EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Similar documents
EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Who What Why

A NEW MODEL FOR AUTHENTICATION

FIDO AND PAYMENTS AUTHENTICATION. Philip Andreae Vice President Oberthur Technologies

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

FIDO ALLIANCE: UPDATES & OVERVIEW BRETT MCDOWELL EXECUTIVE DIRECTOR. All Rights Reserved FIDO Alliance Copyright 2017

FIDO AS REGTECH ADDRESSING GOVERNMENT REQUIREMENTS. Jeremy Grant. Managing Director, Technology Business Strategy Venable LLP

EMERGING TRENDS AROUND AUTHENTICATION

Deprecating the Password: A Progress Report. Dr. Michael B. Jones Identity Standards Architect, Microsoft May 17, 2018

Next Gen Security Technologies for Healthcare Authentication

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS

TECHNICAL WHITE PAPER FIDO APPROACHES: NOK NOK LABS S3 SUITE VS BUILD YOUR OWN FIDO

Authentication Work stream FIGI Security Infrastructure and Trust Working Group. Abbie Barbir, Chair

Dissecting NIST Digital Identity Guidelines

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

Internet is Global. 120m. 300m 1.3bn Users. 160m. 300m. 289m

Security Strategy for Mobile ID GSMA Mobile Connect Summit

More than just being signed-in or signed-out. Parul Jain, Architect,

FIDO TECHNICAL OVERVIEW. All Rights Reserved FIDO Alliance Copyright 2018

Attacking Your Two-Factor Authentication (PS: Use Two-Factor Authentication)

IMPROVING MOBILE AUTHENTICATION FOR PUBLIC SAFETY AND FIRST RESPONDERS

IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

BlackBerry Enterprise Identity

Authentication Technology for a Smart eid Infrastructure.

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

ADOPTING FIDO SearchSecurity

EBOOK 4 TIPS FOR STRENGTHENING THE SECURITY OF YOUR VPN ACCESS

DIGITAL IDENTITY TRENDS AND NEWS IN CHINA AND SOUTH EAST ASIA

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

Next Generation Authentication

FIDO & PSD2. Providing for a satisfactory customer journey. April, Copyright 2018 FIDO Alliance All Rights Reserved.

Unlocking Office 365 without a password. How to Secure Access to Your Business Information in the Cloud without needing to remember another password.

Addressing Credential Compromise & Account Takeovers: Bearersensitive. Girish Chiruvolu, Ph.D., CISSP, CISM, MBA ISACA NTX April 19

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Mobile Connect Accelerator A GSMA Approved Solution By WSO2.Telco. Digital Enablement Powered By APIs For Telcos

Digital Identity Guidelines aka NIST SP March 1, 2017 Ken Klingenstein, Internet2

Kickstart. Overview. Oct 2017

New Paradigms of Digital Identity:

ITU-T SG 17 Q10/17. Trust Elevation Frameworks

FIDO Alliance Response to the European Banking Authority (EBA)

Innovative Authentication method for boosting Mobile Connect global roll-out

A Practical Step-by-Step Guide to Managing Cloud Access in your Organization

Modern two-factor authentication: Easy. Affordable. Secure.

Mobile Identity as key enabler for the Digital Consumer

Prof. Christos Xenakis

Prof. Christos Xenakis

ADAPTIVE AUTHENTICATION ADAPTER FOR IBM TIVOLI. Adaptive Authentication in IBM Tivoli Environments. Solution Brief

OATH : An Initiative for Open AuTHentication

HIPAA Compliance discussion

The Benefits of EPCS Beyond Compliance August 15, 2016

Using Biometric Authentication to Elevate Enterprise Security

Identity & Access Management

Choosing the right two-factor authentication solution for healthcare

How Next Generation Trusted Identities Can Help Transform Your Business

Google Identity Services for work

RSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief

National Cybersecurity Center of Excellence (NCCoE) Mobile Application Single Sign

Trusted Identities. Foundational to Cloud Services LILA KEE CHIEF PRODUCT OFFICER GLOBALSIGN

Cryptologic and Cyber Systems Division

Exploring the potential of Mobile Connect: From authentication to identity and attribute sharing. Janne Jutila, Head of Business Development, GSMA

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

The CISO s Guide to Deploying True Password-less Security. by Bojan Simic and Ed Amoroso

Yubico with Centrify for Mac - Deployment Guide

M365 Powered Device Proof of Concept

Azure Multi-Factor Authentication: Who do you think you are?

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

Adaptive Authentication Adapter for Citrix XenApp. Adaptive Authentication in Citrix XenApp Environments. Solution Brief

Securing today s identity and transaction systems:! What you need to know! about two-factor authentication!

Managing Trust in e-health with Federated Identity Management

Natural Security Alliance

National Strategy for Trusted Identities in Cyberspace

Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift

Crash course in Azure Active Directory

White Paper. The Impact of Payment Services Directive II (PSD2) on Authentication & Security

To Audit Your IAM Program

Adaptive Authentication Adapter for Juniper SSL VPNs. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

SurePassID ServicePass User Guide. SurePassID Authentication Server 2017

AS emas emudhra Authentication Solution

Identity & security CLOUDCARD+ When security meets convenience

Identity Management. Rolf Blom Ericsson Research

Keeping your VPN protected. proven. trusted.

Enterprise Adoption Best Practices

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Access Management Handbook

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Integrated Access Management Solutions. Access Televentures

Mobile Access is the Killer App The Path to Flexible, Secure Credentials Brandon Arcement Senior Director, Product Marketing April 8, 2019

Using Smart Cards to Protect Against Advanced Persistent Threat

What It Takes to be a CISO in 2017

SECURING AWS ACCESS WITH MODERN IDENTITY SOLUTIONS

Breaking FIDO Yubico. Are Exploits in There?

CHARLES DARWIN, CYBERSECURITY VISIONARY

Duo End User Education Templates

BIDMC Multi-Factor Authentication Enrollment Guide Table of Contents

CONVENIENCE & SECURITY ARE THE KEYS TO SUCCESS NOW - SUBJECT TO THE SMART AUTHENTICATION. Kelly Ng Co-Founder

10 FOCUS AREAS FOR BREACH PREVENTION

Paystar Remittance Suite Tokenless Two-Factor Authentication

How Cyber-Criminals Steal and Profit from your Data

Transcription:

1 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

2 Data Breaches are out of control

3 IN 2014... 783 data breaches >1 billion records stolen since 2012 $3.5 million average cost per breach

4 We have a PASSWORD PROBLEM

5 TOO MANY TO REMEMBER, DIFFICULT TO TYPE, AND TOO VULNERABLE Re-used Phished Keylogged

6 Adding more authentication has largely been rejected by users

7 ONE-TIME PASSCODES Improve security but aren t easy enough SMS Reliability Token Necklace Poor User Experience Still Phishable

8 THE OLD PARADIGM OTP 2FA Passwords PINs SECURITY USABILITY

9 WE NEED A NEW MODEL Fast IDentity Online

10 SECURITY Weak Strong THE FIDO PARADIGM OTP 2FA Passwords PINs Poor Good USABILITY

11 HOW DOES FIDO WORK? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR

12 Fido Registration 1 2 3 User Approval New Key Created Registration Begins 4 Key Registered using Public Key Cryptography

13 Fido Login 1 2 3 Login Challenge Key Selected Login User Approval 4 Login Complete Login Response using Public Key Cryptography

14 online authentication using public key cryptography

15 Passwordless Experience (FIDO UAF Standards) 1 2 3 $10,000 Success Transfer Now Transaction Detail User Authentication Done Second Factor Experience (FIDO U2F Standards) 1 2 Success 3 Login & Password Insert dongle Press Button Done

16 PayPal continues FIDO enablement in improved mobile wallet app. Google has FIDO in Chrome and 2-Step Verification. Samsung adds FIDO enabled Touch authentication to Galaxy S6 2014 Deployments

17 FIDO UNIVERSAL 2 ND FACTOR Is a user present? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR Same authenticator as registered before?

18 Step 1 U2F AUTHENTICATION DEMO EXAMPLE

19 Step 2 U2F AUTHENTICATION DEMO EXAMPLE

20 Step 3 U2F AUTHENTICATION DEMO EXAMPLE

21 Step 4 U2F AUTHENTICATION DEMO EXAMPLE +Bob

22 FIDO UNIVERSAL AUTHENTICATION FRAMEWORK UAF Same User as enrolled before? Same Authenticator as registered before? USER VERIFICATION FIDO AUTHENTICATION AUTHENTICATOR

23 STEP 1 UAF AUTHENTICATION DEMO EXAMPLE

24 STEP 2 UAF AUTHENTICATION DEMO EXAMPLE

25 STEP 3 UAF AUTHENTICATION DEMO EXAMPLE

26 STEP 4 UAF AUTHENTICATION DEMO EXAMPLE

27 USABILITY, SECURITY and PRIVACY

28 No 3rd Party in the Protocol No Secrets on the Server side Biometric data (if used) never leaves device No link-ability between Services or Accounts

29 Better Security for online services Reduced cost for the enterprise Simple & Safe for consumers

30 The FIDO Alliance is an open association of more than 180 diverse member organizations

10 Single Sign-On Federation MODERN AUTHENTICATION Authentication Passwords Strong Risk-Based User Management Physical-to-digital identity 31

32 Online Services Chip Providers Device Providers Biometrics Vendors Enterprise Servers Platform Providers Board Members

33 FIDO TIMELINE FIDO 1.0 FINAL Specification FIDO Ready Program Specification Review Draft First UAF & U2F Deployments Alliance Announced FEB 2013 (6 Members) DEC 2013 (59 Members) FEB 2014 (84 Members) FEB-OCT 2014 (129 Members) DEC 9 2014 (152 Members)

34 FIDO in 2015 FIDO implementations and deployments

35 A range of FIDO PRODUCTS is now available

36 Online Services Chip Providers Device Providers Biometrics Technology Providers Implementing 1.0 Specifications (this is only a subset of active implementations) Enterprise Servers Open Source Mobile Apps/Clients WWW Browsers

37 Windows used by 1.5 billion users Windows 10 in 190 countries by Q3 Free upgrade for consumer FIDO in Windows 10

38 Market leader to ship FIDO client 85+ OEMs as of Q4 >1 billion Android devices shipped Innovative sensor FIDO in Snapdragon

39 First healthcare deployment Physician access to health records up to 50 million Healthcare users FIDO in Healthcare

40 Google for Work announced Enterprise admin support for FIDO U2F Security Key April 21 Google for Work is used by over 5 million businesses worldwide The Security Keys are a great step forward, as they are very practical and more secure. Woolsworth IT FIDO in Enterprise

41 Governments worldwide are looking at FIDO FIDO featured at White House Summit New collaboration framework FIDO & Government 2013 Data Breach Investigations Report (conducted by Verizon in concert with the U.S. Department of Homeland Security) noted that 76% of 2012 network intrusions exploited weak or stolen credentials. -- NIST Roadmap for Improving Critical Infrastructure Cybersecurity,12- Feb-2014

42 New Government Membership Class Reflecting an increased NNL focus on Government Infineon NSP collaboration worldwide Details are now published in the new FIDO Alliance Membership Agreement

43 JOIN THE FIDO ALLIANCE

Mobile Connect & FIDO

About the GSMA The GSMA represents the interests of mobile operators worldwide Spanning more than 220 countries, the GSMA unites nearly 800 of the world s mobile operators, as well as more than 230 companies in the broader mobile ecosystem

Mobile Connect: a convenient and secure alternative to passwords that also Protects consumers privacy Easy to use as it uses the mobile phone for authentication (i.e. no passwords) Anonymous but secure log-in (no passwords to steal, improved user experience, reduce friction) Adds trust into digital transactions (e.g. by confirming location, user identity, usage) Protects privacy (operator confirm credentials, user gives consent for sharing) Reduce SP fraud through assurance that there is as real person behind the account Simple and cost effective for MNOs to deploy, leveraging existing operator assets GSMA 2014 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

Mobile Connect and FIDO both seek to replace passwords Or Something I Know Something I Have Something I Have + Something I Know Something I Have + Something I Am GSMA 2014 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

FIDO objectives align well with those of Mobile Connect Both FIDO and Mobile Connect are addressing the same problem: easier, safer online authentication Both FIDO and Mobile Connect leverage the mobile phone to achieve this Whilst Mobile Connect uses existing MNO services for authentication (SMS, USSD, SIM Toolkit) FIDO leverages the local device authentication on the phone itself In doing so, both provide easy, secure two-factor authentication Both also provide a pluggable framework that can support a variety of security levels as well as supporting new authentication methods as they arise GSMA 2014 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

Synergistic fit using FIDO for the first mile of Mobile Connect Service access request Service Provider Tablet/desktop Authentication request SIM applet protocol (CPAS8) MNO Second mile SIM applet AuthN server Identity GW FIDO UAF protocol Mobile phone with FIDO client First mile AuthN server A key difference between FIDO and Mobile Connect is that FIDO purposefully focuses solely on the first mile authentication itself whilst Mobile Connect also provides a federation layer via OpenID Connect GSMA 2014 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

FIDO can be integrated into Mobile Connect to extend the range of authenticators Authentication MNO Mobile phone with FIDO client MFAS Identity GW Leveraging FIDO enables users to authenticate using existing authentication mechanisms on their mobile phone including biometrics the user becomes the credential (Something I am) GSMA 2014 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

Mobile Connect and FIDO UAF integration: White Paper Main objective: Overview of FIDO Architecture and use cases Integration of FIDO UAF authenticators into Mobile Connect arch Status: Co-developed between GSMA, MNOs and FIDO members First draft finished and out for review within FIDO Alliance and GSMA; targeting publication by end June Left for a second phase: UICC based FIDO authenticator Use of UICC to enhance FIDO implementation security FIDO U2F integration GSMA 2014 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

Matching of FIDO policies to OpenID Connect acr_values Service Providers need to be able to both specify and receive feedback on the type of authenticator used Mobile Connect FIDO uses Level of Assurance (LoA) values (ISO 29115) in the OIDC request acr_values params, so the SP can indicate the authenticator class that should be used uses the FIDO Policy to describe the required authenticator characteristics for accepted authenticators Options: Expand the list of acr_values to accommodate additional LoA/policies Capture SP requirements at registration to the Mobile Connect service and propagate via the Mobile Connect federation GSMA 2014 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

Next steps GSMA White paper Continue Working on open issues related to the integration of the FIDO authentication framework with Mobile Connect Improve the document with feedback from the PoC FIDO/GSMA/MNO PoC (June/July) Prototype of FIDO integration into an end-end Mobile Connect implementation: Telefonica + Nok Nok Labs Targeted for Mobile World Congress Shanghai MNO/SP beta trial (post MWCS) Live implementation and trial of FIDO authenticators within a Mobile Connect service provided to an SP GSMA 2014 All GSMA meetings are conducted in full compliance with the GSMA s anti-trust compliance policy

54 EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback