Larger Attack Surface on User’s Device

I today take up this The Register report — “Client-side content scanning as an unworkable, insecure disaster for democracy”

Glancing over this worrying report, I found this paragraph especially eye-catching; “It goes on to look at all the potential problems with CSS systems. These include the possibility of abuse by authorized and unauthorized parties, as well as local adversaries — a user’s partner, ex-partner, other family member, or rival who has access to the user’s device.”

This kind of threat is supposed to be mitigated by a secure login. In this aspect, we know that Apple is shooting itself in the foot by increasing the attack surface (=increasing the vulnerability) of the login security as the result of adding a probabilistic back door of biometrics login such as TouchID and FaceID on top of the deterministic front door of a default pincode/password.

If there is nothing particularly wrong in using two authenticators in a ‘two-entrance’ deployment for convenience’s sake, it is absolutely wrong to lead the consumers to wrongly believe that the security has been improved.

Actually, it has brought down identity security, spreading a false sense of security among consumers.

Well, as for the security effect of deploying two authenticators in ‘multi-entrance’ deployment (as against ‘multi-layer’ deployment), you might well be interested in these posts -

“Biometrics is to Password what Back door is to Front door”

“Step-by-Step Analysis of Why and How Biometrics Brings Down Security”

“Get graphs to talk the nature of probabilistic biometrics”

Key References

Biometrics is to Password what Back door is to Front door

Removal of Passwords and Its Security Effect

Negative Security Effect of Biometrics Deployed in Cyberspace

External Body Features Viewed as ‘What We Are’

Additional References

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

What We Know for Certain about Authentication Factors

Digital Identity for Global Citizens
Image-to-Code Conversion by Expanded Password System

Summary and Brief History — Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

Account Recovery with Expanded Password System

History, Current Status and Future Scenarios of Expanded Password System

Availability-First Approach

Update: Questions and Answers — Expanded Password System and Related Issues

< Videos on YouTube>

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes — narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space — “below-one” factor authentication

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.