Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Director, WSO2
Kicking Your Enterprise Security Up a
Notch with Adaptive Authentication
Sagara Gunathunga
Strong Authentication
‘Passwords’
are not secure!
● Over 70% of employees reuse
passwords at work.
● 59% reuse their passwords
everywhere.
● 81%...
Support CIAM
SSO
Web App 1
Web App 2
Web App 3
Support CIAM
Service Provider
Identity Provider
API Security
ID Token Access Token Refresh Token
Regulatory and Industry Standards
App with Number of LoAs
How do you support
‘Strong Authentication’
?
Your account data
2-Step Verification
Your password
Implement
Multi-Factor
Authentication
Break authentication into
multiple steps and verify
different authentication
factors at each step.
Multi-factor Authentica...
1. Knowledge
■ Something you know
■ Password, passphrase, pin, secret fact
2. Possession
■ Something you have
■ Phone, tok...
Multi-factor Authentication
Step 1
Step 2
Reality
Multi-factor
Authentication in
reality
90% Google users
have no 2FA
What is the Problem?
Usability
Security
Convenience
Usability
Solution?
Authentication needs to be more dynamic,
responsive and context sensitive
=
Adaptive Authentication
Notification
IdP offers 2nd factor
authentication based on H/W
device
Use Case: Geo Velocity
1st login from Europe
2nd log...
Use Case: An Application Request LoA3
Healthcare App A healthcare app request
LoA3 for authentication
IdP asks for additio...
Use Case: Authentication From New Devices
New Device
Shopping Cart App A user trying to login from
an unknown new device
I...
WSO2 Identity Server Offering - Overview
Scripting to define
conditional & adaptive
authentication policies
● Support JS f...
WSO2 Identity Server Offering - Overview
Static Authentication Flow
● IdP offers static authentication flow to the user
● ...
WSO2 Identity Server Offering - Overview
User-based Conditional Authentication Flow
● IdP offers static authentication flo...
Conclusions
● Everyone knows passwords are no longer
secure.
● Multi-factor authentication offers a perfect
solution but l...
THANK YOU
wso2.com
Upcoming SlideShare
Loading in …5
×

[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive Authentication

159 views

Published on

Adaptive authentication offers a good balance between security and usability. This presentation discusses the benefits of adaptive authentication and how WSO2 Identity Server can support any adaptive or risk-based authentication use case.

Published in: Technology
  • Be the first to comment

[WSO2Con EU 2018] Kicking Your Enterprise Security Up a Notch With Adaptive Authentication

  1. 1. Director, WSO2 Kicking Your Enterprise Security Up a Notch with Adaptive Authentication Sagara Gunathunga
  2. 2. Strong Authentication
  3. 3. ‘Passwords’ are not secure! ● Over 70% of employees reuse passwords at work. ● 59% reuse their passwords everywhere. ● 81% of hacking-related breaches leveraged either stolen and/or weak passwords. ● The above rate has gone from 50% to 66% to 81% during the past three years (2017). Source - 2017 Verizon Data Breach Investigations Report (DBIR)
  4. 4. Support CIAM SSO Web App 1 Web App 2 Web App 3
  5. 5. Support CIAM Service Provider Identity Provider
  6. 6. API Security ID Token Access Token Refresh Token
  7. 7. Regulatory and Industry Standards
  8. 8. App with Number of LoAs
  9. 9. How do you support ‘Strong Authentication’ ?
  10. 10. Your account data 2-Step Verification Your password Implement Multi-Factor Authentication
  11. 11. Break authentication into multiple steps and verify different authentication factors at each step. Multi-factor Authentication
  12. 12. 1. Knowledge ■ Something you know ■ Password, passphrase, pin, secret fact 2. Possession ■ Something you have ■ Phone, token, badge, smart card 3. Inherence ■ Something you are ■ Fingerprint, facial feature, voice Authentication Factors
  13. 13. Multi-factor Authentication Step 1 Step 2
  14. 14. Reality
  15. 15. Multi-factor Authentication in reality 90% Google users have no 2FA
  16. 16. What is the Problem?
  17. 17. Usability Security Convenience Usability
  18. 18. Solution?
  19. 19. Authentication needs to be more dynamic, responsive and context sensitive = Adaptive Authentication
  20. 20. Notification IdP offers 2nd factor authentication based on H/W device Use Case: Geo Velocity 1st login from Europe 2nd login from NA After 20 Hours Success Fail Notification Block Alex Alex 1st Login 2nd Login After 20 Hours
  21. 21. Use Case: An Application Request LoA3 Healthcare App A healthcare app request LoA3 for authentication IdP asks for additional authentication based on LoA3 configuration
  22. 22. Use Case: Authentication From New Devices New Device Shopping Cart App A user trying to login from an unknown new device IdP asks for additional authentication steps
  23. 23. WSO2 Identity Server Offering - Overview Scripting to define conditional & adaptive authentication policies ● Support JS for the scripting ● Ability to integrate with CEP and ML engines ● Out-of-the-box integration for WSO2 Stream Processor 4.0 Wide range of authentication connectors ● Support for hardware, mobile, biometric & social authentication providers ● Range of production-ready connectors via WSO2 Store ● Connector extension framework
  24. 24. WSO2 Identity Server Offering - Overview Static Authentication Flow ● IdP offers static authentication flow to the user ● Multi-factor & Multi-option authentication ● In Multi-option authentication user can pick one option from each step Request-based Conditional Authentication Flow ● IdP offers dynamic authentication flow to the user ● Based on attributes of request message authentication steps will change ● HTTP message, SAML ACR, OIDC ACR
  25. 25. WSO2 Identity Server Offering - Overview User-based Conditional Authentication Flow ● IdP offers static authentication flow to the user ● Based on attributes of identified user authentication steps will change Adaptive/Risk-based Authentication Flow ● IdP offers dynamic authentication flow to the user ● Authentication steps can be based on user behaviors, environments, history and risk score
  26. 26. Conclusions ● Everyone knows passwords are no longer secure. ● Multi-factor authentication offers a perfect solution but less adopted due to usability issues. ● Multi-factor authentication needs to be more dynamic, responsive and context sensitive, and we called it ‘Adaptive Authentication’ ● WSO2 Identity Server can support any adaptive or risk-based authentication use case.
  27. 27. THANK YOU wso2.com

×