4. Digital Identity Motivations
● For technology to understand who the “user” is to...
> personalize the interaction / experience (operations/business-driven)
> protect any information / assets (security-driven)
● Though the “user” can be one of the following…
> human on device interacting with the technology direct (native)
> human on device interacting with the technology with client (server)
> client on machine interacting with the technology (server)
9. auth0.com
Mirai IoT Botnet Performs DDOS Attack
On Dyn DNS Provider, Takes Down Lot
Of Internet Services, IoT Reaper Botnet
Growing And Bigger, Remains Dormant
Main Cause: Weak Authentication
October 2016
10. auth0.com
Hackers Hack Jeep Cherokee Through
On-Board Cellular System, Are Able To
Remotely Kill Engine, Access CAN Bus
Main Cause: Weak Authentication
July 2015
11. auth0.com
Hacker Jack Barnaby Can Wirelessly
Scan & Hack Medtronic Insulin Pump,
Company Denies & Jack Found Dead
Main Cause: Weak Authentication
February 2012
12. Warning Devices & Things
Security Privacy
Machine Virtual Resources
(Files | Mining | DDOS)
Virtual + Physical Resources
(Files / Mining / DDOS | Internal Damage)
Provided Data
(Uploaded Data)
Devices
Things Physical Resources
(Internal / External Damage)
Provided + Sensor Data
(Recorded Data | GPS / Video / Sound)
Sensor Data
(Video / Sound / Heat / Usage)
Category
13. Digital Identity Future
● Apply same techniques for machines as for humans...
> passwords are biggest security problem to Internet of Things
> trusted tokens / side-channel is actually easier for machines
> metrics requires local authentication standards (WebAuthN / FIDO 2.0)
● Solve scale/performance/connectivity challenge for machines…
> stateless technology seems required (scalability / server-disconnected)
> distributed technology seems required (performance / cloud-disconnected)
> local technology seems required (connectivity)