CIS14: Filling the “authentication goes here” Hole in Identity

327 views

Published on

Michael Barrett, FID O Alliance
A report on the headway the FIDO Alliance is making in establishing standards that enable easily interoperable authentication, covering the high-level technical architecture of these new authentication protocols and giving an update
on progress.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
327
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS14: Filling the “authentication goes here” Hole in Identity

  1. 1. Michael Barrett, president of the FIDO Alliance Cloud  Iden*ty  Summit  July,   2014   www.fidoalliance.org Copyright 2014, The FIDO Alliance All Rights Reserved 1  
  2. 2. Problems,  problems,  problems
  3. 3. Rampant online attacks 3   •  Major hacks have been targeted at password databases within Online Gaming, Financial Services, Social Media organizations •  Password Re-use is a significant problem – technical analysis of data breaches have shown that 76% of passwords used across multiple sites.
  4. 4. Opportunity for Better Authentication is Upon Us For  Users   For  Organiza0ons   Painful to Use   •  25  Accounts   •  8  Logins  /  Day   •  6.5  Passwords   Difficult to Secure   •  $5.5M  /  Data  Breach   •  $15M  /  PWD  Reset   •  $60+    /    Token   For  the  Ecosystem   Impossible to Scale   •  Fragmented   •  Inflexible   •  Slow  to  Adopt   3  
  5. 5. JUST EASY “BETTER AUTHENTICATION” JUST BAD HighSecurityLow UNPLEASANT Low High Usability Authentication is not a Continuum… 5  
  6. 6. What  is  FIDO?
  7. 7. Common authentication plumbing Users Cloud/Enterprise Devices Federation Open Standard Plug-In Approach Interoperable Ecosystem Usable Authentication WHAT IS NEEDED
  8. 8. FIDO  -­‐  Unique  Approach   Any Device.AnyApplication.AnyAuthenticator. Standardized Protocols Local authentication unlocks app specific key Key used to authenticate to server
  9. 9. Improved  security           Unique cryptographic secret created per user account + device + site •  Protection against brute force attacks •  Segmentation of risk •  Protection against unintentional disclosure
  10. 10. FIDO’s  Explosive  growth Industry Standard Feb 2013 May 2014 Next 6     118   Companies Companies Public Launch Public Review Spec Companies
  11. 11. TODAY
  12. 12. Marrying  FIDO  to  IdenGty With  thanks  to  Paul  Madsen  (whose  slides  I  stole…)  
  13. 13. Generic  federaGon  flow  diagram Copyright © 2014 Ping Identity Corp.All rights reserved. 13
  14. 14. Complementary . 14 •  FIDO •  Insulates authentication server from specific authenticators •  Focused solely on primary authentication •  Does not support attribute sharing •  Can communicate details of authentication from device to server •  Federation –  Insulates application from specific identity providers –  Does not address primary authentication –  Does enable secondary authentication & attribute sharing –  Can communicate details of authentication from IdP to SP
  15. 15. High     Low   High     Low     Frequency   of  login   Assurance   status   quo    
  16. 16. High     Low   High   Low     Frequency   of  login   Assurance   status   quo     federa0on   SSO  slide   No  more     ‘Passsword123’   bump  
  17. 17. High     Low   High     Low     Frequency   of  login   Assurance   status   quo       federa0on                  FIDO   Con0nuum  
  18. 18. FIDO  implicaGons •  FIDO supports a range of assurance – determined by the specifics of the local authentication •  Recall – “Unique cryptographic secret created per user account + device + site” •  Implication is multiple registrations & authentications – which may be sub- optimal from the user’s PoV
  19. 19. High     Low   High     Low     Frequency   of  login   Assurance   status   quo       federa0on          FIDO  +   federa0on                  FIDO  
  20. 20. CALL TO ACTION •  AUTHENTICATION IS A FUNDAMENTAL PROBLEM AND IT IS AN INDUSTRY PROBLEM •  NO ONE COMPANY CAN FIX THIS PROBLEM •  JOIN FIDO ALLIANCE – HELP FIX •  OPPORTUNITY TO CREATE NEW SERVICES, NEW MARKETS, NEW INNOVATIONS, NEW BUSINESSES AND NEW REVENUE MODELS •  TAKE THE LEADERSHIP, INCLUDE FIDO SUPPORT AT THE SOURCE ON YOUR DEVICES •  FIDO READY COMMERCIAL PRODUCTS ARE AVAILABLE IN THE MARKET •  MAKE THE CONNECTED WORLD SECURE, PRIVATE, FRAUD FREE , EASY TO USE AND STAY CONNECTED

×