CIS14: Authentication: Elderly People's Ankles

507 views

Published on

Josh Alexander, Toopher

Discussion of precisely why modern approaches to user authentication fail and how we can add bandwidth to our perspective to prevent attacks without the hindering aspects that ruin user experience.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
507
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
15
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

CIS14: Authentication: Elderly People's Ankles

  1. 1. Elderly People’s Ankles
  2. 2. Characterizing Artifacts of Legacy Security Technology and Their Effects on Modern Applications of Authentication and Authorization
  3. 3. Hi.
  4. 4. Nay @toopherjosh
  5. 5. Ian Glazer and I have a bet…
  6. 6. Who can use the most slides without affecting quality?
  7. 7. I
  8. 8. will
  9. 9. win.
  10. 10. Let’s get to it –
  11. 11. Picture of “children”
  12. 12. Let’s play a game.
  13. 13. Seriously… I’ll wait until you agree…
  14. 14. Picture 1.2
  15. 15. Picture 1.1
  16. 16. Picture 2.1
  17. 17. Picture 2.2
  18. 18. Picture 2.2
  19. 19. Picture 2.2
  20. 20. Statistics
  21. 21. µ
  22. 22. σ
  23. 23. The null
  24. 24. There is a 68% chance this is boring.
  25. 25. A long long time ago…
  26. 26. In the year 2000…
  27. 27. Don’t judge – you had one too.
  28. 28. Where even the water has calories
  29. 29. null hypothesis = you are a good person
  30. 30. You are a terrorist.
  31. 31. null hypothesis = you are a terrorist.
  32. 32. You are a terrorist shoe bomber.
  33. 33. null hypothesis = you are a shoe bomber.
  34. 34. elderly people’s ankles
  35. 35. elderly people’s ankles
  36. 36. EPA
  37. 37. Picture 3.1
  38. 38. Picture 3.2
  39. 39. You are not you.
  40. 40. You are not you.
  41. 41. You are not you.
  42. 42. null hypothesis = you are not you.
  43. 43. you are not you.
  44. 44. you are not you. your user
  45. 45. you are not you. your user customer
  46. 46. 1 act play
  47. 47. Act 1 <login>
  48. 48. 3 act play
  49. 49. Act 1 <login>
  50. 50. Act 2 <action>
  51. 51. Act 3 <logout>
  52. 52. Yes… I totally had to look all that up on wiki
  53. 53. ?
  54. 54. Act 1 <login>
  55. 55. Act 2 <action>
  56. 56. <Act 1>
  57. 57. Act 1 <login>
  58. 58. Act 2 <action>
  59. 59. A Happy Ending?
  60. 60. Repetition Poisoning
  61. 61. We  retain  the  right  to  rename  your  kids  
  62. 62. Repetition Poisoning
  63. 63. Repetition Poisoning Test
  64. 64. ILK BILK SILK
  65. 65. What fiber to SILKworms produce?
  66. 66. ILK BILK SILK
  67. 67. ILK BILK SILK
  68. 68. What’s another word for DEFRAUD?
  69. 69. ILK BILK SILK
  70. 70. ILK BILK SILK
  71. 71. What’s a word to describe a person or thing similar to which you’ve previously referred?
  72. 72. ILK BILK SILK
  73. 73. ILK BILK SILK
  74. 74. What do cows drink?
  75. 75. Wrong.
  76. 76. Cows drink water.
  77. 77. </Act 1>
  78. 78. <Act 2>
  79. 79. ?
  80. 80. <Act 2.1>
  81. 81. U/P + device recognition < MITB
  82. 82. U/P + device recognition < Zeus
  83. 83. 1 / 30 days
  84. 84. 3-4 times per day
  85. 85. MFA @ 1%
  86. 86. invisibility ≠ omission
  87. 87. </Act 2.1>
  88. 88. <Act 2.2>
  89. 89. ?
  90. 90. UX
  91. 91. UX è optimized
  92. 92. UX è optimized = no modification to human behavior
  93. 93. Context
  94. 94. </Act 2.2>
  95. 95. <Act 2.31>
  96. 96. Identity is valuable.
  97. 97. Identity, Inc.; NYSE: IDNT
  98. 98. Yeah you are.
  99. 99. </Act 2.31>
  100. 100. <Act 2.32>
  101. 101. The Internet of Things (IoT)
  102. 102. The Internet of Things (IoT) <groan>
  103. 103. Relying Party Benefit User Benefit
  104. 104. Relying Party Benefit User Benefit
  105. 105. Context creates invisibility.
  106. 106. Invisibility enables security.
  107. 107. </Act 2.32>
  108. 108. <Act 3>
  109. 109. Act 3 <logout>
  110. 110. ?
  111. 111. Optimize UX
  112. 112. Context creates invisibility.
  113. 113. Invisibility enables security.
  114. 114. </Act 3>
  115. 115. Session  Login   Cri5cal  Ac5on   Session  Logout  
  116. 116. Shift in perspective can identify EPAs
  117. 117. Invisibility enables security.
  118. 118. Great. So what do I do?
  119. 119. Laws of Modern MFA
  120. 120. 1. Tell the user what you’re doing.
  121. 121. 2. Communicate completely out of band.
  122. 122. 3. Get out of their way (invisibility)
  123. 123. 1. Tell the user what you’re doing. 2. Communicate completely out of band. 3. Get out of their way (invisibility) Laws of Modern MFA
  124. 124. @toopherjosh Thanks.

×