Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Updated: Presentation with Scripts at CIW2018

206 views

Published on

The volitional password is absolutely necessary where the democratic values matter (*1). whereas the conventional password is hated as everybody agrees.

This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.

We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.

This is the updated version of the slide used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam (*2). P20 for "Deterrence to Targeted Phishing" has been added.

*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.

*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview

<Link to Videos >

80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be

30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Updated: Presentation with Scripts at CIW2018

  1. 1. 1 Identity Assurance by Our Own Volition and Memory The safety of our cyber life depends on identity assurance which in turn relies on remembered passwords Hitoshi Kokumai President, Mnemonic Security, Inc. kokumai@mneme.co.jp Enabling Self-Sovereign Identity 13/Nov/2018 Our identity as human being is made of our autobiographic memory Hello, I am Hitoshi Kokumai, advocate of ‘Identity Assurance by Our Own Volition and Memory’. I’ve been promoting this principle for 17 years now. And, this principle now makes the foundation for the emerging concept of Self-Sovereign Identity. However, this principle would be a pipe dream if it is not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun.
  2. 2. 2 The problem: passwords could work – but they need help Passwords are Hard to manage And yet, absolutely necessary Identity theft and security breaches are proliferating A critical problem requiring urgent practical solutions 13/Nov/2018 We have a big headache. Passwords are hard to manage, and yet, the passwords are absolutely necessary. Why? That’s because democracy would be lost where the password was lost and we were deprived of the chances and means of getting our own volition confirmed in having our identity authenticated. When authentication happens without our knowledge or against our will, it is a 1984-like Dystopia. It seems that the word ‘password’ is poly-semantic and context-dependent. Sometimes it’s narrowly interpreted as ‘remembered text password’ and sometimes it’s taken broadly as ‘whatever we remember for authentication’. Please interpret this word ‘password’ from the context in my presentation as well. Identity theft and security breaches are proliferating. This critical problem requires urgent practical solutions.•@•@
  3. 3. 3 There are several known pictures in the matrix I can easily find all of them right away Only I can select all of them correctly Expanded Password System Broader choices: images AND characters Torturous login is history. Login is now comfortable, relaxing and healing. Easy to manage relations between accounts and corresponding passwords. There are several known pictures in the matrix I can easily find all of them right away Only I can select all of them correctly Expanded Password System Broader choices: images AND characters Torturous login is history. Login is now comfortable and even fun. Easy to manage relations between accounts and corresponding passwords. 13/Nov/2018 Our proposition is Expanded Password System. In the matrix, there are several KNOWN images.•@I can easily find all of them right away. Or, rather, the KNOWN images jump into my eye. And, only I can select all of them correctly. We can use both images and characters. It’s easy to manage the relation between accounts and the corresponding passwords. Torturous login is history. It’s now comfortable and even fun. I’ll talk more about these points later.
  4. 4. 4 A Fun Way to Enhance Your Passwords A fun first step • Get the images in your password matrix registered. It’s easy. Huge Improvement • Password fatigue alleviated for all • Better security for password-managers and SSO services • Even better security for two/multi-factor authentications • Less vulnerable security for biometric products Backward-Compatible • Nothing lost for users who wish to keep using text passwords. 13/Nov/2018 Indispensable though unloved. Passwords could be both secure and stress-free. It’s a fun way to enhance your passwords. Get the images in your matrix registered. It’s easy. People who enjoy handling images will gain both better security and better convenience. The only extra effort required is to get these images registered; but people already do that across social media platforms and seem to love it.•@ Then, huge improvement. Password fatigue would be alleviated for all. Better security for password mangers and single-sign-on services. Even better security for multi-factor authentications. Less vulnerable security for biometrics. And, It’s backward-compatible. Nothing would be lost for the people who wish to keep using text passwords.
  5. 5. 5 We Need a Broader Choice If only text and # are OK It’s a steep climb … to memorize text/number passwords to lighten the load of text passwords to make use of memorized images 3UVB9KUW 【Text Mode】 【Graphics Mode】 【Original Picture Mode】 Recall the remembered password Recognize the pictures remembered in stories Recognize the unforgettable pictures of episodic memories Think of all those ladders you have to climb in Donkey Kong ;-) Low memory ceiling Very high memory ceilingHigh memory ceiling + + 13/Nov/2018 Shall we have a bit closer look at what it offers? So far, only texts have been accepted. It was, as it were, we have no choice but to walk up a long steep staircase. With Expanded Password System, we could imagine a situation that escalators and elevators are provided along with the staircase. Or, some of us could think of all those ladders we have for climbing in Donkey Kong. Where we want to continue to use textual passwords, we could opt to recall the remembered passwords, although the memory ceiling is very low,. Most of us can manage only up to several of them. We could opt to recognize the pictures remembered in stories where we want to reduce the burden of textual passwords. The memory ceiling is high, say, we would be able to manage more and more of them. Where we choose to make use of episodic image memory, we would only need to recognize the unforgettable images, say, KNOWN images. There is virtually no memory ceiling, that is, we would be able to manage as many passwords as we like, without any extra efforts.
  6. 6. 6 Volition and Memory (1) Volition of the User – with Self-Determination (2) Practicability of the Means – for Use by Homo sapiens (3) Confidentiality of the Credentials – by ‘Secret’ as against ‘Unique’ 13/Nov/2018 We are of the belief that there must be three prerequisites for identity assurance. First of all, identity assurance with NO confirmation of the user’s volition would lead to a world where criminals and tyrants dominate citizens. Democracy would be dead where our volition was not involved in our identity assurance.•@We must be against any attempts to do without what we remember, recall , recognize and feed to login volitionally. Secondly, mathematical strength of a security means makes sense so long as the means is practicable for us Homo sapiens. A big cake could be appreciated only if it’s edible. Thirdly, being ‘unique’ is different from being ‘secret’. ‘Passwords’ must not be displaced by the likes of ‘User ID’. I mean, we should be very careful when using biometrics for the purpose of identity authentication, although we don’t see so big a problem when using biometrics for the purpose of personal identification. Identification is to give an answer to the question of “Who are they?”, whereas authentication is to give the answer to the question of “Are they the persons who claim to be?” Authentication and identification belong to totally different domains.
  7. 7. 7 What’s New? The idea of using pictures has been around for two decades. New is encouraging people to make use of episodic image memories. 80-second video YouTube Keyword – Smallest Interference of Memory 13/Nov/2018 The idea of using pictures for passwords is not new. It’s been around for more than two decades but the simple forms of pictorial passwords were not as useful as had been expected. UNKNOWN pictures we manage to remember afresh are still easy to forget or get confused, if not as badly as random alphanumeric characters. Expanded Password System is new in that it offers a choice to make use of KNOWN images that are associated with our autobiographic/ episodic memories. Please have a look at this 80-second video? Since these images are the least subject to the INTERFERENCE of MEMORY, it enables us to manage dozens of unique strong passwords without reusing the same password across many accounts or carrying around a memo with passwords on it. And, handling memorable images makes us feel comfortable, relaxed and even healed.
  8. 8. 8 Isn’t Episodic Memory Changeable? We know that episodic memories can change easily. … But that doesn’t matter for authentication. It could even help. 13/Nov/2018 It’s known that episodic memories are easily changeable. What we remember as our experience may have been transformed and not objectively factual. But it would not matter for Expanded Password System. What we subjectively remember as our episodic memory could suffice. From confidentiality’s point of view,•@ it could be even better than objectively factual memories since no clues are given to attackers.
  9. 9. 9 What about Entropy? A PASSWORD LIKE ‘CBA123’ IS ABSURDLY WEAK. WHAT IF ‘C’ AS AN IMAGE GETS PRESENTED BY SOMETHING LIKE ‘X4S&EI0W’ ? WHAT IF ‘X4S&EIWDOEX7RVB%9UB3MJVK’ INSTEAD OF ‘CBA123’ GETS HASHED? 13/Nov/2018 Generally speaking, hard-to-break passwords are hard-to-remember. But it’s not the fate of what we remember. It would be easily possible to safely manage many of high-entropy passwords with Expanded Password System that handles characters as images. Each image or character is presented by the image identifier data which can be of any length. Assume that your password is “CBA123” and that the image ‘C’ is identified as X4s& eI0w, and so on. When you input CBA123, the authentication data that the server receives is not the easy-to-break “CBA123”, but something like “X4s&eI0wdoex7RVb%9Ub3mJvk”, which could be automatically altered periodically or at each access where desired.
  10. 10. 10 Relation of Accounts & Passwords Account A Account B Account C Account D Account E, F, G, H, I, J, K, L----------- • Unique matrices of images allocated to different accounts. • At a glance you will immediately realize what images you should pick up as your passwords for this or that account. 13/Nov/2018 Being able to recall strong passwords is one thing. Being able to recall the relation between accounts and the corresponding passwords is another. When unique matrices of images are allocated to different accounts, those unique image matrices will be telling you what images you should pick up as your password for this or that account. When using images of our episodic memories, the Expanded Password System will thus free us from the burden of managing the relation between accounts and the corresponding passwords.
  11. 11. 11 In the Field Practicable with both hands busy ? In panic? With injuries? Seizure of memos, devices, tokens Seizure of body features With protection gear on? Disaster Recovery Cards and tokens possessed? Biometrics practicable? Even in severe panic, we can quickly recognize unforgettable images of episodic memories. Identity Assurance in Emergencies 13/Nov/2018 How can we login reliably in a panicky situation? Do we assume that people never forget to possess cards and tokens? Do we assume that biometrics is practicable for injured or panicked people? Do we assume that panicked people can recall strong text passwords right away? It’s the obligation of the democratic societies to provide the citizens with identity authentication measures that are practicable in these emergencies. Using unforgettable images WILL help.
  12. 12. 12 Competition or Opportunity Biometrics? Passwords required as a backup means: Opportunity. Password-managers, single-sign-on service? Two/multi-factor authentication? Passwords required as one of the factors: Opportunity. Pattern-on-grid, emoji, conventional picture passwords? Deployable on our platform: Opportunity. Passwords required as the master-password: Opportunity. 13/Nov/2018 What can be thought of as competition to Expanded Password System? Biometrics requires passwords as a fallback means. Password-managers and single-sign-on services require passwords as the master-password. Multi-factor authentications require passwords as one of the factors. Pattern-on-grid, conventional picture passwords and emoji-passwords can all be deployed on our platform. So, competition could be thinkable only among the different products of Expanded Password System. By the way, some people claim that PIN can eliminate passwords, but logic dictates that it can never happen since PIN is no more than the weakest form of numbers-only password. Neither can Passphrase, which is no more than a long password. There are also some people who talk about the likes of PKI and onetime passwords as an alternative to passwords. But it is like talking about a weak door and proposing to enhance the door panel as an alternative to enhancing the lock and key.
  13. 13. 13 Client Software for Device Login Applications Login Image-to-Code Conversion Server Software for Online-Access 2-Factor Scheme Open ID Compatible Data Encryption Software with on-the-fly key generation Single & Distributed Authority Unlimited Use Cases 13/Nov/2018 Applications of Expanded Password System will be found Wherever people have been using the text passwords and numerical PINS, Wherever people need a means of identity authentication even if we still do not know what it will be.
  14. 14. スライド 14 OASIS Open Projects • Proposition of Expanded Password System at ‘Draft Proposal’ stage • With 56 individual participants • Going to secure some more participants • Corporate members in particular 13/Nov/2018 The proposition of Expanded Password System that drastically alleviates the password fatigue is now acknowledged as a ‘Draft Proposal’ for OASIS Open Projects that OASIS has recently launched as a new standardization program. We have publicized a draft specification of Expanded Password System there. We are going to secure some more participants, corporate members in particular, who are looking for blue-ocean business opportunities in the expanding domain of identity assurance in cyberspace.
  15. 15. 15 How We Position Our Proposition We make identity authentication schemes better by leveraging the time-honored tradition of seals and autographs The underpinning principle of Expanded Password System will not go away so long as people want our own volition and memory to remain involved in identity authentication. 13/Nov/2018 Starting with the perception that our continuous identity as human being is made of our autobiographic memory, we are making identity authentication schemes better by leveraging the time-honored tradition of seals and autographs The underpinning principle of Expanded Password System shall not go away so long as people want our own volition and memory to remain involved in identity assurance.
  16. 16. 16 Some More Topics about Identity • Isn’t Biometrics killing Passwords? • Brain-Machine-Interface • 2-Channel Expanded Password System • Deterrence to Targeted Phishing • No-Cost 2-Factor Authentication 13/Nov/2018 Well, let me talk about some more topics related to digital identity. They are Biometrics supposed to kill passwords The concept of Expanded Password System applied to BMI. Expanded Password System deployed on 2 channels Deterrence Effects against Targeted /Spear Phishing Two-factor authentication built on 2 kinds of passwords
  17. 17. 17 Isn’t Biometrics killing Passwords? Fact 1: Biometrics used with a fallback password brings down the security that the password has provided. 30-second Video YouTube Specifically, old iPhones with PINCODE only were safer than newer iPhones featuring TouchID and FaceID. What has improved is convenience, not security. Fact 2: Biometrics dependent on a password as a fallback means cannot kill the password dead. Fact 3: A false acceptance rate does not make sense unless it comes with the corresponding false rejection rate. 13/Nov/2018 Every time I speak about Expanded Password System, I am flooded with this question. My answer is. Biometrics used with a fallback password brings down the security that the password has so far provided as outlined in this 30-second video. Specifically, old iPhones with PINCODE only were safer than newer iPhones featuring TouchID and FaceID. What has improved is convenience obtained at the sacrifice of security. In any case, biometrics that is dependent on a password as a fallback measures can by NO means kill the password. It’s logically obvious. By the way, a false acceptance rate makes sense only when it comes with the corresponding false rejection rate. I don’t understand why biometrics vendors don’t publicize both of the two simultaneously.
  18. 18. 18 Brain-Machine-Interface Random numbers or characters allocated to the images. Ask the users to focus their attention on the numbers or characters given to the registered images. A simple brain-monitoring is vulnerable to wiretapping. The monitoring system will then collect the brain-generated onetime signal corresponding to these numbers or characters. 13/Nov/2018 A simple brain-monitoring has a problem in terms of security. The data, if wiretapped by criminals, can be replayed for impersonation straight away. •@Therefore the data should be randomized as the onetime disposable ones. An idea is that the authentication system allocates random numbers or characters to the images shown to the users. The users focus their attention on the numbers or characters given to the images•@they had registered. The monitoring system will collect the brain-generated onetime signals corresponding to the registered images. Incidentally, the channel for showing the pictures is supposed to be separate from the channel for brain-monitoring. If intercepting successfully, criminals would be unable to impersonate the users because the intercepted data are onetime and disposable.
  19. 19. 19 13/Nov/2018 2-Channel Expanded Password System Conventional 2-factor authentication systems are effective only against abuse of the device/phone. 2-factor Expanded Password System enables the user to produce a onetime identity authentication data, i.e., a real onetime password. Some people say that using physical tokens is more secure than using phones for receiving onetime code by SMS. If it is the case, the use of physical tokens brings its own headache. What shall we do if we have dozens of accounts that require the protection by two/multi-factor schemes? Carrying around a bunch of dozens of physical tokens? Or, re-using the same tokens across dozens of accounts? The former would be too cumbersome and too easily attract attention of bad guys, while the latter would be very convenient but brings the likes of a single point of failure. We have a third proposition. A matrix of the images, to which random onetime numbers or characters are allocated , are shown to the users through a mobile device, as in the use case of BMI mentioned a minute ago. Users who recognize the registered images will feed the numbers or characters given to those images on a main device. From those onetime data, the authentication server will tell the images that user had registered. What is needed at the users’ end is only a browser soft. Then, we do not depend on the vulnerable onetime code sent through SMS and a single phone can readily cope with dozens of accounts.
  20. 20. 20 13/Nov/2018 Deterrence to Targeted Phishing Genuine or Fake? Fake or Genuine? Though not designed against phishing attacks, wise deployment of Expanded Password System helps us deter not only indiscriminate mass phishing but also targeted phishing attacks as one of its secondary effects. Against Mass Phishing: Where users are encouraged to create their own unique image matrices with Expanded Password System, criminals would feel discouraged because of its heavy costs of capturing and activating thousands, millions or billions of image matrices all unique to different UserIDs. Against Targeted/Spear Phishing : ‘2-Channel Expanded Password System’ presented in the previous page could discourage targeted phishing because the criminals would have to place both of the two channels under their control simultaneously before starting the phishing trials. Alternatively, we can add a second step of Expanded Password System, making it 'Selective 2-step Authentication' for the users who opt for it, which makes criminals’ jobs extremely heavy and complicated. Against Persistent Targeted/Spear Phishing: Criminals who persistently chase really valuable information assets could be discouraged if we deploy the 2-step EPS coupled with the 2-Channel method. Expanded Password System was not designed against phishing attacks, but deploying it wisely would help us deter not only indiscriminate mass phishing but also targeted/spear phishing attacks as one of its secondary effects. Where users are encouraged to create their own unique image matrices with Expanded Password System, we could assume that criminals feel discouraged about the indiscriminate mass phishing because of its heavy costs of capturing and activating thousands, millions or billions of image matrices all unique to different UserIDs. 2-Channel Expanded Password System presented in the previous page could discourage targeted phishing because the criminals would have to place both of the two channels under their control simultaneously before starting the phishing trial. Alternatively, we could think of adding a second step of Expanded Password System, making it 'Selective 2-step EPS' for the users who opt for it, which makes criminals’ jobs extremely heavy and complicated. Criminals who persistently chase really valuable information assets could be discouraged if we deploy the 2-step EPS coupled with the 2-Channel method.
  21. 21. 21 No-Cost 2-Factor Authentication Factor 1 – Password Remembered (what we know/remember) Factor 2 – Password Written Down or Physically Stored (what we have/possess) Effect - A ‘boring legacy password system’ turning into a no-cost light-duty two-factor authentication system made of ‘what we know’ and ‘what we have’. 13/Nov/2018 A very strong password supposed to not be remembered and written down on a memo should be viewed as 'what we have', definitely not 'what we remember', so it could be used as one of the two factors along with a remembered password. We could then turn a boring legacy password system into a two factor authentication system at no cost, just by verifying two passwords at a time, one volitionally recalled and the other one physically possessed. When those two different passwords are used as two factors, we could rely on the strength of a remembered password against physical theft and the strength of a physically possessed long password against brute force attack, although it is not as strong against wiretapping as token-based solutions armed with PKI or Onetime Password. This could be viewed just as a thought experiment or could actually be considered for practical application in between a single factor authentication and a costly heavily-armored 2-factor scheme, or, as a transition from the former to the latter. It goes without saying that Expanded Password System could be brought in for a good remembered password.
  22. 22. 22 Wrap Up Expanded Password System that drastically alleviates the password fatigue is supportive of - Biometrics that require passwords as a fallback means against false rejection - Two/multi-factor authentications that require passwords as one of the factors - ID federations such as password managers and single-sign-on services that require passwords as the master-password Simple pictorial/emoji-passwords and patterns-on-grid that can all be deployed on our platform * All with the effects that handling memorable images makes us feel pleasant and relaxed Furthermore, - Nothing would be lost for the people who want to keep using textual passwords - It enables us to turn a low-entropy password into a high-entropy authentication data - It is easy to manage the relation between accounts and the corresponding passwords - It helps deter various phishing attacks - Lastly but not the least, it is democracy-compatible by way of providing the chances and means to get our own volition confirmed in our identity assurance. * It is the obligation of democratic societies to provide citizens with the choice to adopt a secure and yet stress-free identity authentication means that is practicable in any circumstances, panicky situations in emergencies in particular .
  23. 23. 23 As such, there exists a secure and yet stress- free means of democracy-compatible identity authentication. That is Expanded Password System. Thank You Hitoshi Kokumai President, Mnemonic Security, Inc. kokumai@mneme.co.jp 13/Nov/2018 As such, there exists a secure and yet stress free means of democracy-compatible identity authentication. That is Expanded Password System I would be happy if you will keep this in mind as one of the takeaways from this conference. ----------------------- If you have questions, feel free to catch me whenever you find me. Thank you very much for your time.

×