Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mnemonic Guard personal verification technology based on old memory overcoming security-paradox without risking privacy Mnemonic Security, Inc.

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "Mnemonic Guard personal verification technology based on old memory overcoming security-paradox without risking privacy Mnemonic Security, Inc."— Presentation transcript:

1 Mnemonic Guard personal verification technology based on old memory overcoming security-paradox without risking privacy Mnemonic Security, Inc. http://www.mneme.co.jp

2 so easy to lose 15% of businessmen lost some mobile devices in 2001 in Japan according to Gartner Japan. → Whether ubiquitous computing will come true as a dream or a nightmare hinges on whether or not there is a valid personal verification technology.

3 human factor Assume that terminals talk each other. → It is the terminal devices that matter. → Users are viewed as protein-made operation robots. → Vulnerability of human beings is often out of sight. Assume that people talk each other via terminals. → It is people in the real life that matter. → Terminal devices are just tools held in people ’ s hands. → Vulnerability of human beings is always in focus. ×

4 significance of personal verification Encrypted data must be made human-readable when presented to the authorized individuals. = > Personal verification is the key to rejecting impersonators and protecting data from stealth Even the perfectly unbreakable encryption is invalid in front of a successful impersonator.

5 security of personal verification Easy-to-remember passwords commonly used are too vulnerable. It is widely believed that the solutions should be Place the passwords under stricter control Use the unique human body as the passwords Reject those who do not have the specified tokens Combine the above Taken for granted Who proved, and how ?

6 Paradox of Password Make it longer, more inorganic, and change it more often. Then, security should improve! cannot remember write it down and carry it around or paste it towards collapse of security Fatal collapse under mobile environment With accounts increasing, even the brightest start to see collapse Intent Reject those who fail, say, three times. Then, security should improve! Unforgettable data are the easiest for impersonators to find out Rejection = Loss of business. Solution is to write down or use unforgettable personal data towards collapse of security Intent

7 Paradox of Biometrics Use the unique features of human body as verification data. Then, security should improve! towards worst collapse of security Intent By nature false rejection cannot be eliminated. Rejection = Loss of business. Rely on backup/recovery passwords provided in OR style Forget biometrics! Break passwords! furthermore, Obliged to use the easiest-to-break data unless a memo is allowed to be carried around or pasted.. Passwords to be registered just in case Valid where we do not have to rely on passwords, say, in our own place. The human body cannot be replicated, but features of the body can be easily replicated despite its nature of privacy. That the identification (who is this person?) is different to the verification (is this person who claims to be?) is too often overlooked.

8 Paradox of Tokens Reject those who fail to produce the necessary tokens. Then, security should improve! towards worst collapse of security Intent Tokens left behind = Loss of business Endeavor not to leave it behind Back to “ Token left behind ” Use just-in-case passwords in OR style Try to escape from this loop Increase the chances of simultaneous loss or stealth of devices & tokens Endeavor not to lose both devices & tokens at a time Valid where we do not have to rely on passwords, say, in our own place.

9 Paradox of Combination Combination in AND style: The problem of “ Rejection = Loss of business ” will only get deteriorated. Combination will not help security improve, but help spread the false sense of security. Combination in OR style: Security of the whole system will be determined by that of the weakest component, that is, the just-in-case passwords in most cases. There are no third combination style other than AND and OR. ↓ Each solution may have its weakness. Combine them. Then, security should improve! Intent

10 Security Paradox ironical phenomenon that a good intention to improve security ends up with paradoxical result; collapse Paradox of Biometrics Paradox of Password Paradox of Tokens Paradox of Combination

11 what identity Identity of Token, Body and Personality – What matters for business and information security? Identity of Token – Tokens tell nothing about in whose hands they are now. Identity of Body – Cases of multiple-personality with disintegrated memory Identity of Personality – Sustained and integral memory It is the personality, not token or body, that matters for business. Verification of identity of personality cannot be replaced by body or token identification.

12 establish identity of personality Identity of the personality can be established only by verifying the memory shared by the individuals and the system. Objective personal data unique to an individual, which can be written down in letters and numbers, can be easily gathered by impersonators. Subjective emotion-influenced visual images memorized by an individual cannot, particularly when they have survived decades. → Research the methods to verify the visual images. →Develop solutions to make the good use of long-term memory → Also, make every effort to mitigate the stress that people feel.

13 first step to overcome security paradox merits and limitations of picture-based passwords Merits of image-based verification easier to retain since it is visually concrete easier to revive, because of re-cognition of what is in sight, not re-call of what is out of sight. Limitations of simple image-based passwords Still subject to oblivion, not freed of security paradox Not strong enough on a small screen

14 Mnemonic Guard overcome security paradox The user should only select the registered symbols to complete the verification. The sort of mistakes that the legitimate user can make will be tolerated and retrials will be encouraged. In case of a forced access, the user can select the emergency symbol as well as the verification symbols so that the system will know the emergency without the intimidator noticing the silent communication. Photos of pet dogs we used to love decades ago are mixed with decoy dogs. For those who loved those memorable dogs, there could be no failure in verification. An impersonator, who has to try random choice, will be rejected as soon as they make the sort of mistakes that the legitimate user can hardly make. The device will be made not to work or the alarm system will be triggered.

15 Mnemonic Guard overcome security paradox An example of the verification screen prepared for an 80-years old lady, who uses, as the verification data or the pass- symbols, 3 or 4 old photos taken 20 years ago of her grand- daughters. On a small screen, each symbol, when pointed, could be enlarged for showing details.

16 Mnemonic Guard: simple operation for reliable identity verification For the legitimate user: Easy and simple operation of selecting a few or several symbols registered as verification data. The sort of mistakes that the legitimate user can make will be tolerated and the user can keep retrying without feeling stress. For an impersonator: Mnemonic Guard software provides not just the user verification but also the impersonator verification. The impersonator will be rejected at a very early stage of the trial. Also provided are functions of emergency signaling, child-lock/fail- proof, enlarge/shrink, optional input, etc, for the best possible usability. The user can build or get built their own verification pictures from old photos or similarly emotion-influenced objects. There cannot be failure in verification by oblivion.

17 products data leakage from mobile devices on the market for Windows2000 and PocketPC illegal access to domain controllers and web- servers on the way to the market illegal login into specific application software under development illegal physical access to data centers under planning with monitor invisibility technology

18 projects Mnemonic Security, Inc. picture production business for the busy and elderly alliance: VIO, Tokyo University, NILS government project with TAO assured P2P communications platform to protect privacy with minimum risks on law and order alliance: Fujitsu PST, Prof Hideki Imai of Tokyo University government project with IPA user ・ system mutual verification system alliance: Tokyo University, Fujitsu PST, VIO to be government project with TAO

Download ppt "Mnemonic Guard personal verification technology based on old memory overcoming security-paradox without risking privacy Mnemonic Security, Inc."

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.

The quest to replace passwords Evangelos Markatos Based on a paper by Joseph Bonneau,Cormac Herley, Paul C. van Oorschot, and Frank Stajanod.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.

Frank Stajano Presented by Patrick Davis 1.  Ubiquitous Computing ◦ Exact concept inception date is unknown ◦ Basically background computing in life.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.

Lee Hang Lam Wong Kwun Yam Chan Sin Ping Wong Cecilia Kei Ka Mobile Phone OS.
Identity cards and systems Professor M. Angela Sasse University College London Professor Brian Collins RMCS Shrivenham.

Identity cards and systems Professor M. Angela Sasse University College London Professor Brian Collins RMCS Shrivenham.
ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.

3D-password A more secured authentication G.Suresh babu Roll no:08H71A05C2 Computer science & engineering Mic college of technology Guide:Mrs A.Jaya Lakshmi.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.

Biometric Authentication Presenter: Yaoyu, Zhang Presenter: Yaoyu, Zhang.
Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Similar presentations

Ads by Google