Download to read offline
Uploaded byChris Ryu
Let's get started with passwordless authentication using windows hello in your kubernetes
The document discusses advancements in passwordless authentication, emphasizing the use of FIDO protocols and strong cryptographic methods to enhance security and user experience. It highlights the limitations of traditional passwords, such as vulnerability to phishing and the difficulty in mobile usability. Additionally, it outlines the features of a digital certificate solution called 'anypin', which supports secure device verification and protects data integrity in client-server communications.
More Related Content
Similar to Let's get started with passwordless authentication using windows hello in your kubernetes
Let's get started with passwordless authentication using windows hello in your kubernetes
- 1.
- 2.
- 3. Passwordless • Coverage • Delay •Cost • Policy • Battery •Readers/drivers •Middleware •Cost •Hard to remember •Hard to type in mobile •Successful attacks carried out today User Experience Phishable SMS Smart Card / Device
- 4. 123456 Most popular passwordin 2015 password 2nd most popular password in 2015 Source : SplashData
- 5. 43% Success rate fora well designed phishing page 76% of account vulnerabilities were due to weak or stolen passwords
- 6. Fast IDentity Online onlineauthentication using public key cryptography Voice Fingerprint Palm Face
- 7.
- 8. Strong Auth • Non-phishable •Non- breachable • Non- replayable Cryptographic proof of nature of credentials through attestation Improved Usability with convenient user gestures Preserve user privacy through isolation of identities Scalability through simple Javascript API support
- 9.
- 10.
- 11. Windows Hello Junghyeon Ryu Welcomeback! Sign in options Junghyeon Ryu Other user
- 12. FIDO2, CTAP2 ,WebAuthn and Windows Hello Platform Authenticator Platform WebAuthn API Browser Native Relying Party CTAP2CBORAPIs Client Device
- 13. Sample available at:https://github.com/MicrosoftEdge/webauthnsample
- 14. navigator.credentials.get({ publicKey: publicKeyCredentialRequestOptions}) navigator.credentials.create({ publicKey: publicKeyCredentialCreationOptions })
- 17.
- 18. Requirements from otherservices
- 19. FIDO UAF Mobile App MobileSDK FIDO Client ASM Authenticator Relying Party Web Server FIDO Server
- 21. Universal FIDO FIDO Authenticator UAF CTAP FIDOUAF User Auth method WebAuthn FIDO 2 JavaScript APIs Universal FIDO
- 22.
- 23. Hancom Pass onAKS Load BalancerPublic IP Ingress Controller Service Type : ClusterIP HancomPass Service Type : ClusterIP Dalwhinnie Service Type : Loadbalancer Maria DB Blob Secret Cert Container Registry Virtual Network
- 24.
- 25.
- 26. Hancom Pass onAKS Load BalancerPublic IP Ingress Controller Service Type : ClusterIP HancomPass Service Type : ClusterIP Dalwhinnie Service Type : Loadbalancer Maria DB Blob Secret Cert Container Registry Virtual Network
- 27.
- 28. AnyPIN – Digitalcertificate for web browser Strong Authentication • Supports for storing encryption certificate by using WebCrypto • 2 step process : PIN verification in Server + Device verification in Client • Prevention of Brute force attack • Non-repudiation to the original data • Provides incoming and outgoing data integrity. Standard protocol • X.509 certificates • PKCS #7 cryptographic message • CMP (RFC 6712) • Sophisticated network section encryption when a client to server communication occurs Supporting algorithm • Public keys (asymmetric key ) algorithm : RSA 2048 bit • Symmetric-key algorithm : AES (128/256bit), SEED 128 bit • Hash algorithm : SHA-2 (256 bit) PIN or Pattern • Entering PIN or Pattern securely by using the virtual keypad of Hancom WITH PIN Pattern Register Register PIN number PIN number
- 29. Hancom Pass onAKS Load BalancerPublic IP Ingress Controller Service Type : ClusterIP HancomPass Service Type : ClusterIP Dalwhinnie Service Type : Loadbalancer Maria DB Blob Secret Cert Container Registry Service Type : ClusterIP APIN National PKI Virtual Network
- 30.
- 31. Demo AnyPIN – Digitalcertificate for Web browser
- 32. Supporting device environment Device| Environment Authentication
- 33. Leverage device biometriccapability Support various environments such as mobile and desktop Resilient Operation with Cloud Resources Protect your system with strong auth User convenience Maintenance cost reduction Benefits
- 35. Support cloud deploymentenvironment
Editor's Notes
- #23 Automates various manual processes: for instance, Kubernetes will control for you which server will host the container, how it will be launched etc. Interacts with several groups of containers: Kubernetes is able to manage more cluster at the same time Provides additional services: as well as the management of containers, Kubernetes offers security, networking and storage services Self-monitoring: Kubernetes checks constantly the health of nodes and containers Horizontal scaling: Kubernetes allows you scaling resources not only vertically but also horizontally, easily and quickly Storage orchestration: Kubernetes mounts and add storage system of your choice to run apps Automates rollouts and rollbacks: if after a change to your application something goes wrong, Kubernetes will rollback for you Container balancing: Kubernetes always knows where to place containers, by calculating the “best location” for them Run everywhere: Kubernetes is an open source tool and gives you the freedom to take advantage of on-premises, hybrid, or public cloud infrastructure, letting you move workloads to anywhere you want