Skip to main content

Identity Assurance - Sufficient and Necessary Conditions


It is not easy to define the 'sufficient condition' for describing a set of processes used to establish that a natural person is real, unique, and identifiable; criminals keep coming up with hitherto unknown weapons to compromise the said processes.

But we are easily able to define the 'necessary condition'; it is that the 'secret credential', i.e., the likes of passwords, is absolutely indispensable for the processes to stay reliable, without which identity assurance would be a disaster.

Using another authenticator together with the secret credential does not automatically bring a higher security; The positive security effects of using two authenticators in ‘two-layer’ deployment is obvious, whereas the negative security effect of using two authenticators in’ two-entrance’ deployment is also obvious.

Click the link for more
https://www.linkedin.com/pulse/identity-assurance-sufficient-necessary-conditions-hitoshi-kokumai/


Comments

Post a Comment

Popular posts from this blog

‘Authenticators’ and ‘Deployment of Authenticators’

There are not a few security professionals who wrongly mix up the layer of ‘authenticators’ with that of ‘deployment of authenticators’, talking as though the former and the latter were competing each other, for example, ‘Multi-Factor Authentication is better than a password’ and ‘ID federation is better than a password’. The password is an ‘authenticator’. So are the token and biometrics. Whereas MFA and ID federation like FIDO and Open ID are ‘deployment of the authenticators’ Expanded Password System is to be found on the layer of 'authenticator', while the likes of Open ID and FIDO are all to be found on the upper layer of 'deployment of authenticators' and, as such, the likes of Open ID and FIDO could naturally be our down-stream partners. There are also some people who wrongly allege that removing an authenticator should increase security.   They are plainly misguided as examined here – “Removal of Passwords and Its Security Effect” https://www.linke...
Post a Comment
Read more

Volition, Practicability & Confidentiality for Digital Identity

Indispensable for Identity Assurance are 1.   Volition of the User 2.   Practicability of the Means 3.   Confidentiality of the Credentials 1.   Identity authentication with no confirmation of the user’s volition would lead to a world where criminals and tyrants dominate citizens. https://youtu.be/UJDBZpX1a0U   (30 seconds) https://www.valuewalk.com/2017/08/nist-password/ 2.   Mathematical strength of a security means makes sense so long as the means is practicable for us Homo sapiens. https://www.youtube.com/watch?v=Q8kGNeIS2Lc    (100 seconds) https://www.slideshare.net/HitoshiKokumai/password-fatigue-and-expanded-password-system 3.   The credentials for identity authentication must be ‘secret’, not ‘ unique’ https://pentestmag.com/make-sure-not-mix-identification-authentication/ Any one of them missing, it would not qualify as a valid identity authentication means. Claiming otherwise would end up w...
Post a Comment
Read more

Probabilistic Is Human Body, Not Pattern-Matching Algorithm

The probabilistic nature of biometrics comes from the unpredictably variable body features of living animals rather than imperfect algorithms of pattern matching; perfection of pattern matching algorithm would not affect the probabilistic nature of biometrics. Biometrics that measures the probabilistic body features does not escape False Rejection/False Non-Match/False Negative that inevitably comes with False Acceptance/False Match/False Positive.   Since it cannot escape FR/FNM/FN, biometrics cannot escape the dependence on a fallback measure, a default password/pincode in most cases, which brings the security to the level lower than a password/pincode-only authentication. And yet, so many people who need higher security are spending so much money for bringing security down. Click the link for more - https://www.linkedin.com/pulse/negative-security-effect-biometrics-deployed-hitoshi-kokumai/
Post a Comment
Read more