ina volume 1/3 version 1.0 released / digital identity and authentication
DESCRIPTION
Training Digital Identity and Strong Authentication Volume 1TRANSCRIPT
![Page 1: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/1.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
INA – Volume 1
Sylvain MARET Version 1.0 Released 2013-04-08
![Page 2: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/2.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 3: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/3.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Who am I?
ICT Security Consultant
– 18 years of experience in ICT Security
– Principal Consultant at MARET Consulting
– Expert at Engineer School of Yverdon-les-Bains
– Member of board OpenID Switzerland
– Co-founder Application Security Forum #ASFWS
– OWASP Member Switzerland
– Author of the blog: la Citadelle Electronique
– http://ch.linkedin.com/in/smaret or @smaret
– http://www.slideshare.net/smaret
Chosen field
– AppSec & Digital Identity Security
![Page 4: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/4.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Agenda Volume 1
C0 - Introduction
C1 - Definition
C2 - Tokens / Authentication factors
C3 – Password
C4 - One Time Password - OTP
C5 - OTP / OATH standars
C6 - OTP solution
C7 - AuthN PKI
C8 - Biometrics
C9 - OATH approach
![Page 5: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/5.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Digital Identity ?
![Page 6: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/6.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Definition Wikipédia French
![Page 7: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/7.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Definition
![Page 8: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/8.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Identity
A set of attributes that uniquely describe a person or information system within a given context.
Source = NIST Special Publication 800-63-1
![Page 9: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/9.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Authentication
The process of establishing confidence in the identity of users or information systems.
Source = NIST Special Publication 800-63-1
![Page 10: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/10.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Electronic Authentication (E-Authentication)
The process of establishing confidence in user identities electronically presented to an information system.
Source = NIST Special Publication 800-63-1
![Page 11: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/11.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Claimant
A party whose identity is to be verified using an authentication protocol.
Source = NIST Special Publication 800-63-1
![Page 12: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/12.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Subscriber
A party who has received a credential or token from a CSP.
Source = NIST Special Publication 800-63-1
![Page 13: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/13.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Token
Something that the Claimant possesses and controls (typically a cryptographic module or password) that is used to authenticate the Claimant’s identity.
Source = NIST Special Publication 800-63-1
![Page 14: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/14.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Credential
An object or data structure that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a Subscriber.
Source = NIST Special Publication 800-63-1
![Page 15: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/15.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Identity Proofing
The process by which a CSP and a Registration Authority (RA) collect and verify information about a person for the purpose of issuing credentials to that person.
Source = NIST Special Publication 800-63-1
![Page 16: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/16.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Credential Service Provider (CSP)
A trusted entity that issues or registers Subscriber tokens and issues electronic credentials to Subscribers. The CSP may encompass Registration Authorities (RAs) and Verifiers that it operates. A CSP may be an independent third party, or may issue credentials for its own use.
Source = NIST Special Publication 800-63-1
![Page 17: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/17.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Registration Authority (RA)
A trusted entity that establishes and vouches for the identity or attributes of a Subscriber to a CSP. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s).
Source = NIST Special Publication 800-63-1
![Page 18: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/18.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Verifier
An entity that verifies the Claimant’s identity by verifying the Claimant’s possession and control of a token using an authentication protocol. To do this, the Verifier may also need to validate credentials that link the token and identity and check their status.
Source = NIST Special Publication 800-63-1
![Page 19: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/19.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Relying Party (RP)
An entity that relies upon the Subscriber's token and credentials or a Verifier's assertion of a Claimant’s identity, typically to process a transaction or grant access to information or a system.
Source = NIST Special Publication 800-63-1
![Page 20: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/20.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Authentication Protocol
A defined sequence of messages between a Claimant and a Verifier that demonstrates that the Claimant has possession and control of a valid token to establish his/her identity, and optionally, demonstrates to the Claimant that he or she is communicating with the intended Verifier.
Source = NIST Special Publication 800-63-1
![Page 21: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/21.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
AuthN & AuthZ
Aka authentication process
Aka authorization process
![Page 22: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/22.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 23: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/23.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Tokens / Authentication factors
![Page 24: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/24.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Authentication factors
Something you know
Something you have
Something you are
![Page 25: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/25.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Strong Authentication / Multi-factor authentication
Multi-factor authentication refers to the use of more than one of the factors listed bellow:
– Something you know
– Something you have
– Something you are
![Page 26: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/26.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Two-factor authentication
Two-factor authentication
– TFA
– T-FA
– 2FA
![Page 27: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/27.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Knowledge factors: "something the user knows"
Password
– password is a secret word or string of characters that is used for user authentication.
PIN
– personal identification number (PIN) is a secret numeric password.
Pattern
– Pattern is a sequence of cells in an array that is used for authenticating the users.
![Page 28: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/28.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Possession factors: "something the user has"
Tokens with a display
USB tokens
Smartphone
Smartcards
Wireless (RFID, NFC)
Etc.
![Page 29: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/29.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Inherence factors: "something the user is or do"
Physiological biometric
– Fingerprint recognition
– Facial recognition system
– Iris recognition
– Etc.
Behavioral biometrics
– Keystroke dynamics
– Speaker recognition
– Geo Localization
– Etc.
![Page 30: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/30.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
PASSWORD
![Page 31: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/31.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
http://www.wired.co.uk/magazine/archive/2013/01/features/hacked
![Page 32: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/32.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
http://www.wired.com/wiredenterprise/2013/01/google-password/
![Page 33: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/33.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Factor
Something you know
PIN Code
Password
Passphrase
Aka 1FA
![Page 34: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/34.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Entropy / Password strength
Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks.
![Page 35: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/35.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Entropy / Password strength
http://en.wikipedia.org/wiki/Password_strength
![Page 36: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/36.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Entropy / Password strength
http://en.wikipedia.org/wiki/Password_strength
![Page 37: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/37.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Characteristics of weak passwords
based on common dictionary words
– Including dictionary words that have been altered: • Reversed (e.g., “terces”)
• Mixed case (e.g., SeCreT)
• Character/Symbol replacement (e.g., “$ecret”)
• Words with vowels removed (e.g., “scrt”)
based on common names
short (under 6 characters)
based on keyboard patterns (e.g., “qwertz”)
composed of single symbol type (e.g., all characters)
![Page 38: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/38.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Characteristics of strong passwords
Strong Passwords
– contain at least one of each of the following: • digit (0..9)
• letter (a..Z)
• punctuation symbol (e.g., !)
• control character (e.g., ^s, Ctrl-s)
– are based on a verse (e.g., passphrase) from an obscure work where the password is formed from the characters in the verse
![Page 39: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/39.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Test your password!
https://www.microsoft.com/security/pc-security/password-checker.aspx
![Page 40: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/40.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Manager
http://keepass.info/
![Page 41: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/41.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Manager
http://passwordsafe.sourceforge.net/
![Page 42: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/42.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Generator
![Page 43: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/43.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Threat Model AuthN 1FA
![Page 44: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/44.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password / Threats
Man In The Middle Attacks
Phishing Attacks
Pharming Attacks
DNS Cache Poisoning
Trojan Attacks
Man-in-the-Phone Attacks (Man-in-the-Mobile/MitMo Attacks)
Man-in-the-Browser Attacks
Browser Poisoning
Password Sniffing
Brute Force Attack
Dictionary Attacks
![Page 45: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/45.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Attacks
Password Cracking – Brute force
– Dictionary attack
– Hybride
Password sniffing
Man-in-the-middle attack
Malware – Keylogger
Default Password
Phishing
Etc.
![Page 46: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/46.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Cracking Tools
Caen & Abel
John the Ripper
L0phtCrack
Ophcrack
THC hydra
Aircrack (WEP/WPA cracking tool)
Etc.
![Page 47: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/47.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Rainbow table
A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes.
![Page 48: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/48.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Ophcrack
![Page 49: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/49.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Defense against rainbow tables
A rainbow table is ineffective against one-way hashes that include salts
![Page 50: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/50.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password Storage Cheat Sheet
Password Storage Rules
– Rule 1: Use An Adaptive One-Way Function
• bcrypt, PBKDF2 or scrypt
– Rule 2: Use a Long Cryptographically Random Per-User Salt
– Rule 3: Iterate the hash
– Rule 4 : Encrypt the Hash Data With a Keyed Algorithm
https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet
![Page 51: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/51.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Hashcat / GPU
25-GPU cluster cracks every standard Windows password in <6 hours
– It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003.
http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
![Page 52: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/52.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Password sniffing
![Page 53: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/53.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD – Weak Protocol (Telnet)
![Page 54: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/54.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Weak protocols
Telnet
FTP
IMAP
POP3
LDAP
Etc.
![Page 55: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/55.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
ARP Spoofing
![Page 56: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/56.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD - SSH
![Page 57: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/57.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Man-in-the-middle attack
often abbreviated
– MITM, MitM, MIM, MiM, MITMA
![Page 58: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/58.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Man-in-the-middle attack
Ettercap
SSLStrip
SSLSniff
Mallory
Etc.
![Page 59: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/59.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Keylogger / Keystroke logging
Software-based keyloggers
– Malware
– Mobile
Hardware-based keyloggers
![Page 60: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/60.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Wireless sniffing – TEMPEST
http://lasecwww.epfl.ch/keyboard/
![Page 61: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/61.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Malicious Code Evolution
![Page 62: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/62.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Malware
![Page 63: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/63.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Zeus
![Page 64: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/64.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 65: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/65.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Default Password
![Page 66: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/66.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
One Time Password - OTP
Strong AuthN OTP
![Page 67: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/67.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP Technology / Standards
Based on a shared secret Key (symmetric Crypto)
Approach
– Time Based OTP
– Event Based OTP
– Challenge Response OTP
– Out-of-band OTP
– Transaction Signing OTP
– Others
Standards
– OATH
![Page 68: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/68.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Time Based OTP
K=Secret Key / Seed
T=UTC Time
Hash function
OTP
![Page 69: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/69.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Event Based OTP
K=Secret Key / Seed
C = Counter HASH Function
OTP
![Page 70: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/70.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Token OTP pin protected
Source: Richard E. Smith / Authentication
![Page 71: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/71.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Token OTP pin protected
Source: Richard E. Smith / Authentication
![Page 72: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/72.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP Challenge Response Based
K=Secret Key / Seed
nonce
HASH Function
OTP
Challenge
![Page 73: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/73.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Transaction Signing OTP
![Page 74: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/74.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Others OTP
Out-of-Band
– SMS OTP
– TAN
Bingo Card
Etc.
![Page 75: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/75.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Out-of-band - SMS OTP
![Page 76: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/76.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Out-of-band - TAN OTP
![Page 77: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/77.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Bingo Card OTP
![Page 78: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/78.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Other[s] OTP technologies…
“Flicker code” Generator Software
that converts already
encrypted data into
optical screen animation
![Page 79: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/79.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP / OATH standards
Authentication Methods
![Page 80: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/80.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH - Authentication Methods
HOTP: An HMAC-Based OTP Algorithm (RFC 4226)
TOTP - Time-based One-time Password Algorithm (RFC 6238)
OCRA - OATH Challenge/Response Algorithms Specification (RFC 6287)
![Page 81: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/81.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
HOTP: An HMAC-Based One-Time Password Algorithm
RFC 4226
http://www.ietf.org/rfc/rfc4226.txt
Event Based OTP
Use HMAC: Keyed-Hashing for Message Authentication (RFC 2104)
![Page 82: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/82.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
HOTP – Crypto 101
![Page 83: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/83.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
HOTP – Crypto 101
![Page 84: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/84.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
TOTP - Time-based One-time Password Algorithm
RFC 6238
http://www.ietf.org/rfc/rfc6238.txt
Time Based OTP
Use HMAC: Keyed-Hashing for Message Authentication (RFC 2104)
![Page 85: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/85.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
TOTP – Crypto 101
![Page 86: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/86.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Challenge Response OTP
RFC 6287
http://www.ietf.org/rfc/rfc6287.txt
OCRA
OATH Challenge-Response Algorithm
![Page 87: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/87.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OCRA – Crypto 101
![Page 88: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/88.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP solution
OTP AuthN
![Page 89: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/89.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 90: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/90.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 91: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/91.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Software OTP for Smartphone
http://itunes.apple.com/us/app/iotp/id328973960
![Page 92: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/92.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OCRA on a mobile
![Page 93: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/93.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
google-authenticator
These implementations support
– HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226
– Time-based One-time Password (TOTP) algorithm specified in RFC 6238
– Google Authenticator • Android, IOS and Blackberry
http://code.google.com/p/google-authenticator/
![Page 94: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/94.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
google-authenticator
![Page 95: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/95.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OCRA on Mobile
![Page 96: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/96.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP without PIN
![Page 97: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/97.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP Pin Protected
![Page 98: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/98.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP on Smartcard
![Page 99: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/99.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP with Smartcard
![Page 100: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/100.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OTP hybrid (OTP & PKI)
![Page 101: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/101.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
YubiKey
![Page 102: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/102.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
YubiKey
![Page 103: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/103.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 104: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/104.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Yubikey
http://www.yubico.com/support/documentation/
http://forum.yubico.com/
http://code.google.com/p/yubico-pam/
![Page 105: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/105.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
PKI
PKI AuthN
![Page 106: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/106.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
PKI AuthN
Based on asymmetric encryption
![Page 107: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/107.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
PKI Tokens Storage
![Page 108: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/108.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Public Key Cryptography 101
![Page 109: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/109.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Signature 101
![Page 110: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/110.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Signature – Verification 101
![Page 111: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/111.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Mutual AuthN SSL
![Page 112: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/112.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
PKI Certificate Validation
CRL
Delta CRL
OCSP
![Page 113: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/113.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OSCP Validation
![Page 114: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/114.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 115: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/115.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 116: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/116.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 117: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/117.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Crypto Processor
Source: Richard E. Smith / Authentication
![Page 118: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/118.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 119: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/119.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 120: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/120.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Smart Card
![Page 121: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/121.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Smart Card
![Page 122: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/122.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Smart Card - Crypto
![Page 123: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/123.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 124: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/124.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 125: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/125.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Biometrics
BIO AuthN
![Page 126: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/126.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Biometrics
Source: http://www.biometrics.gov/
![Page 127: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/127.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Biometric Terms
Source: http://www.biometrics.gov/
![Page 128: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/128.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Enrollment Process
Source: http://www.biometrics.gov/
![Page 129: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/129.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Components
Source: http://www.biometrics.gov/
![Page 130: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/130.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
FRR / FAR
Source: http://www.biometrics.gov/
![Page 131: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/131.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
TAR
Source: http://www.biometrics.gov/
![Page 132: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/132.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
FAR
Source: http://www.biometrics.gov/
![Page 133: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/133.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Accept Rate Threshold
Source: http://www.biometrics.gov/
![Page 134: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/134.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Identification
Source: http://www.biometrics.gov/
![Page 135: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/135.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Identification
Source: http://www.biometrics.gov/
![Page 136: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/136.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Failure to Acquire
Source: http://www.biometrics.gov/
![Page 137: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/137.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Biometric Modalities
Source: http://www.biometrics.gov/
![Page 138: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/138.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Dynamic Signature
Source: http://www.biometrics.gov/
![Page 139: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/139.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Dynamic Signature History
Source: http://www.biometrics.gov/
![Page 140: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/140.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Dynamic Signature Technology
Source: http://www.biometrics.gov/
![Page 141: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/141.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Face Recognition
Source: http://www.biometrics.gov/
![Page 142: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/142.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Face Recognition History
Source: http://www.biometrics.gov/
![Page 143: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/143.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Face Recognition Technologies
Source: http://www.biometrics.gov/
![Page 144: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/144.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Principal Components Analysis (PCA)
Source: http://www.biometrics.gov/
![Page 145: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/145.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Linear Discriminant Analysis
Source: http://www.biometrics.gov/
![Page 146: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/146.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Elastic Bunch Graph Matching
Source: http://www.biometrics.gov/
![Page 147: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/147.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Fingerprinting
Source: http://www.biometrics.gov/
![Page 148: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/148.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Fingerprinting History
Source: http://www.biometrics.gov/
![Page 149: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/149.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Fingerprinting Technology
Source: http://www.biometrics.gov/
![Page 150: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/150.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Fingerprint Sensor
Source: http://www.biometrics.gov/
![Page 151: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/151.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Sensors USB
![Page 152: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/152.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Chipset
![Page 153: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/153.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
PIV-FIPS 201 Sensors
![Page 154: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/154.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Tablet approach
![Page 155: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/155.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Fingerprint Software
Source: http://www.biometrics.gov/
![Page 156: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/156.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 157: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/157.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 158: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/158.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Hand Geometry
Source: http://www.biometrics.gov/
![Page 159: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/159.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Hand Geometry History
Source: http://www.biometrics.gov/
![Page 160: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/160.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Hand Geometry History
Source: http://www.biometrics.gov/
![Page 161: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/161.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Hand Geometry Technology
Source: http://www.biometrics.gov/
![Page 162: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/162.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Iris Recognition
Source: http://www.biometrics.gov/
![Page 163: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/163.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Iris Recognition History
Source: http://www.biometrics.gov/
![Page 164: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/164.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Iris Recognition Technology
Source: http://www.biometrics.gov/
![Page 165: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/165.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Iris Recognition Technology
Source: http://www.biometrics.gov/
![Page 166: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/166.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Palm Print
Source: http://www.biometrics.gov/
![Page 167: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/167.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Palm Print History
Source: http://www.biometrics.gov/
![Page 168: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/168.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Palm Print Technology
Source: http://www.biometrics.gov/
![Page 169: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/169.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Palm Print Technology
Source: http://www.biometrics.gov/
![Page 170: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/170.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Speaker Verification
![Page 171: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/171.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Speaker Verification History
Source: http://www.biometrics.gov/
![Page 172: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/172.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Speaker Verification Technology
Source: http://www.biometrics.gov/
![Page 173: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/173.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Speaker Verification Technology
Source: http://www.biometrics.gov/
![Page 174: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/174.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Speaker Verification Technology
Source: http://www.biometrics.gov/
![Page 175: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/175.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Vascular Pattern
![Page 176: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/176.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Vascular Pattern History
Source: http://www.biometrics.gov/
![Page 177: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/177.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Vascular Pattern Technology
Source: http://www.biometrics.gov/
![Page 178: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/178.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Vascular Pattern Technology
Source: http://www.biometrics.gov/
![Page 179: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/179.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Vascular Pattern Technology
![Page 180: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/180.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Device fingerprint
A device fingerprint or machine fingerprint or browser fingerprint is information collected about a remote computing device for the purpose of identification
![Page 181: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/181.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Biometrics Technology
![Page 182: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/182.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Biometrics Technology
![Page 183: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/183.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Match-on-Card
![Page 184: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/184.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 185: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/185.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
MOC
![Page 186: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/186.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
MOC – Athena & Precise Biometrics
![Page 187: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/187.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
![Page 188: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/188.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH approach
Open Authentication
![Page 189: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/189.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH Approach
![Page 190: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/190.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH Logical view
![Page 191: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/191.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH Physical view
![Page 192: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/192.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH Authentication Framework
![Page 193: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/193.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH Client framework
![Page 194: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/194.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH AuthN methods 1/2
![Page 195: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/195.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH AuthN methods 2/2
![Page 196: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/196.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH AuthN protocols 1/3
![Page 197: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/197.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH AuthN protocols 2/3
![Page 198: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/198.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH AuthN protocols 3/3
![Page 199: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/199.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH AuthN validation framework
![Page 200: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/200.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH validation protocols
![Page 201: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/201.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
OATH provisioning
![Page 202: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/202.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Existing Credential Provisioning Protocols 1/2
![Page 203: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/203.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Existing Credential Provisioning Protocols 2/2
![Page 204: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/204.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Software Provisioning Protocols
![Page 205: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/205.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
End Volume 1
Sylvain MARET / @smaret [email protected] http://www.slideshare.net/smaret http://www.linkedin.com/in/smaret
![Page 206: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/206.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Appendices
![Page 207: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/207.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Threat Modeling
DFD
STRIDE
![Page 208: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/208.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Threat Modeling Process
Diagram
Identify Threats
Mitigate
Validate
Vision
![Page 209: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/209.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD symbols
![Page 210: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/210.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD Symbols
![Page 211: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/211.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD Symbols
![Page 212: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/212.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Trust boundaries that intersect data flows
Points/surfaces where an attacker can interject
– Machine boundaries, privilege boundaries, integrity boundaries are examples of trust boundaries
– Threads in a native process are often inside a trust boundary, because they share the same privs, rights, identifiers and access
Processes talking across a network always have a trust boundary
![Page 213: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/213.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD Level
Level 0 - Context Diagram – Very high-level; entire component / product / system
Level 1 Diagram – High level; single feature / scenario
Level 2 Diagram – Low level; detailed sub-components of features
Level 3 Diagram – More detailed
– Rare to need more layers, except in huge projects or when you’re drawing more trust boundaries
![Page 214: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/214.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
STRIDE - Tool Threat Property Definition Example
Spoofing Authentication Impersonating
something or
someone else.
Pretending to be any of billg, xbox.com or a
system update
Tampering Integrity Modifying data or
code
Modifying a game config file on disk, or a
packet as it traverses the network
Repudiation Non-repudiation Claiming to have not
performed an action
“I didn’t cheat!”
Information
Disclosure
Confidentiality Exposing information
to someone not
authorized to see it
Reading key material from an app
Denial of Service Availability Deny or degrade
service to users
Crashing the web site, sending a packet and
absorbing seconds of CPU time, or routing
packets into a black hole
Elevation of Privilege Authorization Gain capabilities
without proper
authorization
Allowing a remote internet user to run
commands is the classic example, but running
kernel code from lower trust levels is also EoP
![Page 215: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/215.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
STRIDE – Security Controls STRIDE Threat List
Type Examples Security
Control
Spoofing Threat action aimed to illegally access and use another
user's credentials, such as username and password. Authentication
Tampering
Threat action aimed to maliciously change/modify
persistent data, such as persistent data in a database, and
the alteration of data in transit between two computers
over an open network, such as the Internet.
Integrity
Repudiation
Threat action aimed to perform illegal operations in a
system that lacks the ability to trace the prohibited
operations.
Non-
Repudiation
Information
disclosure
Threat action to read a file that one was not granted
access to, or to read data in transit. Confidentiality
Denial of
service
Threat aimed to deny access to valid users, such as by
making a web server temporarily unavailable or unusable. Availability
Elevation of
privilege
Threat aimed to gain privileged access to resources for
gaining unauthorized access to information or to
compromise a system.
Authorization
![Page 216: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/216.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
SRIDE
![Page 217: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/217.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
SRIDE
![Page 218: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/218.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD & STRIDE
![Page 219: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/219.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD AuthN 1FA
![Page 220: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/220.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
DFD – AuthN 1FA / STRIDE
![Page 221: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/221.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
HSPD-12
PIV AuthN
![Page 222: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/222.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
Homeland Security Presidential Directive/Hspd-12
http://www.dhs.gov/homeland-security-presidential-directive-12
![Page 223: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/223.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
FIPS 201 / PIV
Federal Information Processing Standard 201, Personal Identity Verification (PIV) of Federal Employees and Contractors, March 2006. – (See http://csrc.nist.gov)
FIPS 201 (Federal Information Processing Standard Publication 201) is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors.
http://www.idmanagement.gov/
![Page 224: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/224.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
FICAM Roadmap
![Page 225: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/225.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
FICAM Roadmap
![Page 226: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/226.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
FICAM Roadmap
![Page 227: INA Volume 1/3 Version 1.0 Released / Digital Identity and Authentication](https://reader036.vdocument.in/reader036/viewer/2022070315/555115e5b4c905b1138b4bfc/html5/thumbnails/227.jpg)
INA Volume 1 – Version 1.0 / @smaret 2013
FICAM Roadmap