‘Smartphones are now better protected by selfies, fingerprints and other biometric sensors.’ This is what many people believe or are led to believe. Let us analyze how certain we can be.
Blind Spot in Our Mind & Eye-Opening Experience
Let us imagine that we are watching two models of smart phones – Model A with Pincode and Model B with Pincode and Fingerprint Scan. Which of the two models do you think is securer?
- when you hear that Model A is protected by Pincode while Model B is protected by both Pincode and Fingerprints
- when you hear that Model A can be unlocked by Pincode while Model B can be unlocked by both Pincode and Fingerprints
- when you hear that Model A can be attacked only by Pincode while Model B can be attacked by both Pincode and Fingerprints
Is your observation the same for all the 3 situations?
Now let us imagine that there are two houses – (1) with one entrance and (2) with two entrances placed in parallel. Which house is safer against burglars?
Every one of us will agree that the answer is plainly (1). Nobody would dare to allege that (2) is safer because it is protected by two entrances. Similarly, the login by a Pincode/password alone is securer than the login by a biometric sensor backed up by a fallback Pincode/password.
Both of the two or Either of the two?
Biometric products could help for better cyber security ONLY WHEN it is operated together with a password by AND/Conjunction (we need to go through both of the biometrics and the password), NOT WHEN operated with a password by OR /Disjunction (we need only to go through either of the two) as in the cases of the abovementioned house with two entrances and most of the biometric products on the market.
Biometrics and passwords operated together by OR/Disjunction only increase the convenience by bringing down the security. Mixing up the case of OR/Disjunction with that of AND/Conjunction, we would be trapped in a false sense of security (We wrongly feel safer when we are actually less safe)( *2).
Two factor authentication or “below-one” factor authentication?
Biometric products operated together with a fallback password, which can be compared to a house with two entrances placed in parallel (not in tandem), may be defined as a “below-one” factor authentication because they offer the level of security lower than a password-only one factor authentication.
There is nothing wrong in saying that a house with two entrances is more convenient than a house with one entrance. But alleging “A house with two entrances is safer against burglars than a house with one entrance” would be just silly.
Similarly, there is nothing wrong with a biometric product operated with a fallback password when the product is offered as a tool for increasing convenience. However, it would not be just silly but unethical and antisocial to make, sell and recommend those products as a tool for increasing security and spread a false sense of improved security.
This misconception is sadly supported and spread d by a number of big businesses, leading financial institutions and government agencies as well as not a few security professionals and globally known media. They are misled and in turn misleading, with the chains of vicious cycles growing exponentially.
This is not an issue of the relative comparison between “good” and “better”, but the absolute judgment of “harmful” against “harmless”. Something must be done before such critical sectors as medicine, defense and law enforcement get contaminated in a horrible way.
More about “OR/Disjunction”
Biometric sensors and monitors, whether static, behavioral or electromagnetic, can theoretically be operated together with passwords in two ways, (1) by AND/Conjunction or (2) by OR/Disjunction. The cases of (1) are hardly known in the real world because the falsely rejected users would have to give up the access altogether even when they are able to feed their passwords.
Most of the biometric products are operated by (2) so that the falsely rejected users can unlock the devices by registered passwords. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). With (x) and (y) being between 0 and 1, the sum (x + y – xy) is necessarily larger than the vulnerability of a password (y), i.e., the devices with biometric sensors and fallback passwords are less secure than the devices protected by a password-only authentication.
Incidentally some people argue that the presence of a backdoor would not make a problem if it is stronger than the front door. Let us think of a very weak fallback password (Y1) and a very strong fallback password (Y2). We will then get to (x + y1- xy1) > (y1) and (x + y2 – xy2) > (y2), which means that we are safer when we use only the weak password than when we use the biometrics with the weak fallback password, and that we are also safer when we use only the strong password than when we use the biometrics with the strong fallback password.
We could consider the comparison between (x + y2 – xy2) and (y1) but it could lead us nowhere. Whoever can manage a strong password Y2 together with biometrics must be able to manage Y2 on its own. Then, again, we are safer when we use only the strong password Y2. Moreover, rarely used/recalled passwords tend to be very weak, i.e., what we actually get would be (x + y1 – xy1) >>> (y2).
As such it is not possible to count a case that the biometrics used together with a fallback password is stronger than a password used on its own.
By the way, it would be fruitless to spend time for comparing the strength of biometrics used on its own with that of passwords used on its own. There are no objective data on the vulnerability of biometric products (not just false acceptance rate when false rejection is sufficiently low but also the risk of forgery of body features and the risk of use when the user is unconscious) and that of the passwords (not only that the entropy may be as low as 10 bits or as high as 100 bits but also that it can be stolen and leaked.)
Backdoor to Smartphones
It appears that something crucial is overlooked in the heated debates about the backdoor on smartphones, which is the focus point of the recent events with Apple and the FBI that have drawn a lot of attention worldwide.
I would like to point out that there already exists a backdoor on many of the latest smartphones, namely, a fingerprint scanner or a set of camera and software for capturing faces, irises and other body features which are easily collected from the unyielding, sleeping, unconscious and dead people.
As stated above, the authentication by biometrics in cyber space comes with poorer security than Pincode/password-only authentication in most cases. A false sense of security is often worse than the lack of security. I would like to put forward the suggestions.
- The vendors of those smart devices, who are conscious of privacy and security of consumers,