Mobile Security and 2FAThe reality from the trenches…Ollie Whitehouse, Associate Director, NCC Group
Before we begin…• NCC = iSEC Partners in the USA• FTSE listed ~99 million GBP revenue• Independent security experts• Worki...
Agenda for the 15 minute positioning..• Mobile Security• Reality and Elephants• Future Enablers• Authentication and mobile...
Mobile Security – Security threats• Hardware• Platform• Android, iOS, Windows etc.• Vendor Customisation• Undermining plat...
Mobile Security – Challenges• Mobile vendor fragmentation• Vendor spend on security• 18 to 24 month device life cycles• Ca...
Mobile Security – Future
Mobile Security – Future• The security arms race is starting..• BlackBerry, Samsung,SEAndroid (Generic),Apple and Windows•...
Mobile 2FA – Concerns• Satisfying ‘Something you have’• SMS latency• The ‘NYE’ problem• The ‘malware’ issue• For seeded / ...
Mobile 2FA – Drivers for mobile 2FA
Mobile 2FA – What we’re seeing
Mobile 2FA – Satisfying the concerns• Today• Jail break detection• Device unique IDs• Device lockdown• Dual persona device...
Mobile 2FA – Result (one solution seen)Circuit Switch and Voice for Last Chance Fall-back
Mobile 2FA – Tomorrow?
Upcoming SlideShare
Loading in …5
×

The Future of Secure, Mobile Authentication

336 views

Published on

From Voice Biometrics Conference San Francisco (May 8-9, 2013): Mobile devices have the potential to be the universal device to make authentication stronger. But a host of challenges stand in the way for mobile security platforms. What are the key enablers and how does voice fit into a comprehensive mobile security strategy?
Ollie Whitehouse, Associate Director, NCC Group

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
336
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Future of Secure, Mobile Authentication

  1. 1. Mobile Security and 2FAThe reality from the trenches…Ollie Whitehouse, Associate Director, NCC Group
  2. 2. Before we begin…• NCC = iSEC Partners in the USA• FTSE listed ~99 million GBP revenue• Independent security experts• Working in hardware, softwareand higher level business functions• Trusted advisor to many• ~ 250 technical security consultants• ~ 80 business security consultants
  3. 3. Agenda for the 15 minute positioning..• Mobile Security• Reality and Elephants• Future Enablers• Authentication and mobile• 2FA – what it looks like today• Voice biometrics and its Role
  4. 4. Mobile Security – Security threats• Hardware• Platform• Android, iOS, Windows etc.• Vendor Customisation• Undermining platform security• Apps• Poorly designed / implemented• User activity•  Hygiene with regards to apps / jail breaking
  5. 5. Mobile Security – Challenges• Mobile vendor fragmentation• Vendor spend on security• 18 to 24 month device life cycles• Carrier certification of updates• User awareness / education• User experience for security patches• Carrier / user desire for security patches
  6. 6. Mobile Security – Future
  7. 7. Mobile Security – Future• The security arms race is starting..• BlackBerry, Samsung,SEAndroid (Generic),Apple and Windows• Platform features• TrustZone• Virtualisation / HyperVisors• Software security• Improving rapidly..
  8. 8. Mobile 2FA – Concerns• Satisfying ‘Something you have’• SMS latency• The ‘NYE’ problem• The ‘malware’ issue• For seeded / on-line• Jail breaking• For seeded / on-line• Connectivity• For on-line
  9. 9. Mobile 2FA – Drivers for mobile 2FA
  10. 10. Mobile 2FA – What we’re seeing
  11. 11. Mobile 2FA – Satisfying the concerns• Today• Jail break detection• Device unique IDs• Device lockdown• Dual persona devices• Tomorrow• TrustZone and friends
  12. 12. Mobile 2FA – Result (one solution seen)Circuit Switch and Voice for Last Chance Fall-back
  13. 13. Mobile 2FA – Tomorrow?

×