• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Securing the Cloud for a Connected Society
 

Securing the Cloud for a Connected Society

on

  • 533 views

COMPUTEX TAIPEI 2013 - Cloud Industry Forum ...

COMPUTEX TAIPEI 2013 - Cloud Industry Forum
Topic: Securing the Cloud for a Connected Society
Speaker: Michael Poitner
Global Segment Marketing Director, Authentication, NXP Semiconductors

Statistics

Views

Total Views
533
Views on SlideShare
533
Embed Views
0

Actions

Likes
0
Downloads
140
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Securing the Cloud for a Connected Society Securing the Cloud for a Connected Society Presentation Transcript

    • Securing the Cloud for a Connected Society Computex – Cloud Industry Forum Taipei, June 6, 2013 Michael Poitner
    • Table of Contents Online Authentication Facts Today’s 2-factor Authentication Solutions Google’s “War on Password” and Solution Hardware Secure Elements and Threats Introduction to Fido (Fast Identity Online) User vs. Device Authentication Overview NXP Page 2 6/6/2013 Securing The Cloud – War On Password
    • Online Authentication: few facts Username and password prevalent for the past 40 years: Still adapted? Although I connect to 8 different services per day, I use some of them very I own 25 online accounts. a password re-initialization seldom and sometimes In you expect user has 6.5 Doaverage, athe service costs the to me to forget $15 associated different passwords remember provider password. 25 passwords? • Account takeover (ATF+NAF) rose by 50% in 2012 (Javelin March 2013) • Average 25 accounts per user • 6.5 different passwords • 8 services used per day in average • $15 per password re-initialization User Page 3 Service Provider 6/6/2013 • Passwords are being • Reused • Phished • Keylogged Securing The Cloud – War On Password
    • Online Authentication: more facts Passwords are not secure enough Some more hacking incidents Cisco IOS Passwords Issue: March 18 Michelle Obama, Hillary Clinton, Britney Spears, …: March 11 Evernote hacked, Password reset for 50M: March 2 cPanel web hosting control service hacked: Feb 28 Google 2-step verification tricked: Feb 26 Facebook, Apple, Microsoft corporate network hacked: Feb 22 250,000 Twitter accounts (Burger King, Jeep) hacked: Feb 19 Source: Ponemon Institute 2013 (sponsored by NokNok Labs Inc.) Page 4 6/6/2013 Securing The Cloud – War On Password
    • Good Pa$$phr@ses#1 are rare Source: http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html Page 5 6/6/2013 Securing The Cloud – War On Password
    • Online Authentication: few facts Multi-factors authentication proved efficiency in reducing fraud Multi-Factor Authentication, e.g. a token and a secret I don’t want to carry one (Pin or password) each of physical token for proved veryaccounts. my secure User Page 6 • With Chip-and-PIN card introduction in UK, fraud has decreased by 69% • For user convenience, tokens should be shared between services Service Provider 6/6/2013 Securing The Cloud – War On Password 6
    • Online Authentication: few facts PC is no longer the only access platform What about securing to Please don’t ask me My TVthesmartphone I use my now connected. accesses credential back move is through my Iand forth between all my can console? my more use it than Mymy to gameoften access PC favorite Facebook access content connected car? platforms • 64% of Facebook users via Smartphone, up by 57% yearover-year (FB Q4-12) • By 2016, 100M homes will be equipped with SmartTV in US and Western Europe (NPD In-Stat 2012) • Must have consistent level of security through all platforms User Page 7 Service Provider 6/6/2013 Security level is defined • Solution must by the weakest link. We be user-friendly: avoid too must insure utmost many user securitymanipulations through all platforms Securing The Cloud – War On Password
    • Today’s 2-factor solutions (consumer) Something you have + Something you know SMS OTP • Cost (user and issuer) OTP App/ Soft Certificates • Delay • Vulnerable to malware on host system • Use proprietary algorithms • No 2nd factor if phone/tablet is used for Internet access • Coverage issues • Typically one per site OTP Security • Phishable Convenience/ Features • Cannot hold identity • OTP not calculated in a Secure Element 6/6/2013 • On the large side • Type 6 or 8 digits into the phone • Vulnverable to MITM and MITB attacks Page 8 OTP fobs • No contactless interface Securing The Cloud – War On Password
    • Google declared “War On Passwords” IEEE paper “Authentication at Scale” Wired article Jan 18 “Gnubby” term leaked on Google blog Jan 18 Yubico blog Jan 21 Google protocol RSA conference Feb 25 Strong user auth Strong auth everywhere FIDO membership U2F working group April 18 Page 9 6/6/2013 Securing The Cloud – War On Password
    • Authentication System Architecture AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING DEVICE ABSTRACTION AUTHENTICATION AUTHENTICATION SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES Page 10 6/6/2013 Securing The Cloud – War On Password
    • Hardware Secure Element: a natural placeholder for security credentials • Tamper resistant: credentials can’t be duplicated nor altered • Proven security: core technology for banking cards and e-passports • Works on Windows, Mac and Linux. No driver needed. • Standardized and “open”: Supports multiple web sites • Ubiquitous interface: USB or NFC Page 11 6/6/2013 Securing The Cloud – War On Password
    • Typical Secure Element attacks Micro-probing Forcing Manipulation Electron Microscopy Atomic Force Microscopy (AFM) Contrast Etching Decoration Page 12 6/6/2013 Global And Local Light Attacks Spike/Glitch injection Alpha Particle Penetration Securing The Cloud – War On Password Non invasive Attacks: Leakage Invasive Attacks Reverse Engineering Delayering Semi-invasive Attacks: Fault Attacks Combined Attacks Photo emission Analysis EMA Analysis Timing Analysis SPA/DPA Analysis
    • NXP has joined the FIDO alliance board Board Members Page 13 6/6/2013 Securing The Cloud – War On Password
    • FIDO System Architecture FIDO AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING FIDO AUTHENTICATION CLIENT (WINDOWS, MAC, IOS, ANDROID…) DEVICE ABSTRACTION FIDO AUTHENTICATION 6/6/2013 SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES FIDO AUTHENTICATORS Page 14 AUTHENTICATION Securing The Cloud – War On Password
    • User vs. Device Authentication Protect sensitive networks and infrastructures • Industrial Control • Smart Grid Secure communications and services • Medical Devices secure firmware management Trust provisioning Tailored solution Bank-grade security Credential management Page 15 • Cloud Services 6/6/2013 Securing The Cloud – War On Password
    • NXP Semiconductors NXP Strong Innovation Pipeline: Distinctive Technologies:  Headquarters: Eindhoven/NL Over $600M / year in R&D Portfolio of secure/non-secure MCU  Employees: ~25,000 employees 3,200 engineers Embedded non-volatile & flash 11,000 patents Mixed signal processing Down to 40nm processes Zero power RF & NFC in more than 25 countries  Net sales: $4.3B in 2012 Page 16 6/6/2013 Securing The Cloud – War On Password
    • NXP is the Identification Industry’s #1 Semiconductor Supplier eGovernment Bank Cards Smart Mobility (MIFARE) Cards Tags & Authentication Readers Mobile Page 17 6/6/2013 Securing The Cloud – War On Password
    • Thank you for your attention! michael.poitner@nxp.com http://www.us-cert.gov/ http://krebsonsecurity.com/ http://www.schneier.com/ https://www.grc.com/haystack.htm