a fallback password brings down the security that the
password has so far provided as outlined in this 30-second video.
Specifically, old iPhones with PINCODE only were safer than newer iPhones
featuring TouchID and FaceID. What has improved is convenience obtained at
the sacrifice of security.
In any case, biometrics that is dependent on a password as a fallback measures can
by NO means kill the password. It’s logically obvious.
By the way, a false acceptance rate makes sense only when it comes with the
corresponding false rejection rate. I don’t understand why biometrics vendors
don’t publicize both of the two simultaneously.
18. スライド 18
Brain-Machine-Interface
Random numbers or characters allocated
to the images.
Ask the users to focus their attention on
the numbers or characters given to the
registered images.
A simple brain-monitoring is vulnerable to wiretapping.
The monitoring system will then collect the brain-generated onetime signal
corresponding to these numbers or characters.
30/Oct/2018 18
A simple brain-monitoring has a problem in terms of security. The data, if
wiretapped by criminals, can be replayed for impersonation straight away.
•@Therefore the data should be randomized as the onetime disposable ones.
An idea is that the authentication systemallocates random numbers or
characters to the images shown to the users. The users focus their attention on
the numbers or characters given to the images•@they had registered.
The monitoring systemwill collect the brain-generated onetime signals
corresponding to the registered images. Incidentally, the channel for showing the
pictures is supposed to be separate from the channel for brain-monitoring.
If intercepting successfully, criminals would be unable to impersonate the users
because the intercepted data are onetime and disposable.
19. スライド 19
30/Oct/2018 19
2-Factor Expanded Password System
Conventional 2-factor authentication systems are
effective only against abuse of the device/phone.
2-factor Expanded Password System enables the user to produce a
onetime identity authentication data, i.e., a real onetime password.
Some people say that using physical tokens is more secure than using phones for
receiving onetime code by SMS. If it is the case, the use of physical tokens brings its
own headache. What shall we do if we have dozens of accounts that require the
protection by two/multi-factor schemes?
Carrying around a bunch of dozens of physical tokens? Or, re-using the same tokens
across dozens of accounts? The former would be too cumbersome and too easily
attract attention of bad guys, while the latter would be very convenient but brings the
likes of a single point of failure. We have a third proposition.
A matrix of the images, to which random onetime numbers or characters are allocated ,
are shown to the users through a mobile device, as in the use case of BMI mentioned a
minute ago.
Users who recognize the registered images will feed the numbers or characters given to
those images on a main device. From those onetime data, the authentication server
will tell the images that user had registered.
What is needed at the users’ end is only a browser soft. Then, we do not depend on
the vulnerable onetime code sent through SMS and a single phone can readily cope
with dozens of accounts.
20. スライド 20
No-Cost 2-Factor Authentication
Factor 1 – Password Remembered
(what we know/remember)
Factor 2 – Password Written Down or
Physically Stored
(what we have/possess)
Effect - A ‘boring legacy password system’
turning into a no-cost light-duty two-factor
authentication system made of ‘what we
know’ and ‘what we have’.
30/Oct/2018 20
A very strong password supposed to not be remembered and written down on a
memo should be viewed as 'what we have', definitely not 'what we remember',
so it could be used as one of the two factors along with a remembered
password.
We could then turn a boring legacy password system into a two factor
authentication system at no cost, just by verifying two passwords at a time,
one volitionally recalled and the other one physically possessed.
When those two different passwords are used as two factors, we could rely on the
strength of a remembered password against physical theft and the strength of a
physically possessed long password against brute force attack, although it is not as
strong against wiretapping as token-based solutions armed with PKI or Onetime
Password.
This could be viewed just as a thought experiment or could actually be considered
for practical application in between a single factor authentication and a costly
heavily-armored 2-factor scheme, or, as a transition from the former to the latter.
It goes without saying that Expanded Password System could be brought in for a good
remembered password.
21. スライド 21 Wrap-Up
Expanded Password System that drfastically alleviates the password fatigue is
supportive of
- Biometrics that require passwords as a fallback means against false rejection
- Two/multi-factor authentications that require passwords as one of the factors
- ID federations such as password managers and single-sign-on services that require
passwords as the master-password
Simple pictorial/emoji-passwords and patterns-on-grid that can all be deployed on our
platform
* All with the effects that handling memorable images makes us feel pleasant and
relaxed
Furthermore,
- Nothing would be lost for the people who want to keep using textual passwords
- It enables us to turn a low-entropy password into a high-entropy authentication data
- It is easy to manage the relation between accounts and the corresponding passwords
- Lastly but not the least, it is democracy-compatible by way of providing the chances
and means to get our own volition confirmed in our identity assurance.
* It is the obligation of democratic societies to provide citizens with the choice to adopt a
secure and yet stress-free identity authentication means that is practicable in any
circumstances, panicky situations in emergencies in particular .
22. スライド 22
As such, there exists a secure and yet stress-
free means of democracy-compatible identity
authentication.
That is Expanded Password System.
Thank You
Hitoshi Kokumai
President, Mnemonic Security, Inc.
kokumai@mneme.co.jp
30/Oct/2018 22
As such, there exists a secure and yet stress free means of democracy-compatible
identity authentication. That is Expanded Password System
I would be happy if you will keep this in mind as one of the takeaways from this
conference.
-----------------------
If you have questions, feel free to catch me whenever you find me.
Thank you very much for your time.