Modern User and Device Authentication  Biometric Fingerprints: Moving beyond Login  TPM Key Attestation: Binding a user and machine identities  Strong.

Slides:



Advertisements
Similar presentations
Digital Certificate Installation & User Guide For Class-2 Certificates.
Advertisements

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Digital Certificate Installation & User Guide For Class-2 Certificates.
Vpn-info.com.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Electronic Transaction Security (E-Commerce)
Management lifecycle summary Mobile Device Management with Windows Intune or 3 rd Party tools Simplified and flexible device enrollment, using.
Microsoft Ignite /16/2017 4:55 PM
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
FIT3105 Smart card based authentication and identity management Lecture 4.
© 2009 VMware Inc. All rights reserved VMware Updates Orlando VMware User Group – April 2011 Ryan Johnson VMware, Inc. Technical Account Manager Professional.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Security and Policy Enforcement Mark Gibson Dave Northey
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Identity and Access IDGo Secure (ISE) for Android Didier Bonnet November 2014.
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Information Security for Managers (Master MIS)
1 FirePass 6.0 Sales Training. 2 Agenda FirePass 6.0 Release Highlights Packaging & Pricing Product Availability Q&A.
Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Passwords are not able to keep user safe.
“Stronger” Web Authentication: A Security Review Cory Scott.
Module 9: Fundamentals of Securing Network Communication.
Introduction to Public Key Infrastructure January 2004 CSG Meeting Jim Jokl.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
Reducing Trust Domain with TXT Daniel De Graaf. TXT overview Original TPM – Static Root of Trust – BIOS, all boot ROMs, bootloader, hypervisor, OS TPM.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
“The FIDO Alliance Today”
The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.
Network Security Lecture 27 Presented by: Dr. Munam Ali Shah.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Are cybersecurity threats keeping you up at night? Your people go everywhere with devices, do the apps and data they need go with them? Can you adopt.
1. U2F Case Study Examining the U2F paradox 3 What is Universal 2 nd Factor (U2F)?
Security fundamentals Topic 5 Using a Public Key Infrastructure.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
1 Information Security – Theory vs. Reality , Winter Lecture 12: Trusted computing architecture (cont.), Eran Tromer Slides credit:
KERBEROS SYSTEM Kumar Madugula.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
SCEP Simple Certificate Enrollment Protocol.
CASE STUDY: ELECTRONIC BANKING By: Sarah Baig, Laura Logan, Agyakwa Tenkorang.
Windows 10 Device Health Attestation (DHA)
Enabling the Modern Workstyle with Windows 10 & Azure Active Directory Venkatesh Gopalakrishnan 2016 Redmond Summit | Identity Without Boundaries May 25,
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
1 Authentication Celia Li Computer Science and Engineering York University.
A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.
Identity Standards Architect, Microsoft
Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build SDK Update Andy Wigley
Secure authentication with Windows Hello
TechEd /30/2018 9:20 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
Authentication.
Public Key Infrastructure from the Most Trusted Name in e-Security
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Modern User and Device Authentication

 Biometric Fingerprints: Moving beyond Login  TPM Key Attestation: Binding a user and machine identities  Strong User identity on BYOD devices: with Virtual Smart Card

Consumer Reports survey 2013  9.8 million adult Facebook users had their account used by an unauthorized person; had their reputation harmed; or were harassed, threatened, or defrauded Deloitte Study 2013  In a recent study of six million actual user passwords, the 10,000 most common passwords would have accessed 98.1 percent of accounts Cybercrime costing UK billions, 2013  63% of small businesses were attacked by an unauthorized outsider in the last year, up from 41% in the previous year.  For large organizations, the comparable figures stood at 78% and 73% Passwords are not sufficient to keep users safe

 Ease users’ struggle to enter credentials on touch devices  Built-in Windows experiences  Introduce a new “touch” fingerprint sensors  Light up a few engaging scenarios

 User loved the simplicity  seen as a fix to the password problem  Replacement for many passwords and ideal for touch devices  Quicker to perform than typing a password and more user- friendly  Understood gesture as verifying identity before impactful activity  Unlike UAC, user knows the result of confirming  Gesture is so simple and well understood that it is not seen as intrusive to experience

Windows Biometrics Engine Adapter Storage Adapter (inbox but can be replaced by 3 rd party if needed) Sensor Adapter (inbox but can be replaced by 3 rd party if needed) Windows Biometric Device Interface (WBDI) Driver Sensor OS component 3 rd party application 3 rd party driver and companion components

 Confirming purchase, profile change, in-app experiences  Helps control and personalize device experience  Highly desired as a means to control high-value transactions, e.g. purchases  Can benefit “cloaking” apps, access to an app, release credentials…

CredUI Broker LocalSystem Request Verification Check Availability OS components Apps

EKAIK

User with TPM capable device EKPubs and EkCert obtained out of band Here my RSA (pub), signed by AIK Also, my AIK(pub), signed by EK And here is my EK(pub) Validate EK && generate challenge Validate secret Here is a secret, Encrypted to your EK(pub), Can you tell me a secret? Here is your decrypted secret which proves I own EK(priv) Certificate issued for RSA key Certificate Authority EK AIK RSA

RADIUS + VPN Certificate Authority TPM Attested Certificate Non-Attested Certificate Request and Get Certificate

Mail App package WWAHost Select client auth cert LiveComm Use the selected cert for SSL Mail server

RAS Select certificate VPN app Use the selected certificate over SSL VPN server

var certNamespace = Windows.Security.Cryptography.Certificates; var selectedCert; var query = new certNamespace.CertificateQuery(); query.friendlyName = “clientAuthCert”; certNamespace.CertificateStores.findAllAsync(query).done(f unction (certs) { if (certs.size > 0) { for (var i = 0; i < certs.size; i++) { if (certs[i].isStronglyProtected) { selectedCert = certs[i]; break; } });

Certificates: Simple Certificate Enrollment Protocol (SCEP)

Familiar

Modern