'A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem'

457 views
393 views

Published on

Rajiv Dholakia, VP, Products, presentation from the Cloud Identity Summit 2013, Napa

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
457
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
12
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

'A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem'

  1. 1. A QUESTION OF SCALE Mapping Authentication to the Modern Computing Ecosystem 1 Rajiv Dholakia VP Products, Nok Nok Labs
  2. 2. THE HUMBLE IGNITION KEY NOK NOK LABS 2
  3. 3. THINGS ARE CHANGING NOK NOK LABS 3 First Steps Next Steps Sony 77 M Evernote 60 M Rockyou 32 M LinkedIn 6.5 M Yahoo 450 K Twitter 56 K Attacks Apple Evernote Facebook Twitter Google ? Convenience, Security, Personalization
  4. 4. AKEYINSIGHT– GATEWAYTO USER EXPERIENCE ABOUTDESIGN, DELIGHT& DOLLARS (ALSORISK,REGULATION&REPUTATION) NOK NOK LABS Authentication is the “Ignition Key” 4
  5. 5. USERS FRUSTRATED •  25 ACCOUNTS •  8 LOGINS / DAY •  6.5 PASSWORDS ORGANIZATIONS OVERWHELMED •  $7.2M / DATA BREACH •  $15 / PASSWORD RESET •  $50-120+ / TOKEN ECOSYSTEMS INHIBITED •  FRAGMENTED •  INFLEXIBLE •  FRICTION EVERYWHERE HOWARE WE DOING? NOK NOK LABS 5
  6. 6. THEAUTHENTICATION TOWER OF BABEL Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS ? 6
  7. 7. IMPLEMENTATION CHALLENGE APLUMBINGPROBLEM:SHADESOFRUBEGOLDBERG… NOK NOK LABS App 2 New App ?   RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 7
  8. 8. THE RESULTING REALITY “AUTHENTICATION IS … EXPENSIVE TO IMPLEMENT, IT'S HARD TO USE, IT'S TOO EASYTO SUBVERT OR CIRCUMVENTAND IT FAILS MOREAND MORE FREQUENTLY,AND MOREAND MORE SPECTACULARLY IN TODAY'S INCREASINGLY RISKY ELECTRONIC ENVIRONMENT.” GARTNER:MAVERICKTECHNOLOGY NOK NOK LABS 8
  9. 9. DESIGN CONSIDERATIONS… 9NOK NOK LABS
  10. 10. TODAY’S WORLD: DIVERSE, DISTRIBUTED, DYNAMIC NOK NOK LABS 75% OF THE DIGITAL UNIVERSE CREATED, CAPTURED OR REPLICATED IN THE CLOUD 3.1 TRILLION HARD DRIVES WORTH OF DATA CONSUMED DAILY IN THE US US ECOMMERCE PROJECTED AT $325BN BY 2015 No single solution will work across all use cases 1.8 BN MOBILE PHONES/YEAR 200 MN TABLETS/YEAR 10
  11. 11. PONEMAN-NNL RESEARCH NOK NOK LABS 11 •  New & exclusive research, featuring 1,924 consumers: •  US: 754 •  UK: 569 •  Germany: 601 •  Covers experiences, perceptions & preferences for identity and authentication technology •  First annual report, covering trends, perceptions and attitudes to online authentication •  Research undertaken by the Ponemon Institute & sponsored by Nok Nok Labs, Inc.
  12. 12. PONEMAN-NOK NOK STUDY DIVERSITYRULESINEND-USERCOMMUNITIES–PROMISEINMOBILE NOK NOK LABS 12
  13. 13. RETIRING PASSWORDS Iden%ty  Services   A SYSTEMS PROBLEM (not technology) Physical-­‐to-­‐Digital  Iden%ty     User  Management     Authen%ca%on   Federa%on      Single Sign-On 13
  14. 14. THE OTHER HALF OF THE EQUATION NOK NOK LABS 14 STRONG AUTH PASSWORDS SSO/FEDERATION Recreated PMS First Mile Second Mile SAML OpenID
  15. 15. APEEK INTO MODERNAUTHENTICATION PRIVATE & CONFIDENTIAL 15NOK NOK LABS IMPLICIT AUTHENTICATION EXPLICIT AUTHENTICATION
  16. 16. THE ONLY WAY TO WINAGAINST MALWARE – SECURE HARDWARE NOK NOK LABS User Space Secure Hardware Auth SDK UX Layer Input, Display Crypto Layer Auth SDK UX Layer Input, Display Crypto Layer Auth SDK Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment
  17. 17. SOLUTIONPATTERNS–WHICHWILLPREVAIL? 17 User-Centric “Trust-Me-Me-Me” Relationship-Centric Regulation-Centric
  18. 18. Towards  Solu%ons  &     Building  Blocks   18
  19. 19. THE REALITY AUTHENTICATION that’s... NOK NOK LABS SIMPLE STRONG 19 Aspirational Goal
  20. 20. ADDRESS USABILITY & DIVERSITY 20NOK NOK LABS Usability Usage •  No passwords •  Existing devices •  Flexible authentication •  Engagement •  Completed transactions •  Security compliance Drives   Aspirational Goal
  21. 21. UNIFIED STANDARDS &AUTHENTICATIONAGILITY NOK NOK LABS ANYDEVICE.ANYAPPLICATION.ANYAUTHENTICATOR. App 2 Applications Authentication Methods RP 1 RP 1 App 1 New App UNIFIED STANDARDS Organizations ? 21 Aspirational Goal
  22. 22. EFFORTS UNDERWAY • Platform specific efforts (Microsoft,Apple,Android…) • Secure Silicon Efforts - TCG-TPM(TrustedComputingGroup) - IntelIPT(IdentityProtectionTechnology) - SecureElement(GlobalPlatform) - Others… • New and Noteworthy: - Trusted Execution Environment (Global Platform) - The FIDO (Fast Identity Online)Alliance 22NOK NOK LABS
  23. 23. GOAL: SIMPLER, STRONGER AUTH INTERNETSERVICES COMPONENT&DEVICEVENDORS SOFTWARE&STACKS
  24. 24. KEY IDEAS BEHIND FIDO • Leverage simple but strong local authentication - User authenticates locally to Client Device - Device authenticates to the Server • Focus of Standardization: - “Pluggable” local authentication (USB, Biometrics,TPM/Pin…) interfaces - The online crypto protocols used to authenticate to the server • Allow business appropriate and risk appropriate choice http://www.fidoalliance.org
  25. 25. TAKEAWAYS FROM THIS TALK 1.  Authentication is the “Ignition Key” to design, delight, & dollars 2.  Passwords don’t scale up (to the cloud) or down (to mobile devices) – a system solution is needed 3.  Diversity & heterogeneity will rule…no one size fits all 4.  Authentication is the “first mile”, Federation is the “second mile” 5.  ModernAuthentication = Explicit + Implicit 6.  Competing solution patterns – pick carefully 7.  Get involved: •  Advocateforstandardsasbuildingblocks–thinkofwhatSSLdidforyou •  Educateyourselfaboutemergingauthenticationtechnology •  Re-thinkyourauthenticationstrategy •  Pilotsomeoftheemergingtechnology 25
  26. 26. FOR MORE INFORMATION NOK NOK LABS •  FIDO  alliance   •   An  alliance  to  simplify  authen%ca%on   •  hEp://www.fidoalliance.org   •  Global  PlaLorm   •  hEp://www.globalplaLorm.org     •  Nok  Nok  Labs  –  pioneering  FIDO  standards  implementa%ons   •  Brainstorm,  Demonstra%on,  Evalua%on,  Webinar   •  Poneman-­‐Nok  Nok  Labs  Report   •  rajiv@noknok.com  or  info@noknok.com     •  hEp://www.noknok.com     26

×