CLOUDTWEAKS DEMAND GENERATION

Each year we provide a few highly customized demand generation opportunities to partners and going into our 10th year at CloudTweaks is certainly no different. We are on the lookout for technology vendors to collaborate with on a number of initiatives in 2019. 

Sponsorship opportunities will be available for all budgets and sizes including the (premium) thought leadership exposure program or the webinar, podcast, white paper or explainer video lead generation program. 

Hitoshi Kokumai

Part 2 – Identity Assurance by Our Own Volition and Memory

Identity Assurance by Our Own Volition and Memory

We believe that the reliable identity assurance (See part 1) must be built on three prerequisite principles as follows.

  • Volition of the User – with Self-Determination,

Identity authentication with no confirmation of the user’s volition would lead to a world where criminals and tyrants dominate citizens.

  • Practicability of the Means – for Use by Homo sapiens

Mathematical strength of a security means makes sense so long as the means is practicable for us Homo sapiens.

  • Confidentiality of the Credentials – by ‘Secret’ as against ‘Unique’.

Being ‘unique’ is different from being ‘secret’. ‘Password’ must not be displaced by ‘User ID’.

These prerequisites are especially important for Self-Sovereign Identity. Any one of them missing, it does not qualify as a valid identity authentication means. Claiming otherwise ends up with spreading a false sense of safety.

The emphasis on volition also indicates that our proposition of EPS presupposes the societies where people respect democratic values and is in return expected to support the democratic values.

Identity Assurance in Emergency

How can we login reliably in a panicky situation?

It is the obligation of the democratic societies to provide the citizens with identity authentication measures that are practicable in these emergencies. Using unforgettable images will help.

Scope of Enterprise

Multi-factor authentications and ID federations (single-sign-on services and password management tools) are operated with the password. The password is also indispensable for the biometric products operated in cyber space as a fallback means against false rejection. And yet, passwords have been hard to manage.

With billions of people suffering the same big digital headache, the problem to be addressed by our solution is huge, Substantial market opportunity is anticipated for the most practicable solutions to the issue of shared secrets for reliable identity assurance.

Specifically, without the reliable digital identity assurance, such emerging industries and critical infrastructures as below would be infeasible.

  • Self-Sovereign Identity
  • Electronic Healthcare
  • Pandemic-resistant Teleworking
  • ICT-assisted Disaster Prevention, Rescue & Recovery
  • Hands-Free Operation of Wearable Computing
  • Hands-Free Payment & Empty-Handed Shopping
  • Humanoid Robots
  • Internet of Things

And, needless to say, Cyber Defense & Law Enforcement.

Recent Developments in Biometrics

Half year ago we felt a big shockwave to have heard a mind-boggling report of unnecessary deaths presumably brought by biometrics misunderstood from India where the biometrics; is mandatory for its Aadhaar-based Public Distribution System. There have since been intriguing new findings.

According to a report from India, actual False Acceptance Rates turned out to be 6% for fingerprints and 8.5% for iris scans in the large-scale use case of Aadhaar, which may look far higher than you have heard. And, a follow-up report says that a lock function has been introduced for the biometrics data.

By the way, the reports refer to ‘failure’ or ‘glitch’ of biometrics, but it is not necessarily correct. ‘False Rejection’ as against ‘False Acceptance’ is inherent in biometrics; there is no biometrics that is free from False Rejection. Let us explain this point closely.

A graph (*1) below shows the False Acceptance Rates (FAR) and False Rejection Rates (FRR) of two biometrics products – one relatively more accurate and the other less accurate.

What this graph indicates is, firstly, that FAR and FRR are not the variables that are independent from each other, but are dependent on each other.

A FAR could be fixed only against a certain FRR, i.e., both variables can be positioned only at the same single point on the same single curve. In other words, the couple of a FAR and a FRR can exist only in a certain combination.

Secondly, it also indicates that the lower a FAR is, the higher the corresponding FRR is. The lower a FRR, the higher the corresponding FAR. That is, FAR and FRR are not just mutually dependent but are in a trade-off relation.

The level of a FAR that rejects a twin would have to bring the level of a FRR that rejects the registered user very frequently. The level of a FRR that eliminates the need of a fallback means would have to bring the level of a FAR that accepts nearly anyone.

Thirdly, also indicated is that the more accurate the biometrics sensor becomes (the lower the Equal Error Rate becomes), the curve goes downwards/leftwards in this graph. But, when a FAR is 0 (zero), the corresponding FRR still remains close to 1 (one). When a FRR is 0 (zero), the corresponding FAR remains close to 1 (one).

Another graph (*2) helps us to grasp how FAR and FRR are mutually dependent and also in a trade-off relation.

Move the threshold to the right (more strict) and we would see the combination of a lower FAR and a higher FRR. Moving it to the left (more lenient), the outcome would be the combination of a higher FAR and a lower FRR.

The presence of False Rejection, however close to 0 (zero) the rate might be, would require a fallback means against the False Rejection.

If the officials responsible for the Aadhaar-based PDS had been informed of the above, they must have provided a fallback means in case of the false rejection. Then this kind of misery could have been avoided. We have to wonder how it was possible that these people were not advised of the issue of false rejection.

The touted merits of biometrics were (a) security higher than passwords and (b) convenience better than passwords. We have been trying to demystify (a) and the actual case of Aadhaar and the like will hopefully be demystifying (b).

Thought Experiment in Two-Factor Authentication

A very strong passwords supposed to not be remembered and written down on a memo should be viewed as ‘what we have’, definitely not ‘what we remember’, so it could be used as one of the two factors along with a remembered password.

Although it may not be able to compete with a 2-factor scheme involving a PKI and OTP-based authenticator, a ‘boring legacy password system’ can be a two-factor authentication system made of ‘what we remember’ and ‘what we have’ just by verifying two passwords per access.

The merit of this plan is that the two-factor effects could be somehow achieved straightaway WITHOUT involving any costs of delivering and certifying the hardware tokens.

This kind of simple no-cost 2-factor schemes could have long been in broad use but it did not happen. We are wondering what prevented it from becoming popular. (Good security solutions come with a big price tag in many cases, so we might have taken it for granted that a solution coming with no big price tag cannot be a good solution. Was it?)

This could be viewed just as a thought experiment or could be considered for practical application between a single factor authentication and a costly heavily-armored 2-factor scheme.

What is needed in Brain-Machine-Interface

As for Man-Machine-Interface for EPS that accepts images in addition to characters, we already can rely on:

  • clicking and tapping on the images randomly positioned
  • typing the characters randomly allocated to images

We will easily be able to rely on:

  • eye-tracking the images randomly positioned
  • voice-recognizing the characters randomly allocated to images
  • voiceless-voice-recognizing the same
  • tapping secret signals on a pad when hearing the sounds that the users had registered (for the blind people)
  • tapping signals when feeling the tactile sensation that the users had registered (for the blind & deaf people)

All the above can be achieved by deploying the off-the-shelf technologies. The next task is the interfaces for the people who cannot rely on any of the above. Here enters the possibility of BMI/BCI.

A simple brain-monitoring of the user’s eye-tracking has a problem in terms of security. The data, if wiretapped by criminals, can be replayed for impersonation straight away. Therefore the data should be randomized as the disposable onetime ones.

One idea is that the authentication system allocates random characters to the images. The users focus their attention on the characters given to the registered images. The monitoring system will collect the brain-generated onetime signal/data responding to these characters. If intercepting successfully, criminals would be unable to impersonate the users because the bugged data are onetime and disposable.

By Hitoshi Kokumai

Hitoshi Kokumai

Hitoshi Kokumai, President, Mnemonic Security, Inc.

Hitoshi is the inventor of Expanded Password System that enables people to make use of episodic image memories for intuitive and secure identity authentication. He has kept raising the issue of wrong usage of biometrics with passwords and the false sense of security it brings for 16 years.

Mnemonic Security Inc. was founded in 2001 by Hitoshi Kokumai for promoting Expanded Password System. Following the pilotscale operations in Japan, it is seeking to set up the global headquarters.

View Website

RESOURCES

Gartner’s Top 10 Predictions For IT In 2018 And Beyond

Gartner’s Top 10 Predictions For IT In 2018 And Beyond

Gartner’s Top 10 Predictions For IT In 2018 In 2020, AI will become a positive net job motivator, creating 2.3M jobs while eliminating only 1.8M jobs. By 2020, IoT technology will be in 95% of electronics for new product designs ...
Cloud Monitoring and Data Performance Services

Cloud Monitoring and Data Performance Services

CLOUD PERFORMANCE MONITORING These services will accompany you in monitoring and safeguarding your data, critical applications and websites in real-time. This resource list is in no particular order of preference. CA Technologies New York based CA Technologies offers software solutions and ...
Business Analytics Vs Data Science

Business Analytics Vs Data Science

Big Data Continues To Grow Big Data continues to be a much discussed topic of interest and for good reason.  According to a recent report from International Data Corporation (IDC), "worldwide revenues for big data and business analytics will grow ...
Load Testing Tools

Load Testing Tools

Provided is a short list of load testing tools which will test server and application resistance and certainly valuable in order to help test and tweak your company's infrastructure ...
Leading Programming Languages - TIOBE Index for July 2018

Leading Programming Languages – TIOBE Index for July 2018

Last month we announced that TypeScript entered the TIOBE index top 100 for the first time. TypeScript appears to keep growing in popularity. This month it entered the top 50. TypeScript is slowly becoming the new and improved JavaScript. One ...
Top 50 Cloud Hosting Services

Top 50 Cloud Hosting Services

The methodology behind our top 50 cloud list is based on several years of experience understanding and following who the key players are in the industry. Click to review the current top 50 and stay tuned for future discussion ...

CONTRIBUTORS

Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks Nearly every IT professional dreads unplanned downtime. Depending on which systems are hit, it can mean ...
Cloud Developers are Using the Programmable Infrastructure to Open a World of Innovation and Business Transformation

Cloud Developers are Using the Programmable Infrastructure to Open a World of Innovation and Business Transformation

In the past few years, we have seen a surge of advancement in cloud development. New platforms, developer tools, and ...
Infosec thought leaders

Beyond VDI: How the hybrid cloud is forcing us to rethink an industry

Beyond VDI (Virtual Desktop Infrastructure) Before I start this blog, I want to get something off my chest. Here it ...
The Forecast for Industry 4.0: A Combination of Fog and Clouds Resulting in Limitless Opportunities for IIoT Innovation

The Forecast for Industry 4.0: A Combination of Fog and Clouds Resulting in Limitless Opportunities for IIoT Innovation

Limitless Opportunities for IIoT Innovation Manufacturing has transcended its material nature and emerged in a new form that is partially ...
The 3% Edge: How Data Drives Success in Business and the Olympics

The 3% Edge: How Data Drives Success in Business and the Olympics

Data Drives Success in Business A recent Bloomberg BusinessWeek article entitled “The Tech Guy Building Wearables for America’s Olympians” profiles ...
Infatuation leads to love - How container orchestration and federation enables multi-cloud competition

Infatuation leads to love – How container orchestration and federation enables multi-cloud competition

Container Orchestration The use of containers by developers -- and now increasingly IT operators -- has grown from infatuation to ...
Everyone Has Data, but the Ones Who Can Optimize It Will Be the Winners

Everyone Has Data, but the Ones Who Can Optimize It Will Be the Winners

Big Data Strategies Data is ubiquitous, but success apparently isn’t. Companies using big data strategies are running headlong into an 85 ...