Biometrics - Spoofing and Liveness Detection

Last November I examined the issue of spoofing and liveness detection from the view point of the trade-off between False Acceptance/False Match (FA/FM) and False Rejection/False Non-Match (FR/FNM). I bring it back in view of the yet bigger noises around fruitless arguments.

Below is the conclusion.

Spoofing is another factor to raise FA/FM rates and Liveness Detection is another factor to raise FR/FNM rates; the presence of FR/FNM forcing the users to rely on a fallback measure, a default password/pincode in most cases, which brings down the overall security to the level lower than the authentication by a default password/pincode alone.

That’s all.

Click the link for more - https://www.linkedin.com/pulse/spoofing-liveness-detection-biometrics-hitoshi-kokumai/

Comments

‘Authenticators’ and ‘Deployment of Authenticators’

There are not a few security professionals who wrongly mix up the layer of ‘authenticators’ with that of ‘deployment of authenticators’, talking as though the former and the latter were competing each other, for example, ‘Multi-Factor Authentication is better than a password’ and ‘ID federation is better than a password’. The password is an ‘authenticator’. So are the token and biometrics. Whereas MFA and ID federation like FIDO and Open ID are ‘deployment of the authenticators’ Expanded Password System is to be found on the layer of 'authenticator', while the likes of Open ID and FIDO are all to be found on the upper layer of 'deployment of authenticators' and, as such, the likes of Open ID and FIDO could naturally be our down-stream partners. There are also some people who wrongly allege that removing an authenticator should increase security. They are plainly misguided as examined here – “Removal of Passwords and Its Security Effect” https://www.linke...

Probabilistic Is Human Body, Not Pattern-Matching Algorithm

The probabilistic nature of biometrics comes from the unpredictably variable body features of living animals rather than imperfect algorithms of pattern matching; perfection of pattern matching algorithm would not affect the probabilistic nature of biometrics. Biometrics that measures the probabilistic body features does not escape False Rejection/False Non-Match/False Negative that inevitably comes with False Acceptance/False Match/False Positive. Since it cannot escape FR/FNM/FN, biometrics cannot escape the dependence on a fallback measure, a default password/pincode in most cases, which brings the security to the level lower than a password/pincode-only authentication. And yet, so many people who need higher security are spending so much money for bringing security down. Click the link for more - https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/

Volition, Practicability & Confidentiality for Digital Identity

Indispensable for Identity Assurance are 1. Volition of the User 2. Practicability of the Means 3. Confidentiality of the Credentials 1. Identity authentication with no confirmation of the user’s volition would lead to a world where criminals and tyrants dominate citizens. https://youtu.be/UJDBZpX1a0U (30 seconds) https://www.valuewalk.com/2017/08/nist-password/ 2. Mathematical strength of a security means makes sense so long as the means is practicable for us Homo sapiens. https://www.youtube.com/watch?v=Q8kGNeIS2Lc (100 seconds) https://www.slideshare.net/HitoshiKokumai/password-fatigue-and-expanded-password-system 3. The credentials for identity authentication must be ‘secret’, not ‘ unique’ https://pentestmag.com/make-sure-not-mix-identification-authentication/ Any one of them missing, it would not qualify as a valid identity authentication means. Claiming otherwise would end up w...

Identity Assurance

Search This Blog