Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SESSION ID:
#RSAC
Michael Schwartz
Who Are you? From Meat to
Electrons and Back Again
BAS-M02
CEO
Gluu, Inc
@gluufederation
#RSAC
Obama says use two factors…
2
https://nakedsecurity.sophos.com/2016/02/12/obama-
says-passwords-arent-strong-enough-...
#RSAC
Neuromancer BY William Gibson, 1984
3
http://www.amazon.com/Neuromancer-William-Gibson/dp/0441569595
“Meat space” th...
#RSAC
4
#RSAC
5
#RSAC
or RFID for Racing Pigeons
6
#RSAC
Disney Meat Cookie
7
https://gigaom.com/2014/01/18/you-dont-want-
your-privacy-disney-and-the-meat-space-data-race/
#RSAC
Festival Meat Cookie
8
http://musically.com/2014/02/28/how-live-music-is-evolving-with-
the-digital-age-bylarm/
#RSAC
9
#RSAC
10
#RSAC
Password-thentication
11
http://xkcd.com/936
#RSAC
Qwerty-thentication
12
http://techcrunch.com/2015/12/07/qwertycards-is-a-wallet-sized-card-that-generate-secure-pass...
#RSAC
Phone-thentication
13
http://techcrunch.com/2012/10/04/microsoft-acquires-
phonefactor-the-security-solution-that-au...
#RSAC
totp-thentication
14
http://arstechnica.com/security/2012/06/securid-crypto-attack-steals-keys/
#RSAC
code-thentication
15
https://www.wikidsystems.com
#RSAC
SmartCard-thentication
16
Hard to forge... contains info like birthday
#RSAC
Cert-thentication
17
http://blog.klocwork.com/open-source/mutual-authentication-using-
apache-and-a-web-client/
http...
#RSAC
18
#RSAC
Fingerprint-thentication
19
http://hackaday.com/2015/11/10/your-unhashable-fingerprints-secure-nothing
https://www.y...
#RSAC
Nano-fingerprint-thentication
20
http://findbiometrics.com/nano-structures-authentication-211125
#RSAC
3d-finger-thentication
21
http://www.sonavation.com/technology
#RSAC
Vein-thentication
22
http://www.hitachi.eu/veinid/
#RSAC
Palm-thentication
23
http://techcrunch.com/2014/04/14/quixter/
#RSAC
Face-Thentication
24
https://www.linkedin.com/pulse/biossl-launches-face-
recognition-unique-biometric-web-james-fis...
#RSAC
Voice-thentication
25
http://www.itnewsafrica.com/2014/01/voice-biometrics-solves-most-authentication-problems
#RSAC
lip-thentication
26
http://www.crazyengineers.com/threads/software-to-read-your-lips-for-secure-
authentication-and-...
#RSAC
Eye-thentication used to identify pigeons..
27
#RSAC
Eye-thentication
28
http://www.theatlantic.com/technology/archive/2015/05/long-range-iris-scanning-is-here/393065/
h...
#RSAC
Ear-Thentication
29
http://www.biometricupdate.com/201501/descartes-biometrics-
releases-ear-recognition-application...
#RSAC
Heart-Thentication
30
http://techcrunch.com/2013/11/25/nymi-the-heartwave-sensing-
wristband-for-id-authentication-l...
#RSAC
Apple Invented heart Authentication? Voice
too…
31
http://mobihealthnews.com/28349/apple-patents-seamless-heart-rate...
#RSAC
Thermal-Thentication
32
http://qz.com/536291/mit-researchers-have-developed-a-device-that-can-identify-people-throug...
#RSAC
Aura-Thentication
33
http://www.newsweek.com/microbial-cloud-aka-auras-are-basically-real-375010
#RSAC
Smell-thentication
34
Coming-soon!!
#RSAC
Brain-Thentication
35
http://www.wsj.com/news/articles/SB10001424052702304914904579435592981780528
http://www.techsp...
#RSAC
FBI Biometric Technology Center
36
http://www.planetbiometrics.com/article-
details/i/3948/desc/fbi-new-biometrics-
...
#RSAC
37
#RSAC
Image-thentication
38
http://www.telegraph.co.uk/technology/internet-
security/11675715/Emoji-could-replace-PIN-code...
#RSAC
PIN-thentication
39
https://www.youtube.com/watch?v=cXTYffGHNS4&feature=youtu.be
#RSAC
snapshot-thentication
40
http://pixelpin.co.uk/
#RSAC
Pattern-thentication
41
http://authlogics.com/products/pingrid/
#RSAC
Rhythm-thentication
42
http://www.biometricupdate.com/201401/authenware-launches-
finger-tapping-rhythm-recognizing-...
#RSAC
43
#RSAC
NFC Authentication
44
http://gluu.co/ibm_nfc_two_factor
#RSAC
watch-thentication
45
http://gluu.co/watch-thentication
#RSAC
Ring-thentication
46
https://www.kickstarter.com/projects/mclear/nfc-ring
#RSAC
Bling-thentication
47
http://www.rfidjournal.com/articles/view?11042
#RSAC
Bra-thentication
48
http://www.roughtype.com/?p=4063
#RSAC
Pill-thentication
49
http://techland.time.com/2013/05/31/motorola-is-working-on-a-
password-pill-for-once-daily-auth...
#RSAC
Tattoo-thentication
50
http://techpp.com/2015/11/26/biometric-tattoo-bio-wearables/
http://spectrum.ieee.org/biomedi...
#RSAC
Wobble-Thentication
51
http://www.theverge.com/2014/12/15/7393311/gopro-first-person-video-identified-biometric-mark...
#RSAC
Lens-thentication
52
http://www.informationweek.com/strategic-cio/executive-
insights-and-innovation/googles-10-big-...
#RSAC
53
#RSAC
54
Keys are an ancient trust model
The Delivery of the Keys by Pietro Perugino
#RSAC
55
FIDO-thentication
http://www.darkreading.com/endpoint/fido-authentication-poised-for-
continued-growth-as-allianc...
#RSAC
Yubi-thentication
56
https://www.yubico.com/2015/11/why-yubikey-wins/
#RSAC
U2F-thentication
57
http://www.amazon.com/s/ref=nb_sb_noss?url=search-
alias%3Dcomputers&field-keywords=u2f
#RSAC
open-hardware-thentication
58
https://www.indiegogo.com/projects/nitrokey-storage-usb-security-key-for-encryption#
#RSAC
Vault-thentication
59
http://thehackernews.com/2015/05/google-vault-microsd.html
#RSAC
60
#RSAC
Phone-NFC-thentication
61
http://www.cnet.com/news/using-nfc-ibm-brings-dual-factor-authentication-to-mobile/
#RSAC
Ambiant-sound-thentication
62
http://www.slate.com/blogs/future_tense/2015/08/14/sound_proof_app_two_
touch_authenti...
#RSAC
Gesture-thentication
63
http://www.casserlyconsulting.com/casserly-blog/entry/your-computer-
can-identify-you-based-...
#RSAC
gyro-thentication
64
http://techcrunch.com/2014/09/02/mobile-authentication-tech-startup-airsig-gets-2m-from-foxconn/
#RSAC
Bio-mobile-thentication
65
http://maximid.com/
#RSAC
QR-thentication
66
http://www.securityweek.com/no-card-no-pin-needed-cloud-
managed-atm-dont-forget-your-phone
#RSAC
Duo-thentication
67
https://duo.com/
#RSAC
68
http://tozny.com
Tozny-thentication
#RSAC
Location-thentication
69
http://launchkey.com
#RSAC
microSD-Thentication
70
http://www.motorolasolutions.com/content/dam/msi/docs/business/products/two-way_radios_-
_pu...
#RSAC
foss-thentication
71
https://github.com/GluuFederation/oxPush2
#RSAC
geoFence-thentication
72
#RSAC
The Future of Biometrics
73
"You are a 1000 points of data,
that collectively reflect you. The
more the phone can le...
#RSAC
Graph-thentication
74
http://www.biocatch.com/
#RSAC
75
#RSAC
76
http://inwebo.com
Html5-thentication
#RSAC
OpenCreds
77
http://opencreds.org/
#RSAC
Quantum-thentication
78
http://www.scmagazineuk.com/quantum-physics-behind-
unhackable-security-authentication/artic...
#RSAC
Microsoft Research
79
http://research.microsoft.com/pubs/161585/Q
uestToReplacePasswords.pdf
#RSAC
80
"Some are more secure, some are
more usable, but every scheme does
worse than passwords on
deployability. Margina...
#RSAC
81
#RSAC
OpenID Connect
82
http://openid.net/connect
#RSAC
83
#RSAC
84
#RSAC
85
#RSAC
86
#RSAC
Action Item
87
Be skeptical if anyone tells you that a new authentication
technology is the solution to digital iden...
#RSAC
Thank You!
88
...and support Open Source!
Happy-thenticating !
Please follow @gluufederation
Upcoming SlideShare
Loading in …5
×

RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again

15,303 views

Published on

Authentication technologies are intersecting science fiction and comedy. A flyby of recently discovered and invented mechanisms to digitally identify a person makes it clear that it’s not for lack of options. If the usability and security of strong authentication have been solved, how can we improve deployability, which is the main reason we are still using passwords?

This presentation was delivered by Mike Schwartz at RSA Conference 2016.

Published in: Internet
  • Be the first to comment

RSA Conference 2016: Who Are You? From Meat to Electrons and Back Again

  1. 1. SESSION ID: #RSAC Michael Schwartz Who Are you? From Meat to Electrons and Back Again BAS-M02 CEO Gluu, Inc @gluufederation
  2. 2. #RSAC Obama says use two factors… 2 https://nakedsecurity.sophos.com/2016/02/12/obama- says-passwords-arent-strong-enough-urges-use-of-2fa/
  3. 3. #RSAC Neuromancer BY William Gibson, 1984 3 http://www.amazon.com/Neuromancer-William-Gibson/dp/0441569595 “Meat space” the physical world where our bodies ("pieces of meat") move around and do meat-like things
  4. 4. #RSAC 4
  5. 5. #RSAC 5
  6. 6. #RSAC or RFID for Racing Pigeons 6
  7. 7. #RSAC Disney Meat Cookie 7 https://gigaom.com/2014/01/18/you-dont-want- your-privacy-disney-and-the-meat-space-data-race/
  8. 8. #RSAC Festival Meat Cookie 8 http://musically.com/2014/02/28/how-live-music-is-evolving-with- the-digital-age-bylarm/
  9. 9. #RSAC 9
  10. 10. #RSAC 10
  11. 11. #RSAC Password-thentication 11 http://xkcd.com/936
  12. 12. #RSAC Qwerty-thentication 12 http://techcrunch.com/2015/12/07/qwertycards-is-a-wallet-sized-card-that-generate-secure-passwords/
  13. 13. #RSAC Phone-thentication 13 http://techcrunch.com/2012/10/04/microsoft-acquires- phonefactor-the-security-solution-that-authenticates-users-via- phone-sms-or-mobile-apps
  14. 14. #RSAC totp-thentication 14 http://arstechnica.com/security/2012/06/securid-crypto-attack-steals-keys/
  15. 15. #RSAC code-thentication 15 https://www.wikidsystems.com
  16. 16. #RSAC SmartCard-thentication 16 Hard to forge... contains info like birthday
  17. 17. #RSAC Cert-thentication 17 http://blog.klocwork.com/open-source/mutual-authentication-using- apache-and-a-web-client/ http://www.jscape.com/blog/client-certificate-authentication
  18. 18. #RSAC 18
  19. 19. #RSAC Fingerprint-thentication 19 http://hackaday.com/2015/11/10/your-unhashable-fingerprints-secure-nothing https://www.youtube.com/watch?v=PMtFLBfyXgc
  20. 20. #RSAC Nano-fingerprint-thentication 20 http://findbiometrics.com/nano-structures-authentication-211125
  21. 21. #RSAC 3d-finger-thentication 21 http://www.sonavation.com/technology
  22. 22. #RSAC Vein-thentication 22 http://www.hitachi.eu/veinid/
  23. 23. #RSAC Palm-thentication 23 http://techcrunch.com/2014/04/14/quixter/
  24. 24. #RSAC Face-Thentication 24 https://www.linkedin.com/pulse/biossl-launches-face- recognition-unique-biometric-web-james-fisher https://www.bioid.com
  25. 25. #RSAC Voice-thentication 25 http://www.itnewsafrica.com/2014/01/voice-biometrics-solves-most-authentication-problems
  26. 26. #RSAC lip-thentication 26 http://www.crazyengineers.com/threads/software-to-read-your-lips-for-secure- authentication-and-access-mutah-university.76872
  27. 27. #RSAC Eye-thentication used to identify pigeons.. 27
  28. 28. #RSAC Eye-thentication 28 http://www.theatlantic.com/technology/archive/2015/05/long-range-iris-scanning-is-here/393065/ http://www.designboom.com/technology/eyelock-dna-authentication-iris-scanner-by-myris-at-ces-2014-01-16-2014/ http://www.eyeverify.com/
  29. 29. #RSAC Ear-Thentication 29 http://www.biometricupdate.com/201501/descartes-biometrics- releases-ear-recognition-application-for-mobile-devices http://www.theinquirer.net/inquirer/news/2406315/yahoo- is-experimenting-with-ear-based-biometric-authentication
  30. 30. #RSAC Heart-Thentication 30 http://techcrunch.com/2013/11/25/nymi-the-heartwave-sensing- wristband-for-id-authentication-launches-sdk-for-6k-developers/
  31. 31. #RSAC Apple Invented heart Authentication? Voice too… 31 http://mobihealthnews.com/28349/apple-patents-seamless-heart-rate-sensor-for-authentication-personalization http://recode.net/2014/04/03/apple-confirms-purchase-of-speech-recognition-firm-nouvaris
  32. 32. #RSAC Thermal-Thentication 32 http://qz.com/536291/mit-researchers-have-developed-a-device-that-can-identify-people-through-walls/
  33. 33. #RSAC Aura-Thentication 33 http://www.newsweek.com/microbial-cloud-aka-auras-are-basically-real-375010
  34. 34. #RSAC Smell-thentication 34 Coming-soon!!
  35. 35. #RSAC Brain-Thentication 35 http://www.wsj.com/news/articles/SB10001424052702304914904579435592981780528 http://www.techspot.com/news/60910-brain-activity-may-one-day-replace-modern-biometrics.html
  36. 36. #RSAC FBI Biometric Technology Center 36 http://www.planetbiometrics.com/article- details/i/3948/desc/fbi-new-biometrics- technology-centre-key-to-future-identity- management/
  37. 37. #RSAC 37
  38. 38. #RSAC Image-thentication 38 http://www.telegraph.co.uk/technology/internet- security/11675715/Emoji-could-replace-PIN-codes-in- online-banking.html http://wisepoint.jp/
  39. 39. #RSAC PIN-thentication 39 https://www.youtube.com/watch?v=cXTYffGHNS4&feature=youtu.be
  40. 40. #RSAC snapshot-thentication 40 http://pixelpin.co.uk/
  41. 41. #RSAC Pattern-thentication 41 http://authlogics.com/products/pingrid/
  42. 42. #RSAC Rhythm-thentication 42 http://www.biometricupdate.com/201401/authenware-launches- finger-tapping-rhythm-recognizing-behavioral-authentication-app
  43. 43. #RSAC 43
  44. 44. #RSAC NFC Authentication 44 http://gluu.co/ibm_nfc_two_factor
  45. 45. #RSAC watch-thentication 45 http://gluu.co/watch-thentication
  46. 46. #RSAC Ring-thentication 46 https://www.kickstarter.com/projects/mclear/nfc-ring
  47. 47. #RSAC Bling-thentication 47 http://www.rfidjournal.com/articles/view?11042
  48. 48. #RSAC Bra-thentication 48 http://www.roughtype.com/?p=4063
  49. 49. #RSAC Pill-thentication 49 http://techland.time.com/2013/05/31/motorola-is-working-on-a- password-pill-for-once-daily-authentication-oh-and-a-tattoo-too/
  50. 50. #RSAC Tattoo-thentication 50 http://techpp.com/2015/11/26/biometric-tattoo-bio-wearables/ http://spectrum.ieee.org/biomedical/devices/a-temporary-tattoo-that-senses-through-your-skin
  51. 51. #RSAC Wobble-Thentication 51 http://www.theverge.com/2014/12/15/7393311/gopro-first-person-video-identified-biometric-markers
  52. 52. #RSAC Lens-thentication 52 http://www.informationweek.com/strategic-cio/executive- insights-and-innovation/googles-10-big-bets-on-the- future/d/d-id/1204528?_mc=sm_iwk_edit&image_number=6 http://techcrunch.com/2014/07/15/google-enlists-novartis- to-ship-glucose-sensing-and-autofocus-smart-contact- lenses-in-as-little-as-5-years/
  53. 53. #RSAC 53
  54. 54. #RSAC 54 Keys are an ancient trust model The Delivery of the Keys by Pietro Perugino
  55. 55. #RSAC 55 FIDO-thentication http://www.darkreading.com/endpoint/fido-authentication-poised-for- continued-growth-as-alliance-submits-fido-20-web-api-to-w3c/d/d-id/1323247 https://fidoalliance.org/specifications/download/
  56. 56. #RSAC Yubi-thentication 56 https://www.yubico.com/2015/11/why-yubikey-wins/
  57. 57. #RSAC U2F-thentication 57 http://www.amazon.com/s/ref=nb_sb_noss?url=search- alias%3Dcomputers&field-keywords=u2f
  58. 58. #RSAC open-hardware-thentication 58 https://www.indiegogo.com/projects/nitrokey-storage-usb-security-key-for-encryption#
  59. 59. #RSAC Vault-thentication 59 http://thehackernews.com/2015/05/google-vault-microsd.html
  60. 60. #RSAC 60
  61. 61. #RSAC Phone-NFC-thentication 61 http://www.cnet.com/news/using-nfc-ibm-brings-dual-factor-authentication-to-mobile/
  62. 62. #RSAC Ambiant-sound-thentication 62 http://www.slate.com/blogs/future_tense/2015/08/14/sound_proof_app_two_ touch_authentication_made_easier_with_ambient_sound.html
  63. 63. #RSAC Gesture-thentication 63 http://www.casserlyconsulting.com/casserly-blog/entry/your-computer- can-identify-you-based-on-how-you-move-your-mouse.html http://www.dailytargum.com/article/2014/11/professor-develops-gesture- authentication-to-secure-privacy
  64. 64. #RSAC gyro-thentication 64 http://techcrunch.com/2014/09/02/mobile-authentication-tech-startup-airsig-gets-2m-from-foxconn/
  65. 65. #RSAC Bio-mobile-thentication 65 http://maximid.com/
  66. 66. #RSAC QR-thentication 66 http://www.securityweek.com/no-card-no-pin-needed-cloud- managed-atm-dont-forget-your-phone
  67. 67. #RSAC Duo-thentication 67 https://duo.com/
  68. 68. #RSAC 68 http://tozny.com Tozny-thentication
  69. 69. #RSAC Location-thentication 69 http://launchkey.com
  70. 70. #RSAC microSD-Thentication 70 http://www.motorolasolutions.com/content/dam/msi/docs/business/products/two-way_radios_- _public_safety/encryption/ame1000/cryptr_micro_encryption_unit/cryptr_micro_spec_sheet.pdf
  71. 71. #RSAC foss-thentication 71 https://github.com/GluuFederation/oxPush2
  72. 72. #RSAC geoFence-thentication 72
  73. 73. #RSAC The Future of Biometrics 73 "You are a 1000 points of data, that collectively reflect you. The more the phone can learn about you, the better it can recognize you. You are the key..." Skooks Pong, VP of Technology Synapse Product Development SXSW 2014
  74. 74. #RSAC Graph-thentication 74 http://www.biocatch.com/
  75. 75. #RSAC 75
  76. 76. #RSAC 76 http://inwebo.com Html5-thentication
  77. 77. #RSAC OpenCreds 77 http://opencreds.org/
  78. 78. #RSAC Quantum-thentication 78 http://www.scmagazineuk.com/quantum-physics-behind- unhackable-security-authentication/article/388770/
  79. 79. #RSAC Microsoft Research 79 http://research.microsoft.com/pubs/161585/Q uestToReplacePasswords.pdf
  80. 80. #RSAC 80 "Some are more secure, some are more usable, but every scheme does worse than passwords on deployability. Marginal gains are often not sufficient."
  81. 81. #RSAC 81
  82. 82. #RSAC OpenID Connect 82 http://openid.net/connect
  83. 83. #RSAC 83
  84. 84. #RSAC 84
  85. 85. #RSAC 85
  86. 86. #RSAC 86
  87. 87. #RSAC Action Item 87 Be skeptical if anyone tells you that a new authentication technology is the solution to digital identity management.
  88. 88. #RSAC Thank You! 88 ...and support Open Source! Happy-thenticating ! Please follow @gluufederation

×