CIS14: Filling the “authentication goes here” Hole in Identity

•

0 likes•394 views

Michael Barrett, FID O Alliance A report on the headway the FIDO Alliance is making in establishing standards that enable easily interoperable authentication, covering the high-level technical architecture of these new authentication protocols and giving an update on progress.

Michael Barrett, president of the
FIDO Alliance
Cloud
Iden*ty
Summit
July,

2014

www.fidoalliance.org
Copyright 2014, The FIDO Alliance
All Rights Reserved
1

Rampant online attacks
3

•  Major hacks have been
targeted at password
databases within Online
Gaming, Financial Services,
Social Media organizations
•  Password Re-use is a
significant problem – technical
analysis of data breaches have
shown that 76% of passwords
used across multiple sites.

Opportunity for Better Authentication is Upon Us
For
Users
For
Organiza0ons

Painful to Use

•  25
Accounts

•  8
Logins
/
Day

•  6.5
Passwords

Difficult to Secure

•  $5.5M
/
Data
Breach

•  $15M
/
PWD
Reset

•  $60+

/

Token

For
the
Ecosystem

Impossible to Scale

•  Fragmented

•  Inﬂexible

•  Slow
to
Adopt

3

JUST EASY
“BETTER
AUTHENTICATION”
JUST BAD
HighSecurityLow UNPLEASANT
Low High
Usability
Authentication is not a Continuum…
5

Common authentication plumbing
Users
Cloud/Enterprise
Devices
Federation
Open Standard
Plug-In Approach
Interoperable Ecosystem
Usable
Authentication
WHAT IS NEEDED

FIDO -‐ Unique Approach
Any Device.AnyApplication.AnyAuthenticator.
Standardized Protocols
Local authentication
unlocks app specific key
Key used to authenticate
to server

Improved security

Unique cryptographic secret created per
user account + device + site
•  Protection against brute force attacks
•  Segmentation of risk
•  Protection against unintentional disclosure

FIDO’s Explosive growth
Industry
Standard
Feb 2013 May 2014 Next
6

118

Companies Companies
Public
Launch
Public Review
Spec
Companies

Marrying FIDO to IdenGty
With
thanks
to
Paul
Madsen
(whose
slides
I
stole…)

Generic federaGon ﬂow diagram
Copyright © 2014 Ping Identity Corp.All rights reserved. 13

Complementary
. 14
•  FIDO
•  Insulates authentication
server from specific
authenticators
•  Focused solely on primary
authentication
•  Does not support attribute
sharing
•  Can communicate details of
authentication from device
to server
•  Federation
–  Insulates application from
specific identity providers
–  Does not address primary
authentication
–  Does enable secondary
authentication & attribute
sharing
–  Can communicate details of
authentication from IdP to SP

High

Low

High

Low

Frequency

of
login

Assurance

status

quo

High

Low

High
Low

Frequency

of
login

Assurance

status

quo

federa0on

SSO
slide

No
more

‘Passsword123’

bump

High

Low

High

Low

Frequency

of
login

Assurance

status

quo

federa0on

FIDO

Con0nuum

FIDO implicaGons
•  FIDO supports a range of assurance – determined by the specifics of the local
authentication
•  Recall – “Unique cryptographic secret created per user account +
device + site”
•  Implication is multiple registrations & authentications – which may be sub-
optimal from the user’s PoV

High

Low

High

Low

Frequency

of
login

Assurance

status

quo

federa0on

FIDO
+

federa0on

FIDO

CALL TO ACTION
•  AUTHENTICATION IS A FUNDAMENTAL PROBLEM AND
IT IS AN INDUSTRY PROBLEM
•  NO ONE COMPANY CAN FIX THIS PROBLEM
•  JOIN FIDO ALLIANCE – HELP FIX
•  OPPORTUNITY TO CREATE NEW SERVICES, NEW
MARKETS, NEW INNOVATIONS, NEW BUSINESSES AND
NEW REVENUE MODELS
•  TAKE THE LEADERSHIP, INCLUDE FIDO SUPPORT AT
THE SOURCE ON YOUR DEVICES
•  FIDO READY COMMERCIAL PRODUCTS ARE AVAILABLE
IN THE MARKET
•  MAKE THE CONNECTED WORLD SECURE, PRIVATE,
FRAUD FREE , EASY TO USE AND STAY CONNECTED

What's hot

FIDO Technical Specifications Overview

FIDO Alliance

The document discusses technical specifications for device authentication provided by FIDO. It describes issues with traditional password authentication and how FIDO addresses these through standards that separate user verification from authentication. FIDO uses public key cryptography and relies on authenticators that can be integrated into devices to enable strong, passwordless authentication across multiple websites and applications.

FIDO Authentication Opportunities in Healthcare

FIDO Alliance

Introduction to the FIDO Alliance

FIDO Alliance

The FIDO Alliance is an open industry association with over 250 member organizations focused on developing authentication standards to address the password problem. It has developed authentication standards based on public key cryptography as a stronger and simpler alternative to passwords. The FIDO ecosystem now includes over 350 certified solutions that can protect over 3.5 billion user accounts worldwide. The document discusses the password problem and outlines how FIDO authentication works to provide both security and usability through standards-based, interoperable authentication.

Javelin Research 2017 State of Authentication Report

FIDO Alliance

FIDO Certified Program: The Value of Certification

FIDO Alliance

Introduction to FIDO Biometric Authentication

FIDO Alliance

FIDO Biometric Certification Program

FIDO Alliance

The document outlines the FIDO Alliance's Biometric Certification Program. It aims to certify biometric components and subsystems to ensure interoperability, promote adoption of FIDO standards, and provide performance benchmarks. The certification process involves two steps - first testing the biometric subcomponent, then full authenticator testing. It defines biometric performance metrics like false accept and reject rates, and requires components to meet specified thresholds or allow self-attestation with test data. The certification is independent of the Authenticator Certification Program and helps identify solutions as officially FIDO certified.

Is Government Data as Safe as it Could Be?

Samsung SDS America

This document summarizes a biometric authentication solution called Samsung SDS Nexsign that allows government employees and contractors to securely access files and applications using fingerprint, facial, or voice recognition rather than passwords. It claims to reduce costs and complexity by eliminating the need for multiple passwords, meet strict security standards through compliance with FIDO and PKI policies, and enforce deeper security by storing authentication credentials on devices rather than servers and using a Trusted Execution Environment to encrypt biometric data.

Authenticate 2021: Welcome Address

FIDO Alliance

The document provides an overview and introduction to the Authenticate 2021 conference. It discusses the growing need for strong user authentication given increased cyberattacks. It summarizes the FIDO Alliance's work in developing open authentication standards like WebAuthn and U2F to enable simpler and more secure authentication using public key cryptography and moving away from password-based systems. The document outlines the growing adoption of FIDO standards by companies and devices. It previews sessions and speakers at the conference and next steps for the FIDO Alliance to further authentication security and adoption.

FIDO Alliance Today: Status and News

FIDO Alliance

Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...

FIDO Alliance

FIDO in Government

FIDO Alliance

Global Regulatory Landscape for Strong Authentication

FIDO Alliance

The document discusses how governments are increasingly prioritizing strong authentication and looking to standards like FIDO to provide more secure, usable and privacy-preserving authentication. It notes that the UK and US governments have highlighted FIDO and endorsed its ability to deliver improved security without passwords. The document also discusses how authentication is an area of regulatory focus due to compliance needs around privacy, security and access across domains like digital government, healthcare, payments and financial services. It argues that FIDO specifications address regulatory needs by providing nimble, configurable and cost-effective strong authentication.

Introduction to the FIDO Alliance: Vision & Status

FIDO Alliance

This document summarizes the FIDO Alliance's vision and status. It discusses how authentication has become a major problem and how over 250 organizations are working together through the FIDO Alliance to solve this problem by developing open standards for simpler and stronger authentication using public key cryptography. The FIDO Alliance aims to deliver security, privacy, interoperability and usability through specifications such as FIDO UAF, FIDO U2F and the upcoming FIDO2/WebAuthn specifications. The Alliance has seen strong growth in functional certifications and aims to also offer security and biometric certifications to validate authenticator safety and accurate user identification.

FIDO Alliance Vision and Status

FIDO Alliance

Tatyana-Arnaudova - English

Tatyana Arnaudova

The Fast Identity Online (FIDO) framework aims to support a variety of authentication technologies to replace passwords, including biometrics, security tokens, and smart cards. It uses public-key cryptography where the user's device generates a key pair during registration and then signs a challenge from the server for login. There are two main protocols - Universal Authentication Framework (UAF) which allows authentication through local actions like fingerprints, and U2F which provides a second factor for login through a security key. FIDO has advantages like reducing password complexity and recovery procedures, but also has disadvantages like requiring compatible hardware and potential to forget authentication devices.

Identiverse 2020 - Account Recovery with 2FA

Kelley Robinson

FIDO And the Future of User Authentication

FIDO Alliance

The document discusses the problems with passwords and introduces FIDO as a solution. It notes that consumers have many online accounts but reuse few passwords, while businesses lose over $1 billion to credential theft annually. FIDO uses public key cryptography and requires a second factor, like a fingerprint, to log in securely. It has seen growing adoption with hundreds of implementations and support from governments and companies around the world working to replace passwords with stronger FIDO authentication.

Managing Identity without Boundaries

Ping Identity

The document discusses the challenges of identity and access management (IAM) in cloud computing environments. Traditional IAM solutions are insufficient for the cloud because they are focused on internal security, are difficult and slow to implement, and rely on proprietary standards. The next generation IAM platform needs features like federation to securely provide a single identity to multiple organizations, agility and lightweight deployment on-premise or in the cloud, and support for open standards to simplify integration. A cloud-ready IAM solution provides benefits like being future-proof for web, API and mobile access, having a single secure identity, driving revenue through improved customer experience and productivity.

Kookmin Bank FIDO Case Study

FIDO Alliance

What's hot (20)

FIDO Technical Specifications Overview

FIDO Authentication Opportunities in Healthcare

Introduction to the FIDO Alliance

Javelin Research 2017 State of Authentication Report

FIDO Certified Program: The Value of Certification

Introduction to FIDO Biometric Authentication

FIDO Biometric Certification Program

Is Government Data as Safe as it Could Be?

Authenticate 2021: Welcome Address

FIDO Alliance Today: Status and News

Microsoft's Path to Passwordless - FIDO Authentication for Windows & Azure Ac...

FIDO in Government

Global Regulatory Landscape for Strong Authentication

Introduction to the FIDO Alliance: Vision & Status

FIDO Alliance Vision and Status

Tatyana-Arnaudova - English

Identiverse 2020 - Account Recovery with 2FA

FIDO And the Future of User Authentication

Managing Identity without Boundaries

Kookmin Bank FIDO Case Study

Viewers also liked

CIS14: Kantara - Enabling Trusted and Secure Online Access to Government of C...

CloudIDSummit

The document summarizes the Government of Canada's strategy to enable trusted and secure online access to government services through identity federation. It discusses establishing a federated identity system that allows validation of citizen identities across government departments and jurisdictions. This will provide a seamless experience for citizens to access multiple online services using a single authenticated identity. The strategy involves initial credential federation followed by longer term identity federation, in collaboration with private sector identity providers and other levels of government. The goal is to improve convenience for citizens while reducing costs for governments.

CIS 2015- Beyond Federation Protocols- Praerit Garg

CloudIDSummit

The document discusses the evolution of federated identity protocols over the past 10+ years. While OAuth 2.0 is now widely adopted for federating web identities, the document argues that federation protocols alone are not sufficient. It suggests that applications also need ways to: 1) scope trust with federated identity providers, 2) provision access for federated identities, and 3) enable collaboration across federated identities. The document calls on the audience to build on existing work and find standards-based solutions to make these capabilities easier.

OpenId Connect in Shibboleth Identity Provider

Misagh Moayyed

Microsoft Azure Identity and O365

Kris Wagner

CAS IU Presentation

Misagh Moayyed

The document summarizes Indiana University's upgrade of its Central Authentication Service (CAS) from version 2 to version 3.5.2. Key aspects of the upgrade included designing and implementing a system of "AppCodes" to dynamically render user interfaces and determine authentication requirements, integrating primary authentication via Kerberos and a knowledge base, enabling secondary authentication via RADIUS for multi-factor authentication, extending CAS protocols to support IUCAS, and setting up an active-active high availability deployment using EhCache for ticket storage. The project was developed using Git source control and a continuous integration workflow.

How to CASifying PeopleSoft and Integrating CAS and ADFS

John Gasper

JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365

Scott Hoag

Looking to reduce the number of post-it notes you see stuck around the office? Seeking to automate your user creation processes for Office 365? Or maybe you’re interested in single sign-on for everything you host in the cloud? Are you questioning what a cloud identity is? This session will take you through the basics of identity in the Microsoft Cloud and show you how to set up and configure Office 365 with Azure Active Directory using the Azure Active Directory Synchronization Connect tools.

CIS14: Working with OAuth and OpenID Connect

CloudIDSummit

2016 09-15 unicon-iam-update

Lasbrey Nwachukwu

This document provides information about an upcoming webinar on September 15, 2016 at 11am PT hosted by Unicon on CAS, Shibboleth, and Grouper. The webinar will include presentations from Mike Grady on Shibboleth, Dmitriy Kopylenko on CAS, and John Gasper on Grouper, with questions to follow. Details are provided on joining the webinar via Zoom or telephone. Information is also given on recent and upcoming identity and access management events, trends in the field, and Unicon's contributions to various open source identity projects.

Mit 2014 introduction to open id connect and o-auth 2

Justin Richer

The document provides an overview of OAuth 2.0 and OpenID Connect (OIDC) protocols. It discusses how OAuth limits information sharing between parties in a protocol to improve security. It presents a diagram showing the separation of username, codes, tokens, sessions, and other credentials between the user agent, authorization server, client, and protected resource in the OAuth authorization code flow. The document emphasizes that OAuth and OIDC aim to avoid password proliferation, enable authentication and authorization across different systems, and provide a standardized user identity API.

Standard-based Identity (1)

Masaru Kurahayashi

タイトル：『Standard-based Identity (1)』概要：デジタル・アイデンティティの世界は、ここ数年で OpenID Connect、SAML、SCIM、OAuth等の連携のためのプロトコルの標準化が進みました。その結果、我々は複数の組織やサービス間で ID情報を連携して、新しいしくみやサービスを作ることがより容易に行えるようになりました。本セッションでは、これらのID情報連携プロトコルについて、あらためて基本からわかりやすく解説します。 ID & IT Management Conference 2016 Sep 16, 2016 URL：https://nosurrender.jp/idit2016/program.html#DE02

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Mike Schwartz

Trust elevation allows increasing authentication strength to enable higher-risk transactions. It involves tradeoffs between security and usability. OAuth2 and OpenID Connect provide standard authentication frameworks for apps and APIs, supporting a range of authentication methods from passwords to biometrics. User managed access (UMA) further extends OAuth2 to implement policy-based access control. To enable cross-domain trust elevation, organizations can participate in federated identity systems like SAML and OAuth2 federations, which standardize technical and legal integration between identity providers. Emerging areas involve authentication for IoT devices and fine-grained access control over distributed data.

Kantara OTTO slides

Mike Schwartz

Open Trust Taxonomy for Federation Operators - if you are interested in new technologies to enable trust across multiple domains, you should consider joining the OTTO WG at Kantara. These slides are a quick overview of the work, with links to enable you to find out more. Mutli-party Federations help drive down the legal and techincal cost of SSO and collaboration for technologies like SAML, OAuth, and PKI. It's a trust model that makes sense when you have a reasonably sized ecosystem--not millions, but thousands.

Viewers also liked (13)

CIS14: Kantara - Enabling Trusted and Secure Online Access to Government of C...

CIS 2015- Beyond Federation Protocols- Praerit Garg

OpenId Connect in Shibboleth Identity Provider

Microsoft Azure Identity and O365

CAS IU Presentation

How to CASifying PeopleSoft and Integrating CAS and ADFS

JAXSPUG January 2016 - Microsoft Cloud Identities in Azure and Office 365

CIS14: Working with OAuth and OpenID Connect

2016 09-15 unicon-iam-update

Mit 2014 introduction to open id connect and o-auth 2

Standard-based Identity (1)

Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...

Kantara OTTO slides

Similar to CIS14: Filling the “authentication goes here” Hole in Identity

FIDO Alliance: Year in Review Webinar slides from January 20 2016

FIDO Alliance

Last year was a year of great progress for the FIDO Alliance and standards-based strong authentication. Tens of millions of FIDO-enabled devices are now in use worldwide. There are over 100 FIDO Certified™ products available, and nearly 250 organizations are now taking part in the Alliance, including more than a dozen trade association partners. The market is clearly showing that now is the time to deploy FIDO authentication to modernize failing password systems. These slides address: – The uptake in global momentum – Details on FIDO’s recent submission to the World Wide Web Consortium – The Alliance’s plans and strategy for 2016 and what this means to you and your organization in the upcoming year We encourage you and your colleagues to view these slides to catch up on what happened in 2015 and to learn how FIDO’s explosive growth can benefit your organization in 2016. You can listen to the webinar audio here: https://fidoalliance.org/events/fido-alliance-year-in-review-webinar/

Introduction to FIDO Alliance

FIDO Alliance

FIDO® for Government & Enterprise - Presentation

FIDO Alliance

With FIDO 1.0 standards published in December, 2015, mainstream product adoption and service deployment has begun with more announcement planned for the RSA Security Conference 2015. This webinar will feature FIDO highlights from the conference and a discussion of how governments and enterprises are engaging with FIDO Alliance and the new wave of innovative authentication solutions FIDO standards enable, with a special focus on how the US Government is positioning FIDO within the context of NSTIC (National Strategy for Trusted Identities in Cyberspace).

Fido Overview: Status and Future

FIDO Alliance

1) Data breaches are widespread, resulting in over 1 billion stolen records since 2012. Passwords are vulnerable and difficult for users. 2) The FIDO Alliance proposes a new authentication model called FIDO that provides strong security without compromising usability. FIDO uses public key cryptography during registration and login to securely authenticate users. 3) FIDO authentication works across devices and applications, providing a simple and secure login experience for users. Major companies like Google, PayPal, and Samsung have already implemented FIDO standards in their products.

Introduction to FIDO Alliance

FIDO Alliance

Introduction to FIDO Alliance by Brett McDowell, FIDO Alliance, Executive Director from the FIDO Alliance Seminar in New York City on March 3, 2016, entitled "Key Trends in Strong Authentication" The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.

kill-chain-presentation-v3

Shawn Croswell

1) Privileged identity, such as system administrator accounts, is the core enabler of cyber attacks according to security reports. 2) Existing security layers like firewalls and antivirus have been breached in major data breaches involving companies like Target and Home Depot. 3) A new security layer focused on privileged identity management (PIM) is needed to protect privileged accounts and help break the cyber attack kill chain.

Intro to Passkeys and the State of Passwordless.pptx

FIDO Alliance

Compliance & Identity access management

Prof. Jacques Folon (Ph.D)

The document discusses identity and access management (IAM) and its relationship to cloud computing. IAM is the process of managing digital identities and access privileges for users, systems, and services. When using cloud computing, an organization relinquishes control over infrastructure but gains flexibility, scalability, and reduced costs. IAM becomes especially important in the cloud to ensure security, privacy, and compliance through features like authentication, authorization, and audit tracking across multiple cloud applications and services.

DOCOMO Joins FIDO Alliance Board of Directors

FIDO Alliance

The FIDO Alliance was founded in 2013 to address the problems with passwords and make online authentication easier and more secure. The FIDO model uses public key cryptography and authenticator devices to verify user identity without the use of passwords. FIDO authentication works by having the user verify themselves through an authenticator device, like a fingerprint reader, without transmitting any sensitive data to servers. This allows for strong security without compromising usability. Since its founding, the FIDO Alliance has grown to include nearly 200 global members working to deploy interoperable FIDO standards and certification programs.

Javelin Research's State of Strong Authentication 2019 Report Webinar

FIDO Alliance

FIDO UAF Specifications: Overview & Tutorial

FIDO Alliance

1. Passwords are insecure and inconvenient, especially on mobile devices, while alternative authentication methods are siloed and don't scale well. 2. FIDO separates user verification from authentication, supporting all verification methods and providing scalable convenience and security. 3. In FIDO, only public keys are stored on servers and authentication relies on private keys protected in authenticators, making it resistant to phishing and password theft.

The FIDO Alliance Today: Status and News

FIDO Alliance

Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009

ClubHack

This document discusses risk-based penetration testing and how it differs from traditional penetration testing. Risk-based testing focuses on business risks rather than just technical vulnerabilities. It requires understanding both the technical aspects as well as the business processes. Test cases are developed based on risk scenarios specific to the business, and severity levels are assigned based on risk to the business rather than just technical parameters. The audience for risk-based testing reports also includes business stakeholders not just IT teams. Examples of risk-based testing for different types of organizations are provided.

Introduction to FIDO: A New Model for Authentication

FIDO Alliance

Going Passwordless with Microsoft

FIDO Alliance

The document discusses Microsoft's strategy for going passwordless. It begins by outlining the problems with passwords, such as increased security incidents and support costs due to forgotten passwords. It then presents Microsoft's four step strategy to achieve the end-user and security promises of being passwordless: 1) deploy password replacement offerings, 2) reduce visible password surface area, 3) transition to passwordless methods, and 4) eliminate passwords from identity directories. Specific passwordless methods discussed include Windows Hello, Microsoft Authenticator, and FIDO2 security keys. The document demonstrates how these work across platforms and provides resources for learning more.

2014 IoT Forum_ Fido Alliance

COMPUTEX TAIPEI

CyberSecurity Update Slides

Jim Kaplan CIA CFE

Organizations are increasingly looking to their Internal Auditors to provide independent assurance about cyber risks and the organization's ability to defend against cyber attacks. With information technology becoming an inherent critical success factor for every business and the emerging cyber threat landscape, every internal auditor needs to equip themselves on IT audit essentials and cyber issues. In part 14 of our Cyber Security Series you will learn about the current cyber risks and attack methods from Richard Cascarino, including: Where are we now and Where are we going? Current Cyberrisks • Data Breach and Cloud Misconfigurations • Insecure Application User Interface (API) • The growing impact of AI and ML • Malware Attack • Single factor passwords • Insider Threat • Shadow IT Systems • Crime, espionage and sabotage by rogue nation-states • IoT • CCPA and GDPR • Cyber attacks on utilities and public infrastructure • Shift in attack vectors

FIDO Alliance Webinar: Intuit's Journey with FIDO Authentication

FIDO Alliance

Millions of customers trust Intuit with their most sensitive financial information. With that in mind, Intuit recently rolled out FIDO Authentication on its mobile apps to provide additional layers of security while simultaneously making the user experience more convenient. In this webinar, Marcio Mello, director & head of Product Management – Intuit Identity & Profile Platform, presents Intuit’s approach to enable FIDO Authentication, including: Intuit’s priorities in choosing a mobile strong authentication solution --The steps Intuit took to evaluate strong authentication solutions that met its security and usability requirements --Intuit’s evaluation of FIDO authentication vendors and solution chosen --The steps Intuit took to roll out FIDO Authentication, challenges faced and how they were overcome --Intuits login time and security results after deploying FIDO --Intuit’s advice for other service providers deploying FIDO Speakers: Marcio Mello, Director & Head of Product Management – Intuit Identity & Profile Platform Andrew Shikiar, Executive Director & CMO, FIDO Alliance

Cyber Security Seminar

Jeremy Quadri

BREACHED: Data Centric Security for SAP

UL Transaction Security

SECUDE is an innovative provider of IT security solutions for SAP customers. It focuses on data-centric security and classification with its Halocore solutions. Halocore allows users to identify sensitive data extracted from SAP, apply data loss prevention controls, and protect documents with rights management. This helps mitigate security risks, reduce compliance costs, and prevent data breaches and theft. The presenters discuss how rising security threats, lack of preparedness, and stringent compliance regulations are pushing companies to find new ways to secure their SAP data.

Similar to CIS14: Filling the “authentication goes here” Hole in Identity (20)

FIDO Alliance: Year in Review Webinar slides from January 20 2016

Introduction to FIDO Alliance

FIDO® for Government & Enterprise - Presentation

Fido Overview: Status and Future

Introduction to FIDO Alliance

kill-chain-presentation-v3

Intro to Passkeys and the State of Passwordless.pptx

Compliance & Identity access management

DOCOMO Joins FIDO Alliance Board of Directors

Javelin Research's State of Strong Authentication 2019 Report Webinar

FIDO UAF Specifications: Overview & Tutorial

The FIDO Alliance Today: Status and News

Nikhil wagholikar _risk_based_penetration_testing - ClubHack2009

Introduction to FIDO: A New Model for Authentication

Going Passwordless with Microsoft

2014 IoT Forum_ Fido Alliance

CyberSecurity Update Slides

FIDO Alliance Webinar: Intuit's Journey with FIDO Authentication

Cyber Security Seminar

BREACHED: Data Centric Security for SAP

More from CloudIDSummit

CIS 2016 Content Highlights

CloudIDSummit

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CloudIDSummit

The Cloud Identity Summit was founded by Ping Identity with support from industry leaders in 2010 to bring together the brightest minds across the identity and security industry. Today the event is recognized as the world’s premier identity industry conference and includes tracks from industry thought leaders, CIOs and practitioners. Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. For more info, go to www.cloudidentitysummit.com. Be apart of the convo on Twitter: @CloudIDSummit + #CISNOLA

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

CloudIDSummit

This document introduces a new identity security system called Sierra Border Security V1.0. It discusses how the assumptions around internet and enterprise security have changed over time as the perimeter has expanded with new technologies. The key challenges mentioned are that identity is now too weak and disconnected to protect organizations at scale. The proposed new system aims to evolve authentication beyond single-factor to continuous multi-factor authentication using standards-based interactions. It will leverage big data and intelligence for dynamic access control and move to identity-based security definitions.

Mobile security, identity & authentication reasons for optimism 20150607 v2

CloudIDSummit

This document discusses authentication and security across devices, operating systems, applications, and networks. It covers a variety of authentication mechanisms like fingerprints, facial recognition, PINs, and security hardware. It also discusses the FIDO protocol for passwordless authentication and its ability to securely authenticate users across different devices and applications. The growing number of connected devices makes scalable authentication a challenge, but solutions like FIDO aim to simplify authentication without compromising security.

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CloudIDSummit

In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism. With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments. How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CloudIDSummit

This document discusses building an enterprise identity provider (IdP) to address security, scalability, and governance of federated identity and access management. It describes what an enterprise IdP is and its benefits, including being a federated identity service, security token service, providing a 360 degree view of identity, and more. It outlines considerations for building an enterprise IdP such as for scalability, ROI, durability, and longevity. Potential pitfalls are also discussed like responsibility issues, skills gaps, lack of time and sponsorship. Planning recommendations include committing to a strategic IAM view, formalizing an IAM program, selling the idea of an enterprise IdP, and leveraging strategic partners.

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CloudIDSummit

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them? In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CloudIDSummit

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CloudIDSummit

You'll laugh, you'll cry, and you might even pick up a useful nugget or two listening to a real-world enterprise IT architect share the experiences of the past year trying to support his business migrating to cloud services, and sharing the lessons learned from trying to integrate 2 hybrid enterprises into a single, streamlined company. You'll hear where the cloud came through for us, and how we often had to fall back to on-prem services such as FIM, Ping Federate, and ADFS to make the glue which binds it all together.

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CloudIDSummit

Brian Katz discusses how IoT and identity management are important for mobile enterprises. He notes that IoT strategies must include connectivity APIs, sensors to collect data, and tools to manage identity across endpoints. Effective IoT implementation generates large amounts of data from connected devices that companies need to properly manage and secure. There are also challenges around data ownership, privacy, lack of standards, and security that businesses must address when incorporating IoT technologies.

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CloudIDSummit

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CloudIDSummit

The IAM program needs to align behind the shift towards ITaaS, building the platform for execution and supporting transformation and migration activities. CIOs should keep informed through a relevant IAM capability roadmap in order to make calculated decisions on where investments should be made. Ongoing investments in the IAM program are crucial in order to fill capability gaps, keep up-to-date with support and license agreements and make opportunistic progress on the strategic roadmap. In this talk, Steve discusses recent experiences and lessons learned in preparing for and pitching VMware’s CIO on enterprise IAM program initiatives.

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CloudIDSummit

The document discusses securing the Internet of Things. It begins by describing common constraints of IoT devices like limited RAM, flash, and CPU capabilities. It then summarizes lessons learned from real-world attacks on IoT systems, including limited software update mechanisms, missing key management, inappropriate access control, lack of communication security, and vulnerability to physical attacks. The document advocates following security best practices like integrating software updates, using modern OS concepts, automated key management, and considering physical attacks in threat analyses. It also describes ARM's contributions to improving IoT security through its mbed platform, libraries, and involvement in standards organizations.

CIS 2015 The IDaaS Dating Game - Sean Deuby

CloudIDSummit

The IDaaS (identity as a service) market segment continues to grow in popularity, and the scope of its vendor's capabilities continue to grow as well. It's still not a match for everyone, however. Join identity architect Sean Deuby for an overview of the most popular IDaaS deployment scenarios, scenarios where IDaaS has a tougher time meeting customer requirements, and whether your company is likely to find its perfect IDaaS mate.

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

CloudIDSummit

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CloudIDSummit

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CloudIDSummit

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CloudIDSummit

Centralized session management has long been a goal of Web Access Management systems: the idea that one session can give end users access to dozens of protected applications with a seamless SSO experience, and terminating it (either by the end user themselves, or by an administrator) cuts off access instantly. It’s a nice dream isn’t it? Turns out that while most WAM products claim they can do this, when deployment time comes around (especially in globally distributed organizations) serious security and scalability challenges emerge that make it unfeasible. In this “session”, come and learn our vision for deploying session management at scale and see how Ping Identity has implemented it in our Federated Access Management solution.

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CloudIDSummit

Are you asking yourself how do I take my inhouse application and make it available to internal users, partners or customers using SSO and access management technologies? Oh, and you don't want it to be a 6 month project? No problem. Come and find out how to leverage your existing investments and move to modern standards like OpenID Connect, without having to rip and replace infrastructure. Learn the capabilities and tradeoffs you can make to deploy the right level of identity and access management infrastructure to match your security needs.

CIS 2015 Identity Relationship Management in the Internet of Things

CloudIDSummit

Devices need owners, people need confidence in device authenticity, data needs to persist in systems long after devices change hands, and access needs to be authorized selectively. That's a lot to ask; even if emerging web identity and security technologies are simpler than the models of yesteryear, IoT devices have complicating limitations when it comes to processing power, memory, user interface, and connectivity. But many use cases span web and IoT environments, so we must try! What are the specific requirements? What elements of web technologies can we borrow outright? What elements may need tweaking?

More from CloudIDSummit (20)

CIS 2016 Content Highlights

Top 6 Reasons You Should Attend Cloud Identity Summit 2016

CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...

Mobile security, identity & authentication reasons for optimism 20150607 v2

CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...

CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...

CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...

CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl

CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz

CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...

CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout

CIS 2015 How to secure the Internet of Things? Hannes Tschofenig

CIS 2015 The IDaaS Dating Game - Sean Deuby

CIS 2015 SSO for Mobile and Web Apps Ashish Jain

The Industrial Internet, the Identity of Everything and the Industrial Enterp...

CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva

CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian

CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva

CIS 2015 Identity Relationship Management in the Internet of Things

Recently uploaded

What’s New in Teams Calling, Meetings and Devices May 2024

Stephanie Beckett

The Rise of Supernetwork Data Intensive Computing

Larry Smarr

BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf

Neo4j

Presented at Gartner Data & Analytics, London Maty 2024. BT Group has used the Neo4j Graph Database to enable impressive digital transformation programs over the last 6 years. By re-imagining their operational support systems to adopt self-serve and data lead principles they have substantially reduced the number of applications and complexity of their operations. The result has been a substantial reduction in risk and costs while improving time to value, innovation, and process automation. Join this session to hear their story, the lessons they learned along the way and how their future innovation plans include the exploration of uses of EKG + Generative AI.

Mitigating the Impact of State Management in Cloud Stream Processing Systems

ScyllaDB

Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states. In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing. Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.

Pigging Solutions Sustainability brochure.pdf

Pigging Solutions

Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment. How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.

RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx

SynapseIndia

[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf

Kief Morris

論文紹介：A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...

Toru Tamaki

Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy

RaminGhanbari2

Password Rotation in 2024 is still Relevant

Bert Blevins

The Increasing Use of the National Research Platform by the CSU Campuses

Larry Smarr

Quality Patents: Patents That Stand the Test of Time

Aurora Consulting

Is your patent a vanity piece of paper for your office wall? Or is it a reliable, defendable, assertable, property right? The difference is often quality. Is your patent simply a transactional cost and a large pile of legal bills for your startup? Or is it a leverageable asset worthy of attracting precious investment dollars, worth its cost in multiples of valuation? The difference is often quality. Is your patent application only good enough to get through the examination process? Or has it been crafted to stand the tests of time and varied audiences if you later need to assert that document against an infringer, find yourself litigating with it in an Article 3 Court at the hands of a judge and jury, God forbid, end up having to defend its validity at the PTAB, or even needing to use it to block pirated imports at the International Trade Commission? The difference is often quality. Quality will be our focus for a good chunk of the remainder of this season. What goes into a quality patent, and where possible, how do you get it without breaking the bank? ** Episode Overview ** In this first episode of our quality series, Kristen Hansen and the panel discuss: ⦿ What do we mean when we say patent quality? ⦿ Why is patent quality important? ⦿ How to balance quality and budget ⦿ The importance of searching, continuations, and draftsperson domain expertise ⦿ Very practical tips, tricks, examples, and Kristen’s Musts for drafting quality applications https://www.aurorapatents.com/patently-strategic-podcast.html

Calgary MuleSoft Meetup APM and IDP .pptx

ishalveerrandhawa1

Best Practices for Effectively Running dbt in Airflow.pdf

Tatiana Al-Chueyr

As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models. This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through: - Standard ways of running dbt (and when to utilize other methods) - How Cosmos can be used to run and visualize your dbt projects in Airflow - Common challenges and how to address them, including performance, dependency conflicts, and more - How running dbt projects in Airflow helps with cost optimization Webinar given on 9 July 2024

Recent Advancements in the NIST-JARVIS Infrastructure

KAMAL CHOUDHARY

Observability For You and Me with OpenTelemetry

Eric D. Schabell

Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data. The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs. Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution! Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.

What's New in Copilot for Microsoft365 May 2024.pptx

Stephanie Beckett

UiPath Community Day Kraków: Devs4Devs Conference

UiPathCommunity

We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner! We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too! Check out our proposed agenda below 👇👇 08:30 ☕ Welcome coffee (30') 09:00 Opening note/ Intro to UiPath Community (10') Cristina Vidu, Global Manager, Marketing Community @UiPath Dawid Kot, Digital Transformation Lead @Proservartner 09:10 Cloud migration - Proservartner & DOVISTA case study (30') Marcin Drozdowski, Automation CoE Manager @DOVISTA Pawel Kamiński, RPA developer @DOVISTA Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner 09:40 From bottlenecks to breakthroughs: Citizen Development in action (25') Pawel Poplawski, Director, Improvement and Automation @McCormick & Company Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company 10:05 Next-level bots: API integration in UiPath Studio (30') Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner 10:35 ☕ Coffee Break (15') 10:50 Document Understanding with my RPA Companion (45') Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath 11:35 Power up your Robots: GenAI and GPT in REFramework (45') Krzysztof Karaszewski, Global RPA Product Manager 12:20 🍕 Lunch Break (1hr) 13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30') Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance 13:50 Communications Mining - focus on AI capabilities (30') Thomasz Wierzbicki, Business Analyst @Office Samurai 14:20 Polish MVP panel: Insights on MVP award achievements and career profiling

Measuring the Impact of Network Latency at Twitter

ScyllaDB

Choose our Linux Web Hosting for a seamless and successful online presence

rajancomputerfbd

Recently uploaded (20)

What’s New in Teams Calling, Meetings and Devices May 2024

The Rise of Supernetwork Data Intensive Computing

BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdf

Mitigating the Impact of State Management in Cloud Stream Processing Systems

Pigging Solutions Sustainability brochure.pdf

RPA In Healthcare Benefits, Use Case, Trend And Challenges 2024.pptx

[Talk] Moving Beyond Spaghetti Infrastructure [AOTB] 2024-07-04.pdf

論文紹介：A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...

Active Inference is a veryyyyyyyyyyyyyyyyyyyyyyyy

Password Rotation in 2024 is still Relevant

The Increasing Use of the National Research Platform by the CSU Campuses

Quality Patents: Patents That Stand the Test of Time

Calgary MuleSoft Meetup APM and IDP .pptx

Best Practices for Effectively Running dbt in Airflow.pdf

Recent Advancements in the NIST-JARVIS Infrastructure

Observability For You and Me with OpenTelemetry

What's New in Copilot for Microsoft365 May 2024.pptx

UiPath Community Day Kraków: Devs4Devs Conference

Measuring the Impact of Network Latency at Twitter

Choose our Linux Web Hosting for a seamless and successful online presence

CIS14: Filling the “authentication goes here” Hole in Identity

2. Problems, problems, problems

3. Rampant online attacks 3 •  Major hacks have been targeted at password databases within Online Gaming, Financial Services, Social Media organizations •  Password Re-use is a significant problem – technical analysis of data breaches have shown that 76% of passwords used across multiple sites.

4. Opportunity for Better Authentication is Upon Us For Users For Organiza0ons Painful to Use •  25 Accounts •  8 Logins / Day •  6.5 Passwords Difficult to Secure •  $5.5M / Data Breach •  $15M / PWD Reset •  $60+ / Token For the Ecosystem Impossible to Scale •  Fragmented •  Inﬂexible •  Slow to Adopt 3

5. JUST EASY “BETTER AUTHENTICATION” JUST BAD HighSecurityLow UNPLEASANT Low High Usability Authentication is not a Continuum… 5

6. What is FIDO?

7. Common authentication plumbing Users Cloud/Enterprise Devices Federation Open Standard Plug-In Approach Interoperable Ecosystem Usable Authentication WHAT IS NEEDED

8. FIDO -‐ Unique Approach Any Device.AnyApplication.AnyAuthenticator. Standardized Protocols Local authentication unlocks app specific key Key used to authenticate to server

9. Improved security Unique cryptographic secret created per user account + device + site •  Protection against brute force attacks •  Segmentation of risk •  Protection against unintentional disclosure

10. FIDO’s Explosive growth Industry Standard Feb 2013 May 2014 Next 6 118 Companies Companies Public Launch Public Review Spec Companies

11. TODAY

12. Marrying FIDO to IdenGty With thanks to Paul Madsen (whose slides I stole…)

14. Complementary . 14 •  FIDO •  Insulates authentication server from specific authenticators •  Focused solely on primary authentication •  Does not support attribute sharing •  Can communicate details of authentication from device to server •  Federation –  Insulates application from specific identity providers –  Does not address primary authentication –  Does enable secondary authentication & attribute sharing –  Can communicate details of authentication from IdP to SP

15. High Low High Low Frequency of login Assurance status quo

16. High Low High Low Frequency of login Assurance status quo federa0on SSO slide No more ‘Passsword123’ bump

17. High Low High Low Frequency of login Assurance status quo federa0on FIDO Con0nuum

18. FIDO implicaGons •  FIDO supports a range of assurance – determined by the specifics of the local authentication •  Recall – “Unique cryptographic secret created per user account + device + site” •  Implication is multiple registrations & authentications – which may be sub- optimal from the user’s PoV

19. High Low High Low Frequency of login Assurance status quo federa0on FIDO + federa0on FIDO

20. CALL TO ACTION •  AUTHENTICATION IS A FUNDAMENTAL PROBLEM AND IT IS AN INDUSTRY PROBLEM •  NO ONE COMPANY CAN FIX THIS PROBLEM •  JOIN FIDO ALLIANCE – HELP FIX •  OPPORTUNITY TO CREATE NEW SERVICES, NEW MARKETS, NEW INNOVATIONS, NEW BUSINESSES AND NEW REVENUE MODELS •  TAKE THE LEADERSHIP, INCLUDE FIDO SUPPORT AT THE SOURCE ON YOUR DEVICES •  FIDO READY COMMERCIAL PRODUCTS ARE AVAILABLE IN THE MARKET •  MAKE THE CONNECTED WORLD SECURE, PRIVATE, FRAUD FREE , EASY TO USE AND STAY CONNECTED

CIS14: Filling the “authentication goes here” Hole in Identity

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (13)

Similar to CIS14: Filling the “authentication goes here” Hole in Identity

Similar to CIS14: Filling the “authentication goes here” Hole in Identity (20)

More from CloudIDSummit

More from CloudIDSummit (20)

Recently uploaded

Recently uploaded (20)

CIS14: Filling the “authentication goes here” Hole in Identity