A QUESTION OF SCALE
Mapping Authentication to the Modern Computing Ecosystem
1
Rajiv Dholakia VP Products, Nok Nok Labs
THINGS ARE CHANGING
NOK NOK LABS 3
First Steps Next Steps
Sony 77 M Evernote 60 M Rockyou 32 M
LinkedIn 6.5 M Yahoo 450 K Twitter 56 K
Attacks
Apple Evernote Facebook
Twitter Google
?
Convenience, Security, Personalization
A KEY INSIGHT – GATEWAY TO USER EXPERIENCE ABOUT DESIGN, DELIGHT & DOLLARS (ALSO RISK, REGULATION & REPUTATION)
NOK NOK LABS
Authentication is the
“Ignition Key”
4
USERS FRUSTRATED • 25 ACCOUNTS • 8 LOGINS / DAY • 6.5 PASSWORDS
ORGANIZATIONS OVERWHELMED • $7.2M / DATA BREACH • $15 / PASSWORD RESET • $50-120+ / TOKEN
ECOSYSTEMS INHIBITED • FRAGMENTED • INFLEXIBLE • FRICTION EVERYWHERE
HOW ARE WE DOING?
NOK NOK LABS 5
THE AUTHENTICATION TOWER OF BABEL
Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS
?
6
IMPLEMENTATION CHALLENGE A PLUMBING PROBLEM: SHADES OF RUBE GOLDBERG…
NOK NOK LABS
App 2
New App
?
RP 1 RP 1
App 1
?
Applications Authentication Methods Organizations
Silo 1
Silo 2
Silo N
Silo 3
7
THE RESULTING REALITY
“AUTHENTICATION IS … EXPENSIVE TO IMPLEMENT,
IT'S HARD TO USE, IT'S TOO EASY TO SUBVERT OR CIRCUMVENT AND IT FAILS MORE AND
MORE FREQUENTLY, AND MORE AND MORE SPECTACULARLY IN TODAY'S INCREASINGLY
RISKY ELECTRONIC ENVIRONMENT.” GARTNER: MAVERICK TECHNOLOGY
NOK NOK LABS 8
TODAY’S WORLD: DIVERSE, DISTRIBUTED, DYNAMIC
NOK NOK LABS
75% OF THE DIGITAL UNIVERSE CREATED,
CAPTURED OR REPLICATED
IN THE CLOUD
3.1 TRILLION HARD DRIVES WORTH OF DATA CONSUMED
DAILY IN THE US
US ECOMMERCE PROJECTED AT $325BN BY 2015
No single solution will work across all use cases
1.8 BN MOBILE PHONES/YEAR 200 MN TABLETS/YEAR
10
PONEMAN-NNL RESEARCH
NOK NOK LABS 11
• New & exclusive research, featuring 1,924 consumers:
• US: 754 • UK: 569 • Germany: 601
• Covers experiences, perceptions & preferences for identity and authentication technology
• First annual report, covering trends, perceptions and attitudes to online authentication
• Research undertaken by the Ponemon Institute & sponsored by Nok Nok Labs, Inc.
RETIRING PASSWORDS
Iden%ty Services
A SYSTEMS PROBLEM (not technology)
Physical-‐to-‐Digital Iden%ty
User Management
Authen%ca%on
Federa%on
Single
Sign-On
13
THE OTHER HALF OF THE EQUATION
NOK NOK LABS 14
STRONG AUTH
PASSWORDS SSO/FEDERATION
Recreated PMS
First Mile Second Mile
SAML
OpenID
A PEEK INTO MODERN AUTHENTICATION
PRIVATE & CONFIDENTIAL 15 NOK NOK LABS
IMPLICIT AUTHENTICATION
EXPLICIT AUTHENTICATION
THE ONLY WAY TO WIN AGAINST MALWARE – SECURE HARDWARE
NOK NOK LABS
User Space
Secure Hardware
Auth SDK
UX Layer Input, Display
Crypto Layer Auth SDK
UX Layer Input, Display
Crypto Layer
Auth SDK
Crypto Layer
UX Layer Input, Display
No Secure HW Secure Crypto +
Storage
Secure Execution
Environment
SOLUTION PATTERNS – WHICH WILL PREVAIL?
17
User-Centric
“Trust-Me-Me-Me”
Relationship-Centric
Regulation-Centric
ADDRESS USABILITY & DIVERSITY
20 NOK NOK LABS
Usability Usage
• No passwords • Existing devices • Flexible authentication
• Engagement • Completed transactions • Security compliance
Drives
Aspirational Goal
UNIFIED STANDARDS & AUTHENTICATION AGILITY
NOK NOK LABS
ANY DEVICE. ANY APPLICATION. ANY AUTHENTICATOR.
App 2
Applications Authentication Methods
RP 1 RP 1
App 1
New App
UNIFIED STANDARDS
Organizations
?
21
Aspirational Goal
EFFORTS UNDERWAY
• Platform specific efforts (Microsoft, Apple, Android…)
• Secure Silicon Efforts - TCG-TPM (Trusted Computing Group)
- Intel IPT (Identity Protection Technology)
- Secure Element (Global Platform)
- Others…
• New and Noteworthy: - Trusted Execution Environment (Global Platform)
- The FIDO (Fast Identity Online) Alliance
22 NOK NOK LABS
KEY IDEAS BEHIND FIDO
• Leverage simple but strong local authentication - User authenticates locally to Client Device
- Device authenticates to the Server
• Focus of Standardization: - “Pluggable” local authentication (USB, Biometrics, TPM/Pin…)
interfaces
- The online crypto protocols used to authenticate to the server
• Allow business appropriate and risk appropriate choice
http://www.fidoalliance.org
TAKEAWAYS FROM THIS TALK
1. Authentication is the “Ignition Key” to design, delight, & dollars 2. Passwords don’t scale up (to the cloud) or down (to mobile
devices) – a system solution is needed 3. Diversity & heterogeneity will rule…no one size fits all 4. Authentication is the “first mile”, Federation is the “second mile” 5. Modern Authentication = Explicit + Implicit 6. Competing solution patterns – pick carefully 7. Get involved:
• Advocate for standards as building blocks – think of what SSL did for you • Educate yourself about emerging authentication technology • Re-think your authentication strategy • Pilot some of the emerging technology
25
FOR MORE INFORMATION
NOK NOK LABS
• FIDO alliance • An alliance to simplify authen%ca%on • hEp://www.fidoalliance.org
• Global PlaLorm • hEp://www.globalplaLorm.org
• Nok Nok Labs – pioneering FIDO standards implementa%ons • Brainstorm, Demonstra%on, Evalua%on, Webinar • Poneman-‐Nok Nok Labs Report • [email protected] or [email protected] • hEp://www.noknok.com
26