.ppt

573 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
573
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Future HCI may include involuntary “saccades” of the eyes for verifying recognition
  • Future HCI may include involuntary “saccades” of the eyes for verifying recognition
  • .ppt

    1. 1. Future Directions in User Authentication Burt Kaliski, RSA Laboratories Presented at Beijing University April 10, 2006
    2. 2. Introduction <ul><li>User authentication is a cornerstone of IT security, one that is changing rapidly </li></ul><ul><li>Many areas of technology development will have a significant impact on user authentication over the next decade </li></ul><ul><li>Here, I’ll offer a researcher’s perspective on five of those areas, with examples among RSA Security’s products </li></ul><ul><li>We’ll also envision a day in the life of a future user, “Sally Surfer” </li></ul><ul><li>Based on presentation given at IT-Defense 2005 </li></ul>
    3. 3. #1: Trusted Computing <ul><li>PDAs, WLAN cards, and DRM devices are good examples today of user authentication built upon device authentication </li></ul><ul><li>Trusted computing offers the promise that the device can authenticate the user on behalf of the network </li></ul>Users will authenticate through trusted computing platforms, which will in turn represent the user to the network <ul><li>Will trusted computing platforms be sufficiently trusted to authenticate future users directly, or will some network verification still be involved? </li></ul><ul><li>How will the many associations between users and devices be managed? </li></ul>
    4. 4. #1: Trusted Computing <ul><li>PDAs, WLAN cards, and DRM devices are good examples today of user authentication built upon device authentication </li></ul><ul><li>Trusted computing offers the promise that the device can authenticate the user on behalf of the network </li></ul>Users will authenticate through trusted computing platforms, which will in turn represent the user to the network <ul><li>RSA ® Sign-On Manager, RSA SecurID ® for Microsoft ® Windows ® are initial steps toward the trusted desktop concept </li></ul>
    5. 5. #2: RFID and Other Wireless Authenticators <ul><li>e-Passports incorporate RFID chips; NIST’s Personal Identity Verification card combines smart card, ISO 14443 prox. card </li></ul><ul><li>RFID for the supply chain tracking is already leading to wireless user authenticators, e.g., VeriChip TM </li></ul>Users will authenticate via RFID and other wireless devices, as logical and physical authentication technologies converge <ul><li>Users will authenticate to buildings via wireless; will they also authenticate directly via wireless to the desktop? </li></ul><ul><li>Will mobile phones be the wireless authenticators of the future, or will they just be another device to unlock? Or both? </li></ul>
    6. 6. #2: RFID and Other Wireless Authenticators <ul><li>e-Passports incorporate RFID chips; NIST’s Personal Identity Verification card combines smart card, ISO 14443 prox. card </li></ul><ul><li>RFID for the supply chain tracking is already leading to wireless user authenticators, e.g., VeriChip TM </li></ul>Users will authenticate via RFID and other wireless devices, as logical and physical authentication technologies converge <ul><li>RSA SecurID ® 5100 smart card supports proximity authentication </li></ul><ul><li>RSA Professional Services has launched an RFID security & privacy consulting service </li></ul>
    7. 7. Belly-Button Ring Identifiers <ul><li>If your mobile phone is your future authenticator, how do you authenticate to your mobile phone? </li></ul><ul><li>One possibility is based on MIT’s “beeper-based” signature concept (R. Rivest, A. Lysyanskaya) </li></ul><ul><ul><li>“Beeper” that you wear — maybe a belly button ring? — sends low-power signal to your phone </li></ul></ul><ul><ul><li>Fresh signal required for phone to generate digital signatures — otherwise phone won’t sign </li></ul></ul><ul><li>Beeper can authenticate you to your phone, and/or you and your phone to the network </li></ul>
    8. 8. Privacy Considerations <ul><li>If a beeper authenticates you to your phone, how do you keep it from identifying you to someone else? </li></ul><ul><li>Problem is quite similar to that for RFID tags, and solutions developed there may apply here as well </li></ul><ul><li>Basic privacy design principles: </li></ul><ul><ul><li>Simple devices like “belly button rings” should only identify themselves to one’s local, personal devices, e.g. mobile phone </li></ul></ul><ul><ul><li>More powerful devices like phones can then make informed decisions about whether to identify the user elsewhere </li></ul></ul><ul><li>Practical privacy and authentication solutions for these settings remain a research challenge </li></ul>
    9. 9. Application: Proximity Cards <ul><li>Electronic “belly button rings” aren’t here yet, but wireless proximity devices are becoming widespread </li></ul><ul><li>Without appropriate protections, a proximity card will identify itself to any reader that interfaces with it </li></ul><ul><ul><li>Significant privacy and security risks, depending on what the “identity” contains </li></ul></ul><ul><ul><li>Even with a random identifier, tracking and cloning are still a concern </li></ul></ul><ul><li>ISO 14443, basic RFID tag specifications offer little protection, but privacy-enhancing technologies are available </li></ul><ul><ul><li>Examples: foil pouches, blocker tags, minimalist cryptography </li></ul></ul>
    10. 10. #3: Knowledge-Based Authentication <ul><li>“Life questions” are quite common already for password reset, as well as account enrollment </li></ul><ul><li>Human-computer interfaces offer new possibilities for authentication, e.g., Passface TM </li></ul>Users will authenticate based on what they know — and what they’re able to do — in new and sophisticated ways <ul><li>How will the security of “knowledge” be measured — and who will be the keepers of the knowledge ? </li></ul><ul><li>What other HCI can be relied on, as knowledge and biometrics converge? </li></ul>
    11. 11. #3: Knowledge-Based Authentication <ul><li>“Life questions” are quite common already for password reset, as well as account enrollment </li></ul><ul><li>Human-computer interfaces offer new possibilities for authentication, e.g., Passface TM </li></ul>Users will authenticate based on what they know — and what they’re able to do — in new and sophisticated ways <ul><li>IntelliAccess TM technology in RSA Sign-On Manager embodies several early results of our research on life questions </li></ul>
    12. 12. Life Questions: from Art to Science <ul><li>Few metrics have been established on the security of answers to specific life questions, which depends on factors such as: </li></ul><ul><ul><li>User demographics </li></ul></ul><ul><ul><li>Attacker’s resources </li></ul></ul><ul><ul><li>Attacker’s relationship to the user </li></ul></ul><ul><li>Further research on the security of life questions and other forms of KBA is needed to have a solid foundation </li></ul><ul><li>Also to be considered: How to verify the answers, while minimizing their exposure at the verifier </li></ul><ul><ul><li>Ideally, without seeing or storing them </li></ul></ul>
    13. 13. #4: Anonymity <ul><li>Trusted Computing Group’s Direct Anonymous Attestation (Brickell et al.) is an important step in this direction: device proves group membership without revealing its identity </li></ul><ul><li>Chaumian constructs still hold much promise! </li></ul>Users will authenticate anonymously in many cases: as to their privileges, not necessarily their identities <ul><li>Identity federation provides simple anonymity via pseudonyms; will more sophisticated solutions be needed? </li></ul><ul><li>Will anonymous authentication be the norm (perhaps revocable in case of dispute), or will it be the exception? </li></ul>
    14. 14. #4: Anonymity <ul><li>Trusted Computing Group’s Direct Anonymous Attestation (Brickell et al.) is an important step in this direction: device proves group membership without revealing its identity </li></ul><ul><li>Chaumian constructs still hold much promise! </li></ul>Users will authenticate anonymously in many cases: as to their privileges, not necessarily their identities <ul><li>Identity federation in RSA ClearTrust ® provides simple anonymity via pseudonyms, following SAML </li></ul>
    15. 15. #5: Password Protection <ul><li>Though better password protocols are available (EKE, SPEKE, SNAPI, etc., …), passwords are still typically sent in the clear to applications that request them — whether trustworthy or not </li></ul><ul><li>Hashing is also an option (Stanford PwdHash plug-in) </li></ul>Users will authenticate with passwords sometimes, but the passwords will be better protected, and it will be mutual <ul><li>Will password authentication be standardized, so that better protocols can be applied by default? How will such protocols be integrated with server certificates and SSL? </li></ul><ul><li>Will desktop password managers obviate the need for direct user knowledge of passwords? </li></ul>
    16. 16. #5: Password Protection <ul><li>Though better password protocols are available (EKE, SPEKE, SNAPI, etc., …), passwords are still typically sent in the clear to applications that request them — whether trustworthy or not </li></ul><ul><li>Hashing is also an option (Stanford PwdHash plug-in) </li></ul>Users will authenticate with passwords sometimes, but the passwords will be better protected, and it will be mutual <ul><li>Phishing countermeasures have been a major focus of research in the CTO’s office </li></ul><ul><li>RSA Sign-On Manager offers a platform for this better kind of password protection </li></ul>
    17. 17. #5: Password Protection <ul><li>Though better password protocols are available (EKE, SPEKE, SNAPI, etc., …), passwords are still typically sent in the clear to applications that request them — whether trustworthy or not </li></ul><ul><li>Hashing is also an option (Stanford PwdHash plug-in) </li></ul>Users will authenticate with passwords sometimes, but the passwords will be better protected, and it will be mutual <ul><li>RSA/Cyota risk-based authentication, eFraud Network TM enhance passwords auth. via profiling, challenge questions, call-back, etc. </li></ul><ul><li>eStamp TM offers simple mutual authentication </li></ul>
    18. 18. Summary of the Five Areas <ul><li>Future users will authenticate … </li></ul><ul><li>through trusted computing platforms, which will in turn represent the user to the network </li></ul><ul><li>via RFID and other wireless devices, as logical and physical authentication technologies converge </li></ul><ul><li>based on what they know — and what they’re able to do — in new and sophisticated ways </li></ul><ul><li>anonymously in many cases: as to their privileges, not necessarily their identities </li></ul><ul><li>with passwords sometimes, but the passwords will be better protected, and the authentication will be mutual </li></ul>
    19. 19. Many Other Areas <ul><li>I’ve highlighted some of the technologies that will affect user authentication. There are many others that one could cover: </li></ul><ul><ul><li>Identity federation </li></ul></ul><ul><ul><li>One-time passwords and PKI authentication </li></ul></ul><ul><ul><li>Biometrics </li></ul></ul><ul><ul><li>Age-group recognition (e.g., i-Mature) </li></ul></ul><ul><ul><li>CAPTCHA TM s (Completely Automated Public Turing tests to tell Computers and Humans Apart) </li></ul></ul><ul><li>Additional options will emerge for user authentication as information technology matures. What will tomorrow’s users experience? </li></ul>
    20. 20. Aside: Business Futures <ul><li>Four complementary trends will also affect the landscape as the diverse set of authentication technologies matures: </li></ul><ul><li>Hardware manufacturers will compete with an array of different containers as particular technologies become commoditized </li></ul><ul><li>Identity providers will add a menu of related services from fulfillment to help desk support </li></ul><ul><li>Application providers will establish all kinds of markets on the foundation of strongly authentication identities </li></ul><ul><li>Business models will become the focus as authentication transforms from a technology into a standardized service </li></ul>
    21. 21. A Day in the Life of Sally Surfer
    22. 22. At Home in the Morning <ul><li>Sally signs into her home computer </li></ul><ul><ul><li>She authenticates with her RFID “beeper” </li></ul></ul><ul><li>She checks her personal e-mail </li></ul><ul><ul><li>The computer authenticates Sally to her Internet service provider, and downloads her mail </li></ul></ul><ul><li>Sally pays a bill at BanksRUs.com </li></ul><ul><ul><li>Sally’s ISP federates her authentication to the bank </li></ul></ul><ul><li>Her computer signs her off automatically when she leaves </li></ul>
    23. 23. On the Road <ul><li>Sally drives to work, pays tolls by the km </li></ul><ul><ul><li>She authenticates to her car via her beeper </li></ul></ul><ul><ul><li>Her car authenticates her and pays the toll (anonymously?) via a wireless protocol </li></ul></ul><ul><li>She parks in the underground parking lot </li></ul><ul><ul><li>Her car again authenticates her to the parking lot </li></ul></ul><ul><li>She enters the office building and takes the elevator to her office </li></ul><ul><ul><li>She authenticates to security checkpoints with her employee badge via RFID </li></ul></ul>
    24. 24. At the Office <ul><li>Sally signs into her office computer </li></ul><ul><ul><li>She authenticates with her employee badge, which unlocks her passwords and credentials </li></ul></ul><ul><li>It’s a typical day’s work: sending e-mail, running applications, accessing corporate resources </li></ul><ul><ul><li>Her computer authenticates her seamlessly via passwords, credentials, identity federation </li></ul></ul><ul><ul><li>Her badge is checked occasionally for extra assurance </li></ul></ul><ul><li>She prints her itinerary for tomorrow’s trip </li></ul><ul><ul><li>The airline site isn’t yet linked to her corporate identity, so she authenticates with her knowledge: dates, cities, freq. flyer number </li></ul></ul>
    25. 25. The End of Another Day <ul><li>Sally drops by Alta Beach Club to visit with friends </li></ul><ul><ul><li>She authenticates to the VIP area with an RFID tag </li></ul></ul><ul><li>At home, she checks her old account at Retro Bank </li></ul><ul><ul><li>She authenticates with a better protected password </li></ul></ul><ul><li>Sally requests investment advice from NoBubble.com </li></ul><ul><ul><li>She authenticates anonymously, proving her prepaid subscription </li></ul></ul><ul><li>Sally sleeps peacefully — confident that her electronic identity is protected by strong, convenient user authentication </li></ul>
    26. 26. Conclusions <ul><li>As strong user authentication becomes more important, technologies to achieve it will become more convenient </li></ul><ul><li>Much research is still needed on these technologies, and how they’ll be put into practice </li></ul><ul><li>Managing the various approaches in a way that is a seamless, reliable and measurable will be a key to successful future user authentication </li></ul><ul><li>With that success, we’ll all experience the ease of Sally Surfer, making the most of the information technologies available for us to do our work </li></ul>
    27. 27. Contact Information <ul><li>Burt Kaliski Vice President of Research, RSA Security Chief Scientist, RSA Laboratories [email_address] www.rsasecurity.com/rsalabs </li></ul>

    ×