cis13: a question of scale: mapping authentication to the modern computing ecosystem
DESCRIPTION
Rajiv Dholakia, Vice President, Products, Nok Nok Labs Authentication is the ignition key to the modern computing environment. As computing platforms evolve from desktop to mobile and embedded devices, the authentication methods need to adapt to meet these new requirements of flexibility and scale. This session will review these emerging technologies, solution patterns and share initiatives to simplify strong authentication at scale. If you are invested in federation technologies, operate identity services, this talk will provide a roadmap towards a robust and flexible infrastructure that can withstand the rapid evolution of authentication technologies, device form-factors, use cases and emergent risks.TRANSCRIPT
A QUESTION OF SCALE
Mapping Authentication to the Modern Computing Ecosystem
1
Rajiv Dholakia VP Products, Nok Nok Labs
THE HUMBLE IGNITION KEY
NOK NOK LABS 2
THINGS ARE CHANGING
NOK NOK LABS 3
First Steps Next Steps
Sony 77 M Evernote 60 M Rockyou 32 M
LinkedIn 6.5 M Yahoo 450 K Twitter 56 K
Attacks
Apple Evernote Facebook
Twitter Google
?
Convenience, Security, Personalization
A KEY INSIGHT – GATEWAY TO USER EXPERIENCE ABOUT DESIGN, DELIGHT & DOLLARS (ALSO RISK, REGULATION & REPUTATION)
NOK NOK LABS
Authentication is the
“Ignition Key”
4
USERS FRUSTRATED • 25 ACCOUNTS • 8 LOGINS / DAY • 6.5 PASSWORDS
ORGANIZATIONS OVERWHELMED • $7.2M / DATA BREACH • $15 / PASSWORD RESET • $50-120+ / TOKEN
ECOSYSTEMS INHIBITED • FRAGMENTED • INFLEXIBLE • FRICTION EVERYWHERE
HOW ARE WE DOING?
NOK NOK LABS 5
THE AUTHENTICATION TOWER OF BABEL
Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS
?
6
IMPLEMENTATION CHALLENGE A PLUMBING PROBLEM: SHADES OF RUBE GOLDBERG…
NOK NOK LABS
App 2
New App
?
RP 1 RP 1
App 1
?
Applications Authentication Methods Organizations
Silo 1
Silo 2
Silo N
Silo 3
7
THE RESULTING REALITY
“AUTHENTICATION IS … EXPENSIVE TO IMPLEMENT,
IT'S HARD TO USE, IT'S TOO EASY TO SUBVERT OR CIRCUMVENT AND IT FAILS MORE AND
MORE FREQUENTLY, AND MORE AND MORE SPECTACULARLY IN TODAY'S INCREASINGLY
RISKY ELECTRONIC ENVIRONMENT.” GARTNER: MAVERICK TECHNOLOGY
NOK NOK LABS 8
MENTAL FLOSS – AUTOMATA BY JOHN LUMBUS*
9 *Cabaret Mechanical Theater – UK (h5p://cabaret.co.uk)
DESIGN CONSIDERATIONS…
10 NOK NOK LABS
TODAY’S WORLD: DIVERSE, DISTRIBUTED, DYNAMIC
NOK NOK LABS
75% OF THE DIGITAL UNIVERSE CREATED,
CAPTURED OR REPLICATED
IN THE CLOUD
3.1 TRILLION HARD DRIVES WORTH OF DATA CONSUMED
DAILY IN THE US
US ECOMMERCE PROJECTED AT $325BN BY 2015
No single solution will work across all use cases
1.8 BN MOBILE PHONES/YEAR 200 MN TABLETS/YEAR
11
PONEMAN-NNL RESEARCH
NOK NOK LABS 12
• New & exclusive research, featuring 1,924 consumers:
• US: 754
• UK: 569 • Germany: 601
• Covers experiences, perceptions & preferences for identity and authentication technology
• First annual report, covering trends, perceptions and attitudes to online authentication
• Research undertaken by the Ponemon Institute & sponsored by Nok Nok Labs, Inc.
PONEMAN-NOK NOK STUDY DIVERSITY RULES IN END-USER COMMUNITIES – PROMISE IN MOBILE
NOK NOK LABS 13
RETIRING PASSWORDS
Iden%ty Services
A SYSTEMS PROBLEM (not technology)
Physical-‐to-‐Digital Iden%ty
User Management
Authen%ca%on
Federa%on
Single
Sign-On
14
THE OTHER HALF OF THE EQUATION
NOK NOK LABS 15
STRONG AUTH
PASSWORDS SSO/FEDERATION
Recreated PMS
First Mile Second Mile
SAML
OpenID
A PEEK INTO MODERN AUTHENTICATION
PRIVATE & CONFIDENTIAL 16 NOK NOK LABS
IMPLICIT AUTHENTICATION
EXPLICIT AUTHENTICATION
THE ONLY WAY TO WIN AGAINST MALWARE – SECURE HARDWARE
NOK NOK LABS
User Space Secure
Hardware
Auth SDK
UX Layer Input, Display
Crypto Layer Auth SDK
UX Layer Input, Display
Crypto Layer
Auth SDK
Crypto Layer
UX Layer Input, Display
No Secure HW Secure Crypto +
Storage
Secure Execution
Environment
SOLUTION PATTERNS – WHICH WILL PREVAIL?
18
User-Centric
“Trust-Me-Me-Me”
Relationship-Centric
Regulation-Centric
Towards Solu%ons & Building Blocks
19
THE REALITY
AUTHENTICATION that’s...
NOK NOK LABS
SIMPLE
STRONG
20
Aspirational Goal
ADDRESS USABILITY & DIVERSITY
21 NOK NOK LABS
Usability Usage
• No passwords • Existing devices • Flexible authentication
• Engagement • Completed transactions • Security compliance
Drives
Aspirational Goal
UNIFIED STANDARDS & AUTHENTICATION AGILITY
NOK NOK LABS
ANY DEVICE. ANY APPLICATION. ANY AUTHENTICATOR.
App 2
Applications Authentication Methods
RP 1 RP 1
App 1
New App
UNIFIED STANDARDS
Organizations
?
22
Aspirational Goal
EFFORTS UNDERWAY
• Platform specific efforts (Microsoft, Apple, Android…)
• Secure Silicon Efforts - TCG-TPM (Trusted Computing Group)
- Intel IPT (Identity Protection Technology)
- Secure Element (Global Platform)
- Others…
• New and Noteworthy: - Trusted Execution Environment (Global Platform)
- The FIDO (Fast Identity Online) Alliance
23 NOK NOK LABS
GOAL: SIMPLER, STRONGER AUTH
INTERNET SERVICES COMPONENT & DEVICE VENDORS SOFTWARE & STACKS
KEY IDEAS BEHIND FIDO
• Leverage simple but strong local authentication - User authenticates locally to Client Device
- Device authenticates to the Server
• Focus of Standardization: - “Pluggable” local authentication (USB, Biometrics, TPM/Pin…)
interfaces
- The online crypto protocols used to authenticate to the server
• Allow business appropriate and risk appropriate choice
http://www.fidoalliance.org
TAKEAWAYS FROM THIS TALK
1. Authentication is the “Ignition Key” to design, delight, & dollars 2. Passwords don’t scale up (to the cloud) or down (to mobile
devices) – a system solution is needed 3. Diversity & heterogeneity will rule…no one size fits all 4. Authentication is the “first mile”, Federation is the “second mile” 5. Modern Authentication = Explicit + Implicit 6. Competing solution patterns – pick carefully 7. Get involved:
• Advocate for standards as building blocks – think of what SSL did for you • Educate yourself about emerging authentication technology • Re-think your authentication strategy • Pilot some of the emerging technology
26
FOR MORE INFORMATION
NOK NOK LABS
• FIDO alliance • An alliance to simplify authen%ca%on • hEp://www.fidoalliance.org
• Global PlaLorm • hEp://www.globalplaLorm.org
• Nok Nok Labs – pioneering FIDO standards implementa%ons • Brainstorm, Demonstra%on, Evalua%on, Webinar • Poneman-‐Nok Nok Labs Report • [email protected] or [email protected] • hEp://www.noknok.com
27