THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS
|
|
- Lewis Bond
- 6 years ago
- Views:
Transcription
1 THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS FIDO ALLIANCE WEBINAR MARCH 28,
2 INTRODUCTION TO THE FIDO ALLIANCE ANDREW SHIKIAR SENIOR DIRECTOR OF MARKETING MARCH 28,
3 THE FACTS ON FIDO The FIDO Alliance is an open, global industry association of 250+ organizations with a focused mission: Today, its members provide the world s largest ecosystem for standards-based, interoperable authentication AUTHENTICATION STANDARDS based on public key cryptography to solve the password problem 300+ FIDO Certified solutions Available to protect 3 BILLION+ user accounts worldwide 3
4 DRIVEN BY 250 MEMBERS Board of Directors comprised of leading global brands and technology providers + SPONSOR MEMBERS + ASSOCIATE MEMBERS + LIAISON MEMBERS 4
5 WHY FIDO? The World Has a Password Problem PASSWORDS Security Usability For users, they re clumsy, hard to remember and they need to be changed all the time SECURITY Weak Strong Poor Easy USABILITY 63% of data breaches in 2015 involved weak, default, or stolen passwords -Verizon 2016 Data Breach Report 65% Increase in phishing attacks over the number of attacks recorded in Anti-Phishing Working Group There were 1093 data breaches in 2016, a 40% increase from Identity Theft Resource Center,
6 WHY FIDO? OTPs improve security but aren t easy enough to use - and are still phishable OTPs Usability TOKEN NECKLACE USER CONFUSION SECURITY Weak Strong Security STILL PHISHABLE SMS RELIABILITY Poor Easy USABILITY 6
7 THE WORLD HAS A SHARED SECRETS PROBLEM 7
8 WE NEED A NEW MODEL 8
9 HOW ARE WE DOING IT? STANDARDS ECOSYSTEM DEPLOYMENTS USER EXPERIENCE 9
10 HOW OLD AUTHENTICATION WORKS ONLINE CONNECTION The user authenticates themselves online by presenting a human-readable shared secret 10
11 HOW FIDO AUTHENTICATION WORKS LOCAL CONNECTION The user authenticates locally to their device (by various means) The device authenticates the user online using public key cryptography ONLINE CONNECTION 11
12 SIMPLER AUTHENTICATION Reduces reliance on complex passwords Single gesture to log on Works with commonly used devices Same authentication on multiple devices Fast and convenient 12
13 STRONGER AUTHENTICATION Based on public key cryptography No link-ability between services or accounts Keys stay on device Biometrics, if used, never leave device No server-side shared secrets No 3 rd party in the protocol 13
14 FIDO A NEW PARADIGM: SECURITY Weak Strong authentication = STRONGER & SIMPLER Poor Easy USABILITY 14
15 FIDO-ENABLED APPS + SERVICES 3 BILLION AVAILABLE TO PROTECT ACCOUNTS WORLDWIDE 15
16 BUT WAIT 16
17 THE WORLD HAS AN IOT SECURITY PROBLEM 17
18 WE NEED A NEW AUTHENTICATION MODEL FOR CONNECTED USERS & DEVICES 19
19 THANK YOU ANDREW SHIKIAR SR. DIRECTOR OF MARKETING 20
20 THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS ROLF LINDEMANN, NOK NOK LABS Thanks to this app you can maneuver the new Forpel using your smartphone! Too bad it s not my car.
21 What s the challenge Source: HP Enterprise IoT Home Security Systems 22
22 Context Secure firmware protects one healthy part from infected parts Need strong fundament, e.g. a CPU supporting ARM TrustZone, Intel SGX, etc. Focus of today s presentation Strong authentication makes sure only legitimate entities get access 23
23 Scope Cloud Services 24
24 Scope Primary interaction devices, i.e. devices a) which we typically have in our possession and b) that have a user interface Cloud Services Devices that are not primary interaction devices, e.g. smart light bulbs, WIFI routers, smart fridges, smart thermostats, connected cars, smart door locks, Addressed by FIDO & W3C Web Authentication, not the core focus of this talk 25
25 Primary Interaction Devices Primary interaction device have the capability to verify the user through their user interface. They can connect to another device or to a cloud service They can implement a FIDO Authenticator allowing the user to strongly and conveniently authenticate to devices or cloud services. Trust Execution Environments and/or Secure Elements add security. 26
26 Scope User to standalone devices Focus of this talk 27
27 Scope Cloud Services Focus of this talk User to cloud-connected devices 28
28 Scope Cloud Services Device-to-Device Authentication Device-to-Cloud Authentication 29
29 Background Attacks IoT Device IoT Device Perimeter Infected Device IoT Device IoT Device IoT Device IoT Device IoT Device Internet IoT Device IoT Device IoT Device IoT Device IoT Device IoT Device 30
30 Background 31
31 Attack Scenarios 1. Exploit firmware vulnerabilities TrustZone for ARMv8-M provides protection layers that help keeping attacks local to one software module ( enclave ). Not in focus of this talk IoT Device IoT Device Legitimate authentication 2. Enter at the front-door: Impersonate user Need Strong Authentication to protect against such attacks. Our focus. 32
32 User to Device Authentication 33
33 User to Device interaction Without keyboard and display? Device 34
34 User to Device interaction User needs some computing device with user input interface and display The Device only sees some other Device no user. How can the Device know whether there is a user and whether the other device is trusted? Without keyboard and display 1 2 Convenience: Devices want to support arbitrary user verification methods, e.g. PINs, Fingerprint, Face, - with limited computing power Security: Device could be infected, so users don t want to reveal bearer tokens (like passwords, etc.) to it IoT Device 35
35 did we see that before? TLS / DTLS or other secure channel Device See 36
36 User to Device Authentication Challenge User verification Authenticator FIDO Authentication IoT Device Require user gesture before private key can be used Private key dedicated to one app (Signed) Response Public key 37
37 First Authenticator Registration (Example) 1 Device in factory default settings state IoT Device 3 Start registration process (for first authenticator) 2 Press register button 38
38 Standalone Devices Smart Light Bulbs Cloud Services WIFI Router User to standalone devices 39
39 Devices with Cloud Dependency Cloud Dependency: We want the cloud service being able to grant access to the device to a specific user But: Do not rely on stable internet connection at time of access Thermostats Parcel Lockers Cloud Services Rental Cars User to cloud-connected devices Door locks 40
40 How does it work with central authorization infrastructure? Cloud Service Mobile App SDK 1. Traditional FIDO Registration (one-time) 2. Traditional FIDO Authentication 3. Signed JWT w/pop (FIDO Uauth) Public Key (see RFC7800) FIDO Stack Device 0. (OOB) Inject trust anchor 41
41 How does it work with central authorization infrastructure? Mobile App SDK FIDO Stack JOSE Header: { kid : 1e8gfc4, alg : ES256 } JOSE Payload: { "iss": " "aud": " "exp": , 1. Traditional FIDO Registration (one-time) 2. Traditional FIDO Authentication 3. Signed JWT w/pop (FIDO Uauth) Public Key "cnf":{ (see RFC7800) Device Cloud Service "jwk":{ "kty": "EC", "use": "sig", "crv": "P-256", "x": "18wHLeIgW9wVN6VD1Txgpqy2LszYkMf6J8njVAibvhM", "y": "-V4dS4UaLMgP_4fY4j8ir7cl1TXlFdAgcx55o7TkcSA" } } 0. (OOB) Inject trust } anchor JWS signature, computed by Cloud Service 42
42 How does it work with central authorization infrastructure? Cloud Service Mobile App SDK FIDO Stack 1. Traditional FIDO Registration (one-time) 2. Traditional FIDO Authentication 3. Signed JWT w/pop (FIDO Uauth) Public Key (see RFC7800) 4. FIDO Authentication to device with signed JWT w/ PoP (FIDO) Public Key as additional data Device 0. (OOB) Inject trust anchor 43
43 44 Gallagher Unlocks the Internet of Things with Nok Nok
44 45 Source: Philafrenzy, Wikipedia
45 46 Source: Klaus Mueller, wikipedia
46 Device to Device & Device to Cloud Authentication 47
47 Scope Device to device authentication User to device authentication 48
48 User to Device Authentication How an Authenticator verifies the user and whether it verifies the user depends on the Authenticator model and is represented in the Metadata Statement. Challenge User verification Authenticator FIDO Authentication IoT Device Require user gesture before private key can be used Private key dedicated to one RP (Signed) Response Public key 49
49 Device to Device Authentication There are Silent Authenticators, never requiring any user interaction. Challenge Authenticator FIDO Authentication IoT Device and such Authenticator might be embedded in a device (Signed) Response Public key 50
50 Device to Cloud Authentication It makes no difference to the IoT device nor to the FIDO Authenticator whether it authenticates to another device or to a cloud service Challenge Cloud Service Authenticator FIDO Authentication (Signed) Response Public key 51
51 Device to Cloud Authentication It makes no difference to the IoT device nor to the FIDO Authenticator whether it authenticates to another device or to a cloud service Challenge Cloud Service Authenticator FIDO Authentication and the Authenticator can be embedded in smart fridges, smart thermostats and other IoT devices. (Signed) Response Public key 52
52 Conclusion 1. Authentication is the first experience of users with services and several device types. 2. Authentication needs to be convenient for the user and strong enough for the purpose. 3. We can do better than passwords + OTP. Look at the FIDO specifications for strong & convenient authentication, see 4. FIDO supports silent Authenticators. These Authenticators can be implemented in IoT devices. 5. FIDO authentication responses can be verified in small devices, allowing FIDO authentication to those IoT device. 6. FIDO can be combined with PoP Keys (RFC7800) in order to support authentication to cloud connected IoT devices 53
53 FIDO Authenticator Concept Optional Components Injected at manufacturing, doesn t change FIDO Authenticator User Verification / Presence Transaction Confirmation Display Attestation Key Authentication Key(s) Generated at runtime (on Registration) 54
54 Silent Authenticators 1. Definition, see FIDO Glossary 2. User Verification Method, see FIDO Registry 3. Metadata Statement, see FIDO Metadata Statements 55
55 FIDO Registration Authenticator select Authenticator according to copts; determine rpid, get tlsdata; clientdata := {challenge, origin, rpid, halg, tlsdata} copts: crypto params, credential black list, extensions Platform accountinfo, challenge, [copts] ai Relying Party (example.com) verify user generate: key k pub key k priv credential c rpid, ai, hash(clientdata), cryptop, [exts] cdh c,k pub,clientdata,ac,cdh,rpid,cntr,aaguid[,exts], signature(tbs) ac: attestation certificate chain s tbs c,k pub,clientdata,ac,tbs, s store: key k pub c 56
56 FIDO Authentication Authenticator Platform Relying Party select Authenticator according to policy; check rpid, get tlsdata (i.e. channel id, etc.); lookup key handle h; clientdata := {challenge, rpid, tlsdata} challenge, [aopts] verify user find key k priv cntr++; process exts rpid, [c,] hash(clientdata) cdh clientdata,cntr,[exts],signature(cdh,cntr,exts) s clientdata, cntr, exts, s lookup k pub from DB check: exts + signature using key k pub 57
FIDO TECHNICAL OVERVIEW. All Rights Reserved FIDO Alliance Copyright 2018
FIDO TECHNICAL OVERVIEW 1 HOW SECURE IS AUTHENTICATION? 2 CLOUD AUTHENTICATION Risk Analytics Something Device Internet Authentication 3 PASSWORD ISSUES 2 Password might be entered into untrusted App /
More informationFIDO ALLIANCE: UPDATES & OVERVIEW BRETT MCDOWELL EXECUTIVE DIRECTOR. All Rights Reserved FIDO Alliance Copyright 2017
FIDO ALLIANCE: UPDATES & OVERVIEW BRETT MCDOWELL EXECUTIVE DIRECTOR 1 250+ MEMBER & PARTNER ORGANIZATIONS GLOBALLY FIDO board members include leading global brands and technology providers + SPONSOR MEMBERS
More informationFIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication
FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication Jeremy Grant Managing Director, Technology Business Strategy Venable LLP jeremy.grant@venable.com @jgrantindc Digital: The Opportunity
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 708 data breaches 82 million personal records stolen $3.5 million average cost per breach 4 We have a PASSWORD
More informationA NEW MODEL FOR AUTHENTICATION
All Rights Reserved. FIDO Alliance. Copyright 2016. A NEW MODEL FOR AUTHENTICATION ENABLING MORE EFFICIENT DIGITAL SERVICE DELIVERY Jeremy Grant jeremy.grant@chertoffgroup.com Confidential 5 The world
More informationEXPERIENCE SIMPLER, STRONGER AUTHENTICATION
1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION 2 Data Breaches are out of control 3 IN 2014... 783 data breaches >1 billion records stolen since 2012 $3.5 million average cost per breach 4 We have a PASSWORD
More informationInternet is Global. 120m. 300m 1.3bn Users. 160m. 300m. 289m
UAF Protocol Internet is Global 120m 300m 1.3bn Users 160m 289m 300m #Users 2014 Google: 2013 Twitter: 2015 Devices without physical keyboard How Secure is Authentication? Cloud Authentication Password
More informationDeprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018
Deprecating the Password: A Progress Report Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018 The password problem Alpha-numeric passwords are hard for humans to remember and easy
More informationWho What Why
Who What Why Board Members Sponsors Associates To Change Authentication Online by: (a) Developing unencumbered Specifications that define interoperable mechanisms that supplant reliance on passwords (b)
More informationNext Gen Security Technologies for Healthcare Authentication
Next Gen Security Technologies for Healthcare Authentication Session 261, March 8, 2018 Abbie Barbir, Senior Security Adviser, Aetna Brett McDowell, Executive Director, FIDO Alliance 1 Conflict of Interest
More informationFIDO AND PAYMENTS AUTHENTICATION. Philip Andreae Vice President Oberthur Technologies
FIDO AND PAYMENTS AUTHENTICATION Philip Andreae Vice President Oberthur Technologies The Problem The Solution The Alliance Updates Data Breaches 781 data breaches in 2015 170 million records in 2015 (up
More informationA Proposed Standard for Entity Attestation draft-mandyam-eat-00. Laurence Lundblade. November 2018
A Proposed Standard for Entity Attestation draft-mandyam-eat-00 Laurence Lundblade November 2018 1 EAT Overall System Entity (e.g., Chip, Device ) Immutable private key for signing. Stored securely on
More informationFIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS. Jeremy Grant. Managing Director, Technology Business Strategy Venable LLP
FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS Jeremy Grant Managing Director, Technology Business Strategy Venable LLP jeremy.grant@venable.com :: @jgrantindc 1 WHAT IS REGTECH? RegTech: Technology
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationBreaking FIDO Yubico. Are Exploits in There?
Breaking FIDO Are Exploits in There? FIDO U2F (Universal 2nd Factor) Analyzing FIDO U2F Attack and Countermeasures Implementation Considerations Resources 2 User Experience 1. Enter username/pwd 2. Insert
More informationHow Next Generation Trusted Identities Can Help Transform Your Business
SESSION ID: SPO-W09B How Next Generation Trusted Identities Can Help Transform Your Business Chris Taylor Senior Product Manager Entrust Datacard @Ctaylor_Entrust Identity underpins our PERSONAL life 2
More informationHow I Learned to Stop Worrying and Love the Internet of Things
SESSION ID: SSC-W07 How I Learned to Stop Worrying and Love the Internet of Things Steven Sprague CEO Rivetz Corp @skswave The Big Shift Known Networks Ports Firewalls Packets SSL Known Devices Identity
More informationDissecting NIST Digital Identity Guidelines
Dissecting NIST 800-63 Digital Identity Guidelines KEY CONSIDERATIONS FOR SELECTING THE RIGHT MULTIFACTOR AUTHENTICATION Embracing Compliance More and more business is being conducted digitally whether
More informationAuthentication Work stream FIGI Security Infrastructure and Trust Working Group. Abbie Barbir, Chair
Authentication Work stream FIGI Security Infrastructure and Trust Working Group Abbie Barbir, Chair Security, Infrastructure, Trust Working Group To enhance confidence in using Digital Financial Services
More informationGSE/Belux Enterprise Systems Security Meeting
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 1 In the news Microsoft Exposes Scope of Botnet Threat By Tony Bradley, October 15, 2010 Microsoft's
More informationUsing Biometric Authentication to Elevate Enterprise Security
Using Biometric Authentication to Elevate Enterprise Security Biometric authentication in the enterprise? It s just a matter of time Mobile biometric authentication is officially here to stay. Most of
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Rob Coombs Security Marketing Director TechCon 11/10/15 Agenda Introduction Security Foundations on Cortex-M Security Foundations on Cortex-A Use cases
More informationConnecting Securely to the Cloud
Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico
More informationSecuring IoT with the ARM mbed ecosystem
Securing IoT with the ARM mbed ecosystem Xiao Sun / Senior Applications Engineer / ARM ARM mbed Connect / Shenzhen, China December 5, 2016 Lots of interest in IoT security Researchers are looking into
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Sr. Technical Marketing Manager Tech Symposia China 2015 November 2015 Agenda Introduction Security Foundations on ARM Cortex -M Security Foundations
More informationSecuring today s identity and transaction systems:! What you need to know! about two-factor authentication!
Securing today s identity and transaction systems:! What you need to know! about two-factor authentication! 1 Today s Speakers! Alex Doll! CEO OneID Jim Fenton! Chief Security Officer OneID 2 Contents!
More informationIntroduction to Device Trust Architecture
Introduction to Device Trust Architecture July 2018 www.globalplatform.org 2018 GlobalPlatform, Inc. THE TECHNOLOGY The Device Trust Architecture is a security framework which shows how GlobalPlatform
More informationScaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization
Scaling Trust with Millions of Containers: Microsegmentation Strategies for Authorization 1 About Me Drupal Security Team Database Maintainer Service Mgmt for RHEL/Ubuntu Committer Scalable CGroups Management
More informationIdentity & security CLOUDCARD+ When security meets convenience
Identity & security CLOUDCARD+ When security meets convenience CLOUDCARD+ When security meets convenience We live in an ever connected world. Digital technology is leading the way to greater mobility and
More informationPassword-less protection. Reduce your risk exposure with password alternatives
Password-less protection Reduce your risk exposure with password alternatives Contents 03 / Introduction Passwords are no longer enough 05 / Why eliminate passwords? Moving away from passwords 08 / Introduction
More informationModern two-factor authentication: Easy. Affordable. Secure.
Modern two-factor authentication: Easy. Affordable. Secure. www.duosecurity.com Your systems and users are under attack like never before The last few years have seen an unprecedented number of attacks
More informationEMERGING TRENDS AROUND AUTHENTICATION
EMERGING TRENDS AROUND AUTHENTICATION Michelle Salway Senior Director Sales - EMEA May 2017 1 BIOMETRICS: A GIFT FROM THE DEVICE MAKERS & BIOMETRIC VENDORS DEVICES ARE RICH IN AUTHENTICATION CAPABILITIES,
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationRethinking Authentication. Steven M. Bellovin
Rethinking Authentication Steven M. https://www.cs.columbia.edu/~smb Why? I don t think we understand the real security issues with authentication Our defenses are ad hoc I regard this as a step towards
More informationHow to protect Automotive systems with ARM Security Architecture
How to protect Automotive systems with ARM Security Architecture Thanks to this app You can manoeuvre The new Forpel Using your smartphone! Too bad it s Not my car Successful products will be attacked
More informationBreaking Hardware Wallets
Breaking Hardware Wallets Breaking Bitcoin September 2017 Nicolas Bacca @btchip Why Hardware Wallets? - high level overview YES NO Public data Do you want to send 1.337 BTC to 1UnREADABLE Operations on
More informationITU-T SG 17 Q10/17. Trust Elevation Frameworks
ITU-T SG 17 Q10/17 Trust Elevation Frameworks Abbie Barbir, Ph.D. ITU-T SG 17 Q10 Rapporteur Martin Euchner SG 17 Advisor ITU Workshop on "Future Trust and Knowledge Infrastructure July 1 2016 Contents
More informationUnlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.
Unlocking Office 365 without a password How to Secure Access to Your Business Information in the Cloud without needing to remember another password. Introduction It is highly likely that if you have downloaded
More informationFIDO & PSD2. Providing for a satisfactory customer journey. April, Copyright 2018 FIDO Alliance All Rights Reserved.
FIDO & PSD2 Providing for a satisfactory customer journey April, 2018 Copyright 2018 FIDO Alliance All Rights Reserved. 1 Introduction When PSD2 is deployed in Europe, users will be able to take advantage
More informationRedesigning PKI To Solve Revocation, Expiration, & Rotation Problems. Brian
Redesigning PKI To Solve Revocation, Expiration, & Rotation Problems Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research & IoT Architect @Neustar @DoYouQA 20+ Home Previously years in IT, QA,
More informationRethinking IoT Authentication & Authorization Models
Rethinking IoT Authentication & Authorization Models 2017 ISSA SoCal Security Symposium September 14, 2017 Hilton Orange County, Costa Mesa Brian Knopf @DoYouQA WHO AM I Sr Director of Security Research
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationIDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO
IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO (US) @BEN_SMITH IDENTITY = THE MOST CONSEQUENTIAL ATTACK VECTOR Confirmed data breaches involving weak, default
More informationIdentity & Access Management
Identity & Access Management THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY WITHOUT COMPROMISING SECURITY? S E C U R I T Y OR P R O D U C T I V I T Y On-premises THE PROBLEM: HOW DO WE ENABLE PRODUCTIVITY
More informationNew Paradigms of Digital Identity:
A Telefonica White Paper New Paradigms of Digital Identity: Authentication and Authorization as a Service (AuthaaS) February 2016 1. Introduction The concept of identity has always been the key factor
More informationCSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT
CSI: VIDEO SURVEILLANCE CONVERTING THE JUGGERNAUT The Market and the Trend Cyber security market (2020): USD 170.21 billion, CAGR ~10% Storage market (2020): USD 18.28 billion, CAGR 22% Tons of data to
More informationThe English version of this specification is the only normative version. Non-normative translations may also be available.
FIDO UAF APDU FIDO Alliance Proposed Standard 02 February 2017 This version: https://fidoalliance.org/specs/fido-uaf-v1.1-ps-20170202/fido-uaf-apdu-v1.1-ps-20170202.html Previous version: https://fidoalliance.org/specs/fido-uaf-v1.1-id-20170202/fido-uaf-apdu-v1.1-id-20170202.html
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Digital Interconnect Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively
More informationTrustzone Security IP for IoT
Trustzone Security IP for IoT Udi Maor CryptoCell-7xx product manager Systems & Software Group ARM Tech Forum Singapore July 12 th 2017 Why is getting security right for IoT so important? When our everyday
More informationWSO2 Identity Management
WSO2 Identity Management Panagiotis Kranidiotis panagiotiskranidiotis@gmailcom 4 Νοεμβρίου 2017 Few things about me First engagement with open source technologies in 1995 Open source consultant and systems
More informationCredential Management for Internet of Things Devices
Credential Management for Internet of Things Devices Internet Protocol for Smart Objects (IPSO) Alliance Editors: Hannes Tschofenig, ARM Limited Ned Smith, Intel Contributors: Mark Baugher, Consultant
More informationThe Internet of Things. Steven M. Bellovin November 24,
The Internet of Things Steven M. Bellovin November 24, 2014 1 What is the Internet of Things? Non-computing devices...... with CPUs... and connectivity (Without connectivity, it s a simple embedded system)
More informationTECHNICAL WHITE PAPER FIDO APPROACHES: NOK NOK LABS S3 SUITE VS BUILD YOUR OWN FIDO
TECHNICAL WHITE PAPER FIDO APPROACHES: NOK NOK LABS S3 SUITE VS BUILD YOUR OWN FIDO TABLE OF CONTENTS Executive Summary... 3 FIDO Solution Requirements... 3 FIDO UAF Client infrastructure... 4 FIDO UAF
More informationVerizon Software Defined Perimeter (SDP).
Verizon Software Defined Perimeter (). 1 Introduction. For the past decade, perimeter security was built on a foundation of Firewall, network access control (NAC) and virtual private network (VPN) appliances.
More informationAuthentication Methods
CERT-EU Security Whitepaper 16-003 Authentication Methods D.Antoniou, K.Socha ver. 1.0 20/12/2016 TLP: WHITE 1 Authentication Lately, protecting data has become increasingly difficult task. Cyber-attacks
More informationA Developer's Guide to Security on Cortex-M based MCUs
A Developer's Guide to Security on Cortex-M based MCUs 2018 Arm Limited Nazir S Arm Tech Symposia India Agenda Why do we need security? Types of attacks and security assessments Introduction to TrustZone
More informationDefeating the Secrets of OTP Apps
Defeating the Secrets of OTP Apps M.A., M.Sc. Philip Polleit, Friedrich-Alexander-Universität, Erlangen Dr.-Ing., Michael Spreitzenbarth, Friedrich-Alexander-Universität, Erlangen philip@polleit.de 1 //
More informationKeep the Door Open for Users and Closed to Hackers
Keep the Door Open for Users and Closed to Hackers A Shift in Criminal Your Web site serves as the front door to your enterprise for many customers, but it has also become a back door for fraudsters. According
More informationWHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD
WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD Imagine that you re a CISO in charge of identity and access management for a major global technology and manufacturing company. You
More informationAddressing Credential Compromise & Account Takeovers: Bearersensitive. Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19
Addressing Credential Compromise & Account Takeovers: Bearersensitive OTPS Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19 Impact Across Every Industry Phishing: Low Cost, Big Impact for
More informationApplying Context to Web Authentication
Applying Context to Web Authentication John Linn, Burt Kaliski, and Moti Yung, RSA Laboratories; Magnus Nyström, RSA Security Inc. Prepared for W3C Workshop on Transparency and Usability of Web Authentication,
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More informationWHITEPAPER. How to secure your Post-perimeter world
How to secure your Post-perimeter world WHAT IS THE POST-PERIMETER WORLD? In an increasingly cloud and mobile focused world, there are three key realities enterprises must consider in order to move forward
More informationApplying biometric authentication to physical access control systems
Applying biometric authentication to physical access control systems Published on 24 Jul 2018 Over the past few years, biometrics has rapidly expanded into consumer applications, like the financial market
More informationAS emas emudhra Authentication Solution
AS emas emudhra Authentication Solution Create your own trusted enterprise network of users, devices, applications! With malware, ransomware and other cyber threats constantly thrown at Enterprises, a
More informationStrong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing LANCEN LACHANCE VICE PRESIDENT PRODUCT MANAGEMENT GLOBALSIGN WHAT YOU WILL LEARN TODAY 1 2 3 Examining of security risks with smart connected products Implementing
More informationPaystar Remittance Suite Tokenless Two-Factor Authentication
Paystar Remittance Suite Tokenless Two-Factor Authentication Introduction Authentication is the process by which a computer system positively identifies a user It is commonly considered to be one of the
More informationDesigning Security & Trust into Connected Devices
Designing Security & Trust into Connected Devices Eric Wang Senior Technical Marketing Manager Shenzhen / ARM Tech Forum / The Ritz-Carlton June 14, 2016 Agenda Introduction Security Foundations on Cortex-A
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis SAINT Workshop
More informationARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO
ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing Pierre Garnier, COO 1 INVESTORS INSIDE Secure PRESENTATION ARM European Technical SEPTEMBER Symposium
More informationNext Generation Authentication
Next Generation Authentication Bring Your Own security impact Dominique Dessy Sr. Technology Consultant 1 2012 DIGITAL UNIVERSE 1.8 ZETTABYTES 1,800,000,000,000,000,000,000 2 $ 3 4 Threat Landscape 60%
More informationWindows Hello for Business Windows Hello for Business Overview How Windows Hello for Business works Manage Windows Hello for Business in your
Table of Contents Windows Hello for Business Windows Hello for Business Overview How Windows Hello for Business works Manage Windows Hello for Business in your organization Why a PIN is better than a password
More informationPro s and con s Why pins # s, passwords, smart cards and tokens fail
Current Authentication Methods Pro s and con s Why pins # s, passwords, smart cards and tokens fail IDENTIFYING CREDENTIALS In The Physical World Verified by Physical Inspection of the Credential by an
More informationIoT It s All About Security
IoT It s All About Security Colin Walls colin_walls@mentor.com Android is a trademark of Google Inc. Use of this trademark is subject to Google Permissions. Linux is the registered trademark of Linus Torvalds
More informationSecuring MQTT. #javaland
Securing MQTT #javaland 2017 www.bestppt.com INTRODUCTION Dominik Obermaier @dobermai Disclaimer Obligatory Disclaimer: All security suggestions and guidelines in this talk are collected from real-world
More informationINFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group INFLUENTIAL OPERATING SYSTEM RESEARCH: SECURITY MECHANISMS AND HOW TO USE THEM CARSTEN WEINHOLD OVERVIEW Fundamental
More informationGetting Into Mobile Without Getting Into Trouble
Getting Into Mobile Without Getting Into Trouble Greg Kliewer Senior Solutions Strategist October, 2014 The good old days Network separation No programmatic access from the Public Internet Safety through
More informationAdaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief
Adaptive Authentication Adapter for Citrix XenApp Adaptive Authentication in Citrix XenApp Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing costeffective
More informationSecurity Strategy for Mobile ID GSMA Mobile Connect Summit
Security Strategy for Mobile ID GSMA Mobile Connect Summit Singapore, 22 nd November 2017 G+D Mobile Security G+D Mobile Security: Managing Billions of Connected Digital Identities Today 660 million contactless
More informationTrusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague
Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July 2017 -- IETF 99 th, Prague 2 What do we mean by security? Communication Security Aims
More informationLecture 3 MOBILE PLATFORM SECURITY
Lecture 3 MOBILE PLATFORM SECURITY You will be learning: What techniques are used in mobile software platform security? What techniques are used in mobile hardware platform security? Is there a common
More informationAchieving End-to-End Security in the Internet of Things (IoT)
Achieving End-to-End Security in the Internet of Things (IoT) Optimize Your IoT Services with Carrier-Grade Cellular IoT June 2016 Achieving End-to-End Security in the Internet of Things (IoT) Table of
More informationOneID An architectural overview
OneID An architectural overview Jim Fenton November 1, 2012 Introduction OneID is an identity management technology that takes a fresh look at the way that users authenticate and manage their identities
More informationWhitepaper on AuthShield Two Factor Authentication with SAP
Whitepaper on AuthShield Two Factor Authentication with SAP By AuthShield Labs Pvt. Ltd Table of Contents Table of Contents...2 1.Overview...4 2. Threats to account passwords...5 2.1 Social Engineering
More informationAdaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief
Adaptive Authentication Adapter for Juniper SSL VPNs Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing
More informationIntruders, Human Identification and Authentication, Web Authentication
Intruders, Human Identification and Authentication, Web Authentication David Sanchez Universitat Pompeu Fabra 06-06-2006 Lecture Overview Intruders and Intrusion Detection Systems Human Identification
More informationSECURE OFFICE OF THE FUTURE
** SECURE OFFICE OF THE FUTURE HP Today Powering 430 of the Global Fortune 500 Companies Working with 250,000+ Channel Partners 18,000+ patents 2 PCs & 1 Printer ship every second HP Business Personal
More informationAttacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)
Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication) 08 Jun 2017 K-LUG Technical Meeting Rochester, MN Presented by: Vi Grey Independent Security Researcher https://vigrey.com Who
More informationMobile Biometric Authentication: Pros and Cons of Server and Device-Based
Mobile Biometric Authentication: Pros and Cons of Server and Device-Based Table of Contents 01 Introduction 01 The Ongoing Debate 02 Server-Centric Architecture 02 Device-Centric Architecture 02 Advantages
More informationhidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION
HID ActivOne USER FRIENDLY STRONG AUTHENTICATION We understand IT security is one of the TOUGHEST business challenges today. HID Global is your trusted partner in the fight against data breach due to misused
More informationDashlane Security White Paper July 2018
Dashlane Security White Paper July 2018 Contents 1. General Security Principles... 2 a. Protection of User Data in Dashlane... 2 b. Local Access to User Data... 2 c. Local Data Usage After Deciphering...
More informationThe Future of Authentication
The Future of Authentication Table of Contents Introduction Facial Recognition Liveness Detection and Multimodal Biometrics FIDO: Standards-Based, Password-Free Authentication Biometric Authentication
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More informationTrusted Computing As a Solution!
Trusted Computing As a Solution! Brian Berger EVP Marketing & Sales & TCG Director Wave Systems Corp. www.wave.com Trusted Computing Group www.trustedcomputinggroup.org Agenda State of Hardware Security
More informationGoogle on BeyondCorp: Empowering employees with security for the cloud era
SESSION ID: EXP-F02 Google on BeyondCorp: Empowering employees with security for the cloud era Jennifer Lin Director, Product Management, Security & Privacy Google Cloud What is BeyondCorp? Enterprise
More informationThe Open Application Platform for Secure Elements.
The Open Application Platform for Secure Elements. Java Card enables secure elements, such as smart cards and other tamper-resistant security chips, to host applications, called applets, which employ Java
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationPractical Attack Scenarios on Secure Element-enabled Mobile Devices
Practical Attack Scenarios on Secure Element-enabled Mobile Devices Michael Roland University it of Applied Sciences Upper Austria,, Austria 4 th International Workshop on Near Field Communication 13 March
More information