• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem
 

CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem

on

  • 655 views

Rajiv Dholakia, Vice President, Products, Nok Nok Labs ...

Rajiv Dholakia, Vice President, Products, Nok Nok Labs
Authentication is the ignition key to the modern computing environment. As computing platforms evolve from desktop to mobile and embedded devices, the authentication methods need to adapt to meet these new requirements of flexibility and scale. This session will review these emerging technologies, solution patterns and share initiatives to simplify strong authentication at scale. If you are invested in federation technologies, operate identity services, this talk will provide a roadmap towards a robust and flexible infrastructure that can withstand the rapid evolution of authentication technologies, device form-factors, use cases and emergent risks.

Statistics

Views

Total Views
655
Views on SlideShare
655
Embed Views
0

Actions

Likes
0
Downloads
42
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem CIS13: A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem Presentation Transcript

    • A QUESTION OF SCALE Mapping Authentication to the Modern Computing Ecosystem 1 Rajiv Dholakia VP Products, Nok Nok Labs
    • THE HUMBLE IGNITION KEY NOK NOK LABS 2
    • THINGS ARE CHANGING NOK NOK LABS 3 First Steps Next Steps Sony 77 M Evernote 60 M Rockyou 32 M LinkedIn 6.5 M Yahoo 450 K Twitter 56 K Attacks Apple Evernote Facebook Twitter Google ? Convenience, Security, Personalization
    • AKEYINSIGHT– GATEWAYTO USER EXPERIENCE ABOUTDESIGN, DELIGHT& DOLLARS (ALSORISK,REGULATION&REPUTATION) NOK NOK LABS Authentication is the “Ignition Key” 4
    • USERS FRUSTRATED •  25 ACCOUNTS •  8 LOGINS / DAY •  6.5 PASSWORDS ORGANIZATIONS OVERWHELMED •  $7.2M / DATA BREACH •  $15 / PASSWORD RESET •  $50-120+ / TOKEN ECOSYSTEMS INHIBITED •  FRAGMENTED •  INFLEXIBLE •  FRICTION EVERYWHERE HOWARE WE DOING? NOK NOK LABS 5
    • THEAUTHENTICATION TOWER OF BABEL Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS ? 6
    • IMPLEMENTATION CHALLENGE APLUMBINGPROBLEM:SHADESOFRUBEGOLDBERG… NOK NOK LABS App 2 New App ?   RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 7
    • THE RESULTING REALITY “AUTHENTICATION IS … EXPENSIVE TO IMPLEMENT, IT'S HARD TO USE, IT'S TOO EASYTO SUBVERT OR CIRCUMVENTAND IT FAILS MOREAND MORE FREQUENTLY,AND MOREAND MORE SPECTACULARLY IN TODAY'S INCREASINGLY RISKY ELECTRONIC ENVIRONMENT.” GARTNER:MAVERICKTECHNOLOGY NOK NOK LABS 8
    • MENTALFLOSS–AUTOMATABYJOHNLUMBUS* 9 *Cabaret  Mechanical  Theater  –  UK  (h5p://cabaret.co.uk)      
    • DESIGN CONSIDERATIONS… 10NOK NOK LABS
    • TODAY’S WORLD: DIVERSE, DISTRIBUTED, DYNAMIC NOK NOK LABS 75% OF THE DIGITAL UNIVERSE CREATED, CAPTURED OR REPLICATED IN THE CLOUD 3.1 TRILLION HARD DRIVES WORTH OF DATA CONSUMED DAILY IN THE US US ECOMMERCE PROJECTED AT $325BN BY 2015 No single solution will work across all use cases 1.8 BN MOBILE PHONES/YEAR 200 MN TABLETS/YEAR 11
    • PONEMAN-NNL RESEARCH NOK NOK LABS 12 •  New & exclusive research, featuring 1,924 consumers: •  US: 754 •  UK: 569 •  Germany: 601 •  Covers experiences, perceptions & preferences for identity and authentication technology •  First annual report, covering trends, perceptions and attitudes to online authentication •  Research undertaken by the Ponemon Institute & sponsored by Nok Nok Labs, Inc.
    • PONEMAN-NOK NOK STUDY DIVERSITYRULESINEND-USERCOMMUNITIES–PROMISEINMOBILE NOK NOK LABS 13
    • RETIRING PASSWORDS Iden%ty  Services   A SYSTEMS PROBLEM (not technology) Physical-­‐to-­‐Digital  Iden%ty     User  Management     Authen%ca%on   Federa%on      Single Sign-On 14
    • THE OTHER HALF OF THE EQUATION NOK NOK LABS 15 STRONG AUTH PASSWORDS SSO/FEDERATION Recreated PMS First Mile Second Mile SAML OpenID
    • APEEK INTO MODERNAUTHENTICATION PRIVATE & CONFIDENTIAL 16NOK NOK LABS IMPLICIT AUTHENTICATION EXPLICIT AUTHENTICATION
    • THE ONLY WAY TO WINAGAINST MALWARE – SECURE HARDWARE NOK NOK LABS User Space Secure Hardware Auth SDK UX Layer Input, Display Crypto Layer Auth SDK UX Layer Input, Display Crypto Layer Auth SDK Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment
    • SOLUTIONPATTERNS–WHICHWILLPREVAIL? 18 User-Centric “Trust-Me-Me-Me” Relationship-Centric Regulation-Centric
    • Towards  Solu%ons  &     Building  Blocks   19
    • THE REALITY AUTHENTICATION that’s... NOK NOK LABS SIMPLE STRONG 20 Aspirational Goal
    • ADDRESS USABILITY & DIVERSITY 21NOK NOK LABS Usability Usage •  No passwords •  Existing devices •  Flexible authentication •  Engagement •  Completed transactions •  Security compliance Drives   Aspirational Goal
    • UNIFIED STANDARDS &AUTHENTICATIONAGILITY NOK NOK LABS ANYDEVICE.ANYAPPLICATION.ANYAUTHENTICATOR. App 2 Applications Authentication Methods RP 1 RP 1 App 1 New App UNIFIED STANDARDS Organizations ? 22 Aspirational Goal
    • EFFORTS UNDERWAY • Platform specific efforts (Microsoft,Apple,Android…) • Secure Silicon Efforts - TCG-TPM(TrustedComputingGroup) - IntelIPT(IdentityProtectionTechnology) - SecureElement(GlobalPlatform) - Others… • New and Noteworthy: - Trusted Execution Environment (Global Platform) - The FIDO (Fast Identity Online)Alliance 23NOK NOK LABS
    • GOAL: SIMPLER, STRONGER AUTH INTERNETSERVICES COMPONENT&DEVICEVENDORS SOFTWARE&STACKS
    • KEY IDEAS BEHIND FIDO • Leverage simple but strong local authentication - User authenticates locally to Client Device - Device authenticates to the Server • Focus of Standardization: - “Pluggable” local authentication (USB, Biometrics,TPM/Pin…) interfaces - The online crypto protocols used to authenticate to the server • Allow business appropriate and risk appropriate choice http://www.fidoalliance.org
    • TAKEAWAYS FROM THIS TALK 1.  Authentication is the “Ignition Key” to design, delight, & dollars 2.  Passwords don’t scale up (to the cloud) or down (to mobile devices) – a system solution is needed 3.  Diversity & heterogeneity will rule…no one size fits all 4.  Authentication is the “first mile”, Federation is the “second mile” 5.  ModernAuthentication = Explicit + Implicit 6.  Competing solution patterns – pick carefully 7.  Get involved: •  Advocateforstandardsasbuildingblocks–thinkofwhatSSLdidforyou •  Educateyourselfaboutemergingauthenticationtechnology •  Re-thinkyourauthenticationstrategy •  Pilotsomeoftheemergingtechnology 26
    • FOR MORE INFORMATION NOK NOK LABS •  FIDO  alliance   •   An  alliance  to  simplify  authen%ca%on   •  hEp://www.fidoalliance.org   •  Global  PlaLorm   •  hEp://www.globalplaLorm.org     •  Nok  Nok  Labs  –  pioneering  FIDO  standards  implementa%ons   •  Brainstorm,  Demonstra%on,  Evalua%on,  Webinar   •  Poneman-­‐Nok  Nok  Labs  Report   •  rajiv@noknok.com  or  info@noknok.com     •  hEp://www.noknok.com     27