Biometrics & False Sense of Security

•Transferir como PPT, PDF•

0 gostou•680 visualizações

Biometrics and password operated together by OR/Disjunction only increases the convenience by bringing down the security. Mixing up the case of OR/Disjunction with that of AND/Conjunction, we would be trapped in a false sense of security (We wrongly feel safer when we are actually less safe).

Tecnologia

Biometrics
&
False Sense of Security
Can it be true that
Two-factor Authentication of
Biometrics and Password
actually provide stronger authentication?

(A and B) or (A or B)
Biometrics could help for better security
ONLY WHEN it is operated together with a
password by AND/Conjunction (we need to go
through both of the two),
NOT WHEN operated with a password by
OR /Disjunction (we need only to go through
either one of the two) as in the cases of most
of the biometric products on the market.

False Sense of Security
Biometrics and password operated together
by OR/Disjunction only increases the
convenience by bringing down the security.
Mixing up the case of OR/Disjunction with
that of AND/Conjunction, we would be
trapped in a false sense of security (We
wrongly feel safer when we are actually less
safe).

Recommendations
The false sense of security is often worse
than the lack of security itself.
Biometric solutions could be recommended
to the people who want convenience but
should not be recommended to those who
need security in cyber space.
2nd
August, 2015
Hitoshi Kokumai

More about “OR/Disjunction”
Biometric sensors and monitors, whether static, behavioral or
electromagnetic, can theoretically be operated together with passwords
in two ways, (1) by AND/conjunction or (2) by OR/disjunction.
The cases of (1) are hardly known in the real world because the falsely
rejected users would have to give up the access altogether even if they
can recall their passwords.
Most of the biometric products are operated by (2) so that the falsely
rejected users can unlock the devices by registered passwords. This
means that the overall vulnerability of the product is the sum of the
vulnerability of biometrics (x) and that of a password (y).
The sum (x + y - xy) is necessarily larger than the vulnerability of a
password (y), say, the devices with biometric sensors are less secure
than the devices protected by a password-only authentication.
Appendix

Mais conteúdo relacionado

Destaque

A protecção social dos trabalhadores, Isabel Viseu

Novembro creche

Novembro jardim

Parentalidade

Introducing a basic Privacy framework of purpose and consent, this presentation continues with exploring data minimization opportunities and related internal procedures to assure this framework is respected and aligned with global regulation. Arguing that in light of increased data collection, the very notion of PII or personal information is more than a blurry concept and that de-identification of data is not as easy as it is suggested to be, the conversation should evolve towards the particular context within which data is being used. The question to ask then becomes “what risk does an individual face if her data is used in a particular way?” Borrowing from Spanish information security best practices and in the light of increasing data breach regulations, the presentation examines how data flows should ideally be defined and secured in order to assure accountability through an entire data lifecycle. Such a lifecycles must also include evolving legislative minimal and maximum data retention periods after which action needs to be taken, either through anonymization of collected and used data or through its thorough deletion. Last but not least, data transits through multiple systems, hosted within multiple environments, ranging from internal and national to international cloud based solutions. Each actor of this data chain has a role to play and responsibility to abide by in order to assure compliance and mitigate risk.

A Framework of Purpose and Consent for Data Security and Consumer Privacy

Aurélie Pols

Defining the SAM Pro’s Role in Data Privacy As software and IT asset managers gather increasing amounts of data about employee use of company systems, concerns arise over employee privacy. How can the need to monitor access to software and systems be balanced with local legislation designed to protect employees' privacy rights in the work place? This is the concern attendees at the 2014 SAM Summit London will discuss in a keynote session with European privacy and digital analytics specialist Aurélie Pols, co-founder and chief visionary officer at Mind Your Privacy. "As more employers let workers bring their own devices to the office or access company data in the cloud from home, software asset managers are faced with a new task," says Pols. "They have to ensure that the measurements and controls put in place to secure data and license compliance, are not violating employee privacy." An employee's right to privacy is defined in local law, posing a challenge for companies that operate throughout Europe. Spain has one of the strictest data protection laws in Europe, notes Pols, who is based in Madrid. "When it comes to fines issued by data protection authorities in Europe, Spain accounts for 80 percent of them," she says. This has turned Spain into a country where corporate lawyers, and IT managers, make sure they have the right processes in place to avoid the legal risks surrounding improper data collection and use. The Spanish model has become the ideal to apply to client environments throughout Europe, notes Pols. " We try to find the best and most homogenous set of data governance practices that will work worldwide to ensure minimal risk—and maximum compliance." Best practices of data use The first data governance challenge for software and IT asset management professionals is to define what kind of data they are collecting from their workforce and how it will be used. "Of course the software asset manager wants to track employee usage to ensure that data is not leaked or improperly accessed, but a subset of this activity is that suddenly you have data about what employees are doing," notes Pols. "This can run afoul of privacy laws unless there's close collaboration with the HR department." Companies are now faced with the question: Do we want to use this data on employee activity, and if so, for what purpose? Do we want to use it within certain teams to assess whether certain employees are productive? Do we want to use this to assure that they are using the right processes? "Before you measure, you need to know what and why you’re measuring," says Pols. "Although the software asset manager isn’t going to be looking at this employee data, they do need to ensure that any data collected is done in accordance with local laws."

Storm on the Horizon: Data Governance & Security vs. Employee Privacy

Aurélie Pols

Dimensionamento bt

Daniel Santos

Fevereiro creche

patronatobonanca

¿Directivos en su torre de marfil?

Santiago Garcia

Customers in the cloud pulse final

FLUZO

Biografía de manuel elkin patarroyo

Camilo Alvarez Medina

Destaque (11)

A protecção social dos trabalhadores, Isabel Viseu

Novembro creche

Novembro jardim

Parentalidade

A Framework of Purpose and Consent for Data Security and Consumer Privacy

Storm on the Horizon: Data Governance & Security vs. Employee Privacy

Dimensionamento bt

Fevereiro creche

¿Directivos en su torre de marfil?

Customers in the cloud pulse final

Biografía de manuel elkin patarroyo

Mais de Hitoshi Kokumai

Image data of a picture that the user picks up will be hashed by the likes of Sha256 Sha-hashed data of the selected several pictures will be put together and hashed by the likes of Argon2id The Argon2id-hashed data will be outputted as the code to be used as a password, a crypto key, a master-password or something else depending on use cases. With unique salts added, a number of derivative codes can be automatically generated from the first code in a single process

Image-to-Code Converter 31July2023.pptx

Hitoshi Kokumai

More Issues on Digital Identity (24Feb2023)

Hitoshi Kokumai

Fend Off Cyberattack with Episodic Memory (24Feb2023)

Hitoshi Kokumai

Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun Our company, Mnemonic Identity Solutions Limited (MIS), set up in August 2020 in United Kingdom for global operations, is a Start-Up as a corporation but it’s more than a Start-Up as a business entity. We set it up in order to globally expand what its predecessor named Mnemonic Security, Inc. started in Japan in late 2001. We have a 20 years long pre-history of technology development, product making and commercial implementations with some US$1 million sales. Our champion use case is Japanese Army deploying our product on field vehicles since 2013 and still using it. At MIS we are now going to help global citizens fend off cybercrime by their non-volatile episodic memory, with the values of democracy. < Video Link > Fend Off Cybercrime by Episodic Memory (90 seconds) https://youtu.be/T1nrAlmytWE MnemonicGateways (90 seconds) https://youtu.be/0nNIU4uYl94 High-Security Operation on PC for managers (4m28s) https://www.youtube.com/watch?v=UO_1fEp2jFo < Document Link > Power of Citizens’ Episodic Memory https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/ LOSS of Security Taken for GAIN of Security https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/

Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022

Hitoshi Kokumai

An updated version is available from 30/Aug/2022 at https://www.slideshare.net/HitoshiKokumai/slide-share-updated-fend-off-cybercrime-with-episodic-memory-29aug2022 .................................................. Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun <Reference URL> - Video 90-second introductory video; Fend Off Cybercrime by Episodic Memory　　(4/Feb/2022) https://youtu.be/T1nrAlmytWE 90-second demonstration video: Mnemonic Gateways (10/Feb/2022) https://youtu.be/0nNIU4uYl94 - Blog collections Power of Citizens’ Episodic Memory https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/ LOSS of Security Taken for GAIN of Security https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/ Biometrics Unravelled | password-dependent password-killer https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/ - Hitoshi Kokumai's profile https://www.linkedin.com/in/hitoshikokumai/

Fend Off Cybercrime with Episodic Memory

Hitoshi Kokumai

Bring healthy second life to legacy password system

Hitoshi Kokumai

Intriguing Evlolution from One to Two and Back to One

Hitoshi Kokumai

Cyber Predicament by Text-Only Password Systems

Hitoshi Kokumai

The volitional password is absolutely necessary where the democratic values matter (*1). whereas the conventional password is hated as everybody agrees. This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice. We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters. This is the updated version of the slide used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam (*2). P20 for "Deterrence to Targeted Phishing" has been added. *1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia. *2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview <Link to Videos > 80-second video https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be 30-second video https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be

Updated: Presentation with Scripts at CIW2018

Hitoshi Kokumai

The volitional password is absolutely necessary（where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees). This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice. We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters. This slide was used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2 *1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia. *2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview <Link to Videos > 80-second video https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be 30-second video https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be

Presentation with Scripts at CIWEU2018

Hitoshi Kokumai

The volitional password is absolutely necessary（where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees). This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice. We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters. This is the slide I used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2 *1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia. *2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview <Link to Videos > 80-second video https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be 30-second video https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be

Updated: Identity Assurance by Our Own Volition and Memory

Hitoshi Kokumai

Deployment of Biometrics & Password - NIST63B

Hitoshi Kokumai

So long as the biometrics is backed up by a fallback password, irrespective of which are more accurate than the others, its security is lower than that of a password-only authentication. Then, we have to wonder why and how the biometrics has been touted as a security-enhancing tool for so long, with so many security professionals being silent about the fact. It appears that we may have got some clues to this conundrum.

Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...

Hitoshi Kokumai

It appears that NIST is of the view that a house with two entrances placed in parallel, not in tandem, is less vulnerable to burglars than a one-entrance house. We are unable to understand their logic behind such observations. We wonder if some of you can help unravel this conundrum. You might also be interested in these short videos:: - Biometrics in Cyber Space - "below-one" factor authentication https://youtu.be/wuhB5vxKYlg - Six Reasons to Believe Biometrics Don't Ruin Cyber Security https://youtu.be/lODTiO2k8ws

Help unravel the conundrum over NIST authentication guideline

Hitoshi Kokumai

Mais de Hitoshi Kokumai (14)

Image-to-Code Converter 31July2023.pptx

More Issues on Digital Identity (24Feb2023)

Fend Off Cyberattack with Episodic Memory (24Feb2023)

Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022

Fend Off Cybercrime with Episodic Memory

Bring healthy second life to legacy password system

Intriguing Evlolution from One to Two and Back to One

Cyber Predicament by Text-Only Password Systems

Updated: Presentation with Scripts at CIW2018

Presentation with Scripts at CIWEU2018

Updated: Identity Assurance by Our Own Volition and Memory

Deployment of Biometrics & Password - NIST63B

Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as again...

Help unravel the conundrum over NIST authentication guideline

Último

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Dubai, often portrayed as a shimmering oasis in the desert, faces its own set of challenges, including the occasional threat of flooding. Despite its reputation for opulence and modernity, the emirate is not immune to the forces of nature. In recent years, Dubai has experienced sporadic but significant floods, testing the resilience of its infrastructure and communities. Among the critical lifelines in this bustling metropolis is the Dubai International Airport, a bustling hub that connects the city to the world. This article explores the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...

Orbitshub

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Zilliz

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

DBX First Quarter 2024 Investor Presentation

Dropbox

Biometrics & False Sense of Security

1. Biometrics & False Sense of Security Can it be true that Two-factor Authentication of Biometrics and Password actually provide stronger authentication?

2. (A and B) or (A or B) Biometrics could help for better security ONLY WHEN it is operated together with a password by AND/Conjunction (we need to go through both of the two), NOT WHEN operated with a password by OR /Disjunction (we need only to go through either one of the two) as in the cases of most of the biometric products on the market.

3. False Sense of Security Biometrics and password operated together by OR/Disjunction only increases the convenience by bringing down the security. Mixing up the case of OR/Disjunction with that of AND/Conjunction, we would be trapped in a false sense of security (We wrongly feel safer when we are actually less safe).

4. Recommendations The false sense of security is often worse than the lack of security itself. Biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security in cyber space. 2nd August, 2015 Hitoshi Kokumai

5. More about “OR/Disjunction” Biometric sensors and monitors, whether static, behavioral or electromagnetic, can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. The cases of (1) are hardly known in the real world because the falsely rejected users would have to give up the access altogether even if they can recall their passwords. Most of the biometric products are operated by (2) so that the falsely rejected users can unlock the devices by registered passwords. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y - xy) is necessarily larger than the vulnerability of a password (y), say, the devices with biometric sensors are less secure than the devices protected by a password-only authentication. Appendix

6. More about “OR/Disjunction” Biometric sensors and monitors, whether static, behavioral or electromagnetic, can theoretically be operated together with passwords in two ways, (1) by AND/conjunction or (2) by OR/disjunction. The cases of (1) are hardly known in the real world because the falsely rejected users would have to give up the access altogether even if they can recall their passwords. Most of the biometric products are operated by (2) so that the falsely rejected users can unlock the devices by registered passwords. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y - xy) is necessarily larger than the vulnerability of a password (y), say, the devices with biometric sensors are less secure than the devices protected by a password-only authentication. Appendix

Biometrics & False Sense of Security

Recomendados

Recomendados

Mais conteúdo relacionado

Destaque

Destaque (11)

Mais de Hitoshi Kokumai

Mais de Hitoshi Kokumai (14)

Último

Último (20)

Biometrics & False Sense of Security