Identity Assurance

There are not a few security professionals who wrongly mix up the layer of ‘authenticators’ with that of ‘deployment of authenticators’, talking as though the former and the latter were competing each other, for example, ‘Multi-Factor Authentication is better than a password’ and ‘ID federation is better than a password’. The password is an ‘authenticator’. So are the token and biometrics. Whereas MFA and ID federation like FIDO and Open ID are ‘deployment of the authenticators’ Expanded Password System is to be found on the layer of 'authenticator', while the likes of Open ID and FIDO are all to be found on the upper layer of 'deployment of authenticators' and, as such, the likes of Open ID and FIDO could naturally be our down-stream partners. There are also some people who wrongly allege that removing an authenticator should increase security.   They are plainly misguided as examined here – “Removal of Passwords and Its Security Effect” https://www.linke...

2 is larger than 1, but not necessarily stronger than 1. https://www.theregister.com/2020/07/20/twitter_security_update_hackers_broke_2fa/ By bringing in the concept of Expanded Password System, we are able to protect important accounts more reliably than conventional 2-factor/step authentications as outlined here – “Advanced Persistent Threats in Digital Identity” https://www.linkedin.com/pulse/advanced-persistent-threats-digital-identity-hitoshi-kokumai/ This is not a hypothesis. It has been quietly but effectively deployed since 2014 for a security-centric corporate network by 1,200 employees.   Needless to say, asymmetric cryptography could be additionally incorporated for yet higher security where needed.

We wish to make our Expanded Password System solutions readily available to all the global citizens: rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disaster. For achieving such global ubiquity, we will need more and more research into such diverse disciplines as psychology, sociology, behavioural economics and brain science in addition to cryptography, safe coding and other security technologies. Your shout would be welcomed if you happen to know researchers who may be interested to include the issue of ‘identity assurance by our own VOLITION and MEMORY’ in their study subjects or if you yourself are interested to join us. We will shortly launch the global operation of promoting Expanded Password System from our headquarters set up in UK and this research program, which should naturally be international, is to play a significant role in it. Linked is my article posted 6 years ago, which might indicate an aspect of what we ...

The probabilistic nature of biometrics comes from the unpredictably variable body features of living animals rather than imperfect algorithms of pattern matching; perfection of pattern matching algorithm would not affect the probabilistic nature of biometrics. Biometrics that measures the probabilistic body features does not escape False Rejection/False Non-Match/False Negative that inevitably comes with False Acceptance/False Match/False Positive.   Since it cannot escape FR/FNM/FN, biometrics cannot escape the dependence on a fallback measure, a default password/pincode in most cases, which brings the security to the level lower than a password/pincode-only authentication. And yet, so many people who need higher security are spending so much money for bringing security down. Click the link for more - https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/

How much of our privacy are we ready to sacrifice in return for DECREASED security, not for increased security? Biometrics vendors seem to be reluctant to make it clearly known that biometrics and a default/fallback password/PIN are used together in a security-lowering ‘two-entrance’ deployment, not in a security-enhancing ‘two-layer’ deployment, in what they call “2-factor” biometrics authentication. The outcome is that we are awkwardly talking about how much of our privacy we could sacrifice in return for the increased security when we actually need to talk about the privacy sacrificed for lowered security. I am wondering how long we stay indifferent to this idiotic and unethical situation. Click the link for more- https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/ ** There are two houses – one with one entrance and the other with two entrances: which is friendlier to burglars who want to sneak into?

https://www.fedscoop.com/phone-cases-security-air-force-disa/ It could be a correct use of biometrics for increasing security if biometrics is used for continuously monitoring the user's voice and behaviors to detect when a bad guy has grabbed the logged-in device from the user. Demand the user's password afresh, and the bad guy could be turned away as discussed here - "Anything used correctly is useful and so are UV, disinfectant and biometrics." https://www.linkedin.com/posts/hitoshikokumai_digital-identity-anything-used-correctly-activity-6663264695664934913-S2FS It could be a wrong use of biometrics for decreasing security if biometrics is used as a second authenticator along with a default password as examined here - "Early models of smartphones were safer than newer models - How come?" https://www.linkedin.com/pulse/early-models-smartphones-were-safer-than-newer-how-come-kokumai Windows Hello for payment authentication would be fi...

2 is larger than 1 but is not necessarily stronger than 1, as two children could be overwhelmed by a grown-up. For a two-factor authentication to be really reliable, each factor should be reasonably secure and usable enough. On the other hand, ‘password-less’ authentication, however attractive it might sound, would only benefit bad guys as examined in the link page - https://www.linkedin.com/pulse/removal-passwords-its-security-effect-hitoshi-kokumai/ People who offer a token as 'a factor' of two factor authentication schemes could all be viewed as our potential down-stream partners. Among them are the people who offer FIDO2-compatible solutions. Put together, we could come up with the two-factor authentications that are much more reliable than otherwise.

The world badly requires a ‘hard-to-forget’, ‘hard-to-break’ and ‘panic-proof’ authentication measure. But the media are continually promoting the hypes. Sadly, it seems that so many biz/tech media are so heavily dependent on the ad money from super-spreaders of hypes who are very rich from spreading hypes. Quick Money from False Sense of Security – Ethically Dubious Business Practice - https://www.linkedin.com/pulse/quick-money-from-false-sense-security-ethically-dubious-kokumai/

Having been talking for some time about the headquarters to be set up for global operations of Expanded Password System (EPS), we have now chosen UK as the venue in view of its reputed R&D infrastructure. We are putting together diverse brains from multiple disciplines - psychology, sociology, behavioral economics as well as tamper-proof programming, cryptography and other security-intelligence technologies in the common language in view of our mission of globally promoting identity assurance by our own volition and memory for secure digital identity in post-pandemic cyberspace, The aim of our enterprise is to make EPS solutions readily available to all the global citizens: rich and poor, young and old, healthy and disabled, literate and illiterate, in peace and in disasters. Here is a summary and brief history of Expanded Password System since 2000 when I first thought of making use of our episodic image memory for identity authentication. Key references are mentione...

Expanded Password System, however solid the theory is, would be vulnerable to attacks when it is poorly implemented. Very fortunately, our first client in Japan who adopted Expanded Password System for 140,000 shoppers (designed for one million users) was extremely demanding about the implementation.   We had to satisfy them and actually satisfied them with the solid implementation.   Another major client is Japanese army. We naturally had to be very confident about the good implementation. For both theory and implementation, we owe a lot to Emeritus Prof. Hideki Imai, who was the chairperson of Japan’s CRYPTREC and also a cryptography advisor to the defense forces when we first met in 2001.   He pushed my back to move ahead confidently with promotion of Expanded Password System, and helped me a lot with several joint research programs until he retired from Tokyo University. It is from him that I came to know about the likes of Elliptic Curve Cryptography. E...

A telecom company who built a payment system designed for a million online shoppers adopted EPS for accepting ‘Hard-to-Forget’ and yet ‘Hard-to-Break’ credentials and for reducing the helpdesk cost drastically. Actually 140,000 online shoppers enjoyed the no friction login before the payment system was closed in 2008. An IT corporation who built a security-conscious corporate network adopted EPS deployed in 2-channel/2-factor scheme for accepting ‘Very Hard-to-Break’ and yet ‘Hard-to-Forget’ credentials. 1,200 employees are still enjoying the good balance of security and usability. Japan’s Self-Defense Ground Forces, aka Army, adopted our product for accepting ‘Panic-Proof’ and yet ‘Hard-to-Break’ credentials. The number of licenses has increased more than 10-fold over the 7-year period from 2013 and is set to increase further. We expect to see similar adoptions in hundreds or thousands of times larger scale once we start the operation in the global market from the headqu...

Prof. Hideki Imai, who pushed my back to move ahead confidently in 2001 when he was the chair of Japan’s CRYPTREC, used to emphasize repeatedly how critical it is to get the credential data hashed whether online or offline. It is from him that I learnt about Deffie-Hellman Key Exchange, Elliptic Curve Cryptography, etc. We jointly tried the methodology of using the high-entropy credential data generated by Expanded Password System (EPS) as the seed of RSA key pair; the user's private key does not physically exist anywhere in the universe, but it can be re-generated in-the-fly out of the images that the user picks up for authentication for each login. It proved to work on the internet. Thereafter, we took up the experiment of incorporating EPS into PAKE.   We were able to demonstrate that it worked with no friction in the lab environment. These projects, sponsored by government agencies, were completed in 2003 – 2004.   In retrospect, we seem to have started these...

It appears that quite a few biometrics people confidently allege that they do not rely on a fallback password or any backup measure. In most cases, judging from my experience of dealing with biometrics people for nearly 20 years, those people are simply indifferent to the fact that the default password, which was quietly embedded in their authentication systems from the beginning, functions as a fallback password when the user gets rejected by the biometrics. Here, indifference and ignorance might be one of their most powerful weapons for their active sales operations. https://www.linkedin.com/pulse/early-models-smartphones-were-safer-than-newer-how-come-kokumai

I referred to ‘on-the-fly’ key regeneration in my earlier post “Cryptography and Expanded Password System” - https://www.linkedin.com/posts/hitoshikokumai_identity-authentication-password-activity-6678120452411531264-tfCF The core logic is so simple and plain that this non-technology man was able to come up with overnight. I do not think it needs to be kept confidential. Each image is represented by a very long identifier data.   The entropy of the identifier data summed up out of the several images the use picks up is very high to the extent that it works as the seed for generating unique encryption key. Once the key gets generated and used for encryption, the seed and key will be eliminated while the software program remembers the formula for calculation.   For decryption, the user picks up the correct images, the identifier data getting summed up to generate the seed, which will be put into the formula to calculate the key.   The seed and key will be ...

The following questions are answered in this update. -What do we think makes ‘what we are’? -Does it make sense to compare different authenticators? -Are you sure that the password is easy to crack? -How different is ‘hard-to-forget’ from ‘easy-to-remember’? -What impact the computing power has on the processing of secret credentials? -What are ‘necessary’ and ‘sufficient’ conditions for reliable identity assurance? -Does a solid theory warrant a solid implementation? -What role cryptography plays for Expanded Password System? -What is ‘on-the-fly’ key regeneration? -Is Expanded Password System complementary to FIDO2? -What can ‘probabilistic authenticators’ achieve in cyberspace? -How different is ‘Another Layer’ from ‘Another Entrance’? -Is a default password different from a fallback password? -Why so many people do not hesitate to sacrifice privacy for decreased security? -What are correct use cases of biometrics? -Why is UK adopted as the ve...

The situation still the same, I bring back an article posted 13 months ago. From one view angle, biometrics would be harmful for ‘privacy’ if as accurate as claimed or would be harmful for ‘security’ if not so accurate. From another view angle, biometrics is harmful for ‘both security and privacy’ irrespective of whether accurate or inaccurate. Click the link for more - https://www.linkedin.com/pulse/security-vs-privacy-hitoshi-kokumai

Last November I examined the issue of spoofing and liveness detection from the view point of the trade-off between False Acceptance/False Match (FA/FM) and False Rejection/False Non-Match (FR/FNM). I bring it back in view of the yet bigger noises around fruitless arguments. Below is the conclusion. Spoofing is another factor to raise FA/FM rates and Liveness Detection is another factor to raise FR/FNM rates; the presence of FR/FNM forcing the users to rely on a fallback measure, a default password/pincode in most cases, which brings down the overall security to the level lower than the authentication by a default password/pincode alone. That’s all. Click the link for more - https://www.linkedin.com/pulse/spoofing-liveness-detection-biometrics-hitoshi-kokumai/

https://www.linkedin.com/pulse/text-password-lamentable-blamable-hitoshi-kokumai/ Very probably, global populations will be far more dependent on Digital Identity in the Post-Covid19 era that our life will be far less dependent on geographical move of people -   fewer face-to-face meetings, less commute, fewer travels and far more dependent on telemedicine, telework and many other tele-something, while threats of Big Brothers by rogue governments, greedy corporations and crime syndicates will be yet greater than ever. Self-Sovereign Identity, expected to play a critical role in the highly complex situations, would require not just the distributed ledger technology but the most reliable identity authentication if it is to be truly valid and sustainable. Our responsibility of providing ‘hard-to-forget’, ‘hard-to-break’ and ‘stress-proof’ authentication will be heavy. First up, we need to re-define “What We Are” https://www.linkedin.com/pulse/external-body-featur...

It has long been asserted that there are three components for identity authentication – ‘What We Remember’ (Secret Credential), ‘What We Have’ (Tokens) and ‘What We Are ‘(Body Features). Feeding a correct secret credential is under our control.   So is presenting a correct token to some extent. But our body features are just beyond our control.   Wouldn’t it be more appropriate to call it ‘What Our Body Features Are’? ‘ What we remember’ and ‘What we have’, which are both deterministic, can be used together in a security-enhancing ‘two-layer’ deployment, whereas probabilistic ‘what our body features are’ can actually be used with another factor only in a security-lowering ‘two-entrance’ deployment. We practically have two factors of ‘what we remember’ and ‘what we have’ as valid authenticators, with ‘what our body features are’ counted in cyberspace as an optional tool to increase convenience at the sacrifice of security. It might sound a bit outrageous to th...

https://www.theregister.co.uk/2020/05/05/logmein_password_survey/ Anything used wrongly is harmful and so are UV, disinfectant and passwords. We would be unable to dissuade those individuals from re-using the same passwords across multiple accounts unless we are able to offer them practicable alternatives. More discussed at “Text Password - Lamentable, Not Blamable” https://www.linkedin.com/pulse/text-password-lamentable-blamable-hitoshi-kokumai/

Anything used correctly is useful and so are UV, disinfectant and biometrics. Identification in physical space of personnel at critical facilities could be a correct use of biometrics. Another correct use is detection of suspicious guys who try to take over the logged-in device while the user is away. Behavioral biometrics could help here; suspicious behavior detected, the guy handling the device would be asked to feed a password for fresh login. If the biometrics used in cyber space are explicitly declared to bring down security in return for increased convenience, it would be a correct use case.   On the other hand, it is definitely wrong and unethical to declare that biometrics used with a default/fallback password/PIN will increases security.   Mixing up the security-lowering 'multi-entrance' deployment of two factors with the security-enhancing 'multi-layer' deployment would bring a serious false sense of security that is worse than a lack of security...

It is not easy to define the 'sufficient condition' for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes. But we are easily able to define the 'necessary condition'; it is that the 'secret credential', i.e., the likes of passwords, is absolutely indispensable for the processes to stay reliable, without which identity assurance would be a disaster. Using another authenticator together with the secret credential does not automatically bring a higher security; The positive security effects of using two authenticators in ‘two-layer’ deployment is obvious, whereas the negative security effect of using two authenticators in’ two-entrance’ deployment is also obvious. Click the link for more https://www.linkedin.com/pulse/identity-assurance-sufficient-necessary-conditions-hitoshi-kokumai/

The deterministic authentication factors such as 'Yes or No' on the possession of correct tokens can be deployed as ‘ANOTHER LAYER’ for more secure digital identity, and so can ’Yes or No’ on the feed of correct passwords.   But we have not heard of the cases that the probabilistic factors such as fingerprints, selfies, irises and veins are deployed as ‘another layer' in cyberspace.   We only hear of the cases that biometrics sensing is deployed as ‘ANOTHER ENTRANCE', which only brings down the reliability of the identity authentication. Click the link for more - https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/

Question: Which proposition do you think is better as the second factor of 2-factor authentications? Answer: All depend on where you see the better balance between security and convenience for each use case. We could see a merit of physical tokens or hardware keys as against OTP messaging that is relatively more vulnerable in the online environment, but we could also see its demerit ; When we have dozens of accounts to protect, would we have to carry around a big bunch of hardware keys which could physically catch a quick eye of bad guys or would we have to re-use one or a few hardware keys across many accounts, physically creating a single point of failure? In order to overcome this conflict, we came up with our own proposition of 2-channel/2-factor authentication for achieving an optimal balance between security and convenience at a higher level, which was implemented for a corporate network 6 years ago and is still running. Click the link for more https://www.lin...

Quite a few security professionals say ‘Yes’ very loudly.   We would say that a ‘hard-to-crack’ password is hard to crack and an ‘easy-to-crack’ password is easy to crack , just as strong lions are strong and weak lions are weak; look at the cubs, inured and aged.   However hard or easy to manage, the password is absolutely indispensable, without which digital identity would be just a disaster.   We need to contemplate on how to make the password harder to crack while making it harder to forget. Hard-to-forget passwords will help for teleworking in stressful situations like pandemic. We were unfortunately late for Covid-19. We or our successors will hopefully be ready for the next outbreak. This subject and related issues are discussed on Payments Journal, InfoSec Buzz and Risk Group https://www.paymentsjournal.com/easy-to-remember-is-one-thing-hard-to-forget-is-another/