0
A QUESTION OF
SCALE
Mapping Authentication to the
Modern Computing Ecosystem
1
Rajiv Dholakia
VP Products, Nok Nok Labs
THE HUMBLE IGNITION KEY
NOK NOK LABS 2
THINGS ARE CHANGING
NOK NOK LABS 3
First Steps Next Steps
Sony 77 M
Evernote 60 M
Rockyou 32 M
LinkedIn 6.5 M
Yahoo 450 K
...
AKEYINSIGHT– GATEWAYTO USER EXPERIENCE
ABOUTDESIGN, DELIGHT& DOLLARS (ALSORISK,REGULATION&REPUTATION)
NOK NOK LABS
Authent...
USERS
FRUSTRATED
•  25 ACCOUNTS
•  8 LOGINS / DAY
•  6.5 PASSWORDS
ORGANIZATIONS
OVERWHELMED
•  $7.2M / DATA BREACH
•  $15...
THEAUTHENTICATION TOWER OF BABEL
Silos, proprietary, privacy, reliance on 3rd party, tolls
NOK NOK LABS
?
6
IMPLEMENTATION CHALLENGE
APLUMBINGPROBLEM:SHADESOFRUBEGOLDBERG…
NOK NOK LABS
App 2 
New 
App
?	
  
RP 1
RP 1
App 1
?
Appli...
THE RESULTING REALITY
“AUTHENTICATION IS … EXPENSIVE TO
IMPLEMENT,
IT'S HARD TO USE, IT'S TOO EASYTO SUBVERT
OR CIRCUMVENT...
DESIGN CONSIDERATIONS…
9NOK NOK LABS
TODAY’S WORLD:
DIVERSE, DISTRIBUTED, DYNAMIC
NOK NOK LABS
75% OF THE DIGITAL
UNIVERSE CREATED,
CAPTURED OR
REPLICATED
IN T...
PONEMAN-NNL RESEARCH
NOK NOK LABS 11
•  New & exclusive research,
featuring 1,924 consumers:
•  US: 

 

 

754

•  UK: 

...
PONEMAN-NOK NOK STUDY
DIVERSITYRULESINEND-USERCOMMUNITIES–PROMISEINMOBILE
NOK NOK LABS
12
RETIRING PASSWORDS
Iden%ty	
  Services	
  
A SYSTEMS PROBLEM (not technology)
Physical-­‐to-­‐Digital	
  Iden%ty	
  	
  
U...
THE OTHER HALF OF THE EQUATION
NOK NOK LABS 14
STRONG AUTH
PASSWORDS
SSO/FEDERATION
Recreated PMS
First Mile Second Mile
S...
APEEK INTO MODERNAUTHENTICATION
PRIVATE & CONFIDENTIAL 15NOK NOK LABS
IMPLICIT
AUTHENTICATION
EXPLICIT
AUTHENTICATION
THE ONLY WAY TO WINAGAINST
MALWARE – SECURE HARDWARE
NOK NOK LABS
User Space 
Secure 
Hardware 
Auth SDK
UX Layer
Input, D...
SOLUTIONPATTERNS–WHICHWILLPREVAIL?
17
User-Centric
“Trust-Me-Me-Me”
Relationship-Centric
Regulation-Centric
Towards	
  Solu%ons	
  &	
  	
  
Building	
  Blocks	
  
18
THE REALITY
AUTHENTICATION that’s...
NOK NOK LABS
SIMPLE
STRONG
19
Aspirational Goal
ADDRESS USABILITY & DIVERSITY
20NOK NOK LABS
Usability 
 Usage
•  No passwords 
•  Existing devices
•  Flexible authentica...
UNIFIED STANDARDS &AUTHENTICATIONAGILITY
NOK NOK LABS
ANYDEVICE.ANYAPPLICATION.ANYAUTHENTICATOR.
App 2 
Applications Authe...
EFFORTS UNDERWAY
• Platform specific efforts (Microsoft,Apple,Android…)
• Secure Silicon Efforts
- TCG-TPM(TrustedComputin...
GOAL: SIMPLER, STRONGER AUTH
INTERNETSERVICES COMPONENT&DEVICEVENDORS SOFTWARE&STACKS
KEY IDEAS BEHIND FIDO
• Leverage simple but strong local authentication
- User authenticates locally to Client Device
- De...
TAKEAWAYS FROM THIS TALK
1.  Authentication is the “Ignition Key” to design, delight, & dollars
2.  Passwords don’t scale ...
FOR MORE INFORMATION
NOK NOK LABS
•  FIDO	
  alliance	
  
•  	
  An	
  alliance	
  to	
  simplify	
  authen%ca%on	
  
•  h...
Upcoming SlideShare
Loading in...5
×

'A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem'

286

Published on

Rajiv Dholakia, VP, Products, presentation from the Cloud Identity Summit 2013, Napa

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
286
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
9
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "'A Question of Scale: Mapping Authentication to the Modern Computing Ecosystem'"

  1. 1. A QUESTION OF SCALE Mapping Authentication to the Modern Computing Ecosystem 1 Rajiv Dholakia VP Products, Nok Nok Labs
  2. 2. THE HUMBLE IGNITION KEY NOK NOK LABS 2
  3. 3. THINGS ARE CHANGING NOK NOK LABS 3 First Steps Next Steps Sony 77 M Evernote 60 M Rockyou 32 M LinkedIn 6.5 M Yahoo 450 K Twitter 56 K Attacks Apple Evernote Facebook Twitter Google ? Convenience, Security, Personalization
  4. 4. AKEYINSIGHT– GATEWAYTO USER EXPERIENCE ABOUTDESIGN, DELIGHT& DOLLARS (ALSORISK,REGULATION&REPUTATION) NOK NOK LABS Authentication is the “Ignition Key” 4
  5. 5. USERS FRUSTRATED •  25 ACCOUNTS •  8 LOGINS / DAY •  6.5 PASSWORDS ORGANIZATIONS OVERWHELMED •  $7.2M / DATA BREACH •  $15 / PASSWORD RESET •  $50-120+ / TOKEN ECOSYSTEMS INHIBITED •  FRAGMENTED •  INFLEXIBLE •  FRICTION EVERYWHERE HOWARE WE DOING? NOK NOK LABS 5
  6. 6. THEAUTHENTICATION TOWER OF BABEL Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS ? 6
  7. 7. IMPLEMENTATION CHALLENGE APLUMBINGPROBLEM:SHADESOFRUBEGOLDBERG… NOK NOK LABS App 2 New App ?   RP 1 RP 1 App 1 ? Applications Authentication MethodsOrganizations Silo 1 Silo 2 Silo N Silo 3 7
  8. 8. THE RESULTING REALITY “AUTHENTICATION IS … EXPENSIVE TO IMPLEMENT, IT'S HARD TO USE, IT'S TOO EASYTO SUBVERT OR CIRCUMVENTAND IT FAILS MOREAND MORE FREQUENTLY,AND MOREAND MORE SPECTACULARLY IN TODAY'S INCREASINGLY RISKY ELECTRONIC ENVIRONMENT.” GARTNER:MAVERICKTECHNOLOGY NOK NOK LABS 8
  9. 9. DESIGN CONSIDERATIONS… 9NOK NOK LABS
  10. 10. TODAY’S WORLD: DIVERSE, DISTRIBUTED, DYNAMIC NOK NOK LABS 75% OF THE DIGITAL UNIVERSE CREATED, CAPTURED OR REPLICATED IN THE CLOUD 3.1 TRILLION HARD DRIVES WORTH OF DATA CONSUMED DAILY IN THE US US ECOMMERCE PROJECTED AT $325BN BY 2015 No single solution will work across all use cases 1.8 BN MOBILE PHONES/YEAR 200 MN TABLETS/YEAR 10
  11. 11. PONEMAN-NNL RESEARCH NOK NOK LABS 11 •  New & exclusive research, featuring 1,924 consumers: •  US: 754 •  UK: 569 •  Germany: 601 •  Covers experiences, perceptions & preferences for identity and authentication technology •  First annual report, covering trends, perceptions and attitudes to online authentication •  Research undertaken by the Ponemon Institute & sponsored by Nok Nok Labs, Inc.
  12. 12. PONEMAN-NOK NOK STUDY DIVERSITYRULESINEND-USERCOMMUNITIES–PROMISEINMOBILE NOK NOK LABS 12
  13. 13. RETIRING PASSWORDS Iden%ty  Services   A SYSTEMS PROBLEM (not technology) Physical-­‐to-­‐Digital  Iden%ty     User  Management     Authen%ca%on   Federa%on      Single Sign-On 13
  14. 14. THE OTHER HALF OF THE EQUATION NOK NOK LABS 14 STRONG AUTH PASSWORDS SSO/FEDERATION Recreated PMS First Mile Second Mile SAML OpenID
  15. 15. APEEK INTO MODERNAUTHENTICATION PRIVATE & CONFIDENTIAL 15NOK NOK LABS IMPLICIT AUTHENTICATION EXPLICIT AUTHENTICATION
  16. 16. THE ONLY WAY TO WINAGAINST MALWARE – SECURE HARDWARE NOK NOK LABS User Space Secure Hardware Auth SDK UX Layer Input, Display Crypto Layer Auth SDK UX Layer Input, Display Crypto Layer Auth SDK Crypto Layer UX Layer Input, Display No Secure HW Secure Crypto + Storage Secure Execution Environment
  17. 17. SOLUTIONPATTERNS–WHICHWILLPREVAIL? 17 User-Centric “Trust-Me-Me-Me” Relationship-Centric Regulation-Centric
  18. 18. Towards  Solu%ons  &     Building  Blocks   18
  19. 19. THE REALITY AUTHENTICATION that’s... NOK NOK LABS SIMPLE STRONG 19 Aspirational Goal
  20. 20. ADDRESS USABILITY & DIVERSITY 20NOK NOK LABS Usability Usage •  No passwords •  Existing devices •  Flexible authentication •  Engagement •  Completed transactions •  Security compliance Drives   Aspirational Goal
  21. 21. UNIFIED STANDARDS &AUTHENTICATIONAGILITY NOK NOK LABS ANYDEVICE.ANYAPPLICATION.ANYAUTHENTICATOR. App 2 Applications Authentication Methods RP 1 RP 1 App 1 New App UNIFIED STANDARDS Organizations ? 21 Aspirational Goal
  22. 22. EFFORTS UNDERWAY • Platform specific efforts (Microsoft,Apple,Android…) • Secure Silicon Efforts - TCG-TPM(TrustedComputingGroup) - IntelIPT(IdentityProtectionTechnology) - SecureElement(GlobalPlatform) - Others… • New and Noteworthy: - Trusted Execution Environment (Global Platform) - The FIDO (Fast Identity Online)Alliance 22NOK NOK LABS
  23. 23. GOAL: SIMPLER, STRONGER AUTH INTERNETSERVICES COMPONENT&DEVICEVENDORS SOFTWARE&STACKS
  24. 24. KEY IDEAS BEHIND FIDO • Leverage simple but strong local authentication - User authenticates locally to Client Device - Device authenticates to the Server • Focus of Standardization: - “Pluggable” local authentication (USB, Biometrics,TPM/Pin…) interfaces - The online crypto protocols used to authenticate to the server • Allow business appropriate and risk appropriate choice http://www.fidoalliance.org
  25. 25. TAKEAWAYS FROM THIS TALK 1.  Authentication is the “Ignition Key” to design, delight, & dollars 2.  Passwords don’t scale up (to the cloud) or down (to mobile devices) – a system solution is needed 3.  Diversity & heterogeneity will rule…no one size fits all 4.  Authentication is the “first mile”, Federation is the “second mile” 5.  ModernAuthentication = Explicit + Implicit 6.  Competing solution patterns – pick carefully 7.  Get involved: •  Advocateforstandardsasbuildingblocks–thinkofwhatSSLdidforyou •  Educateyourselfaboutemergingauthenticationtechnology •  Re-thinkyourauthenticationstrategy •  Pilotsomeoftheemergingtechnology 25
  26. 26. FOR MORE INFORMATION NOK NOK LABS •  FIDO  alliance   •   An  alliance  to  simplify  authen%ca%on   •  hEp://www.fidoalliance.org   •  Global  PlaLorm   •  hEp://www.globalplaLorm.org     •  Nok  Nok  Labs  –  pioneering  FIDO  standards  implementa%ons   •  Brainstorm,  Demonstra%on,  Evalua%on,  Webinar   •  Poneman-­‐Nok  Nok  Labs  Report   •  rajiv@noknok.com  or  info@noknok.com     •  hEp://www.noknok.com     26
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×