Two Factor Pilot Project Security Liaisons 4/10/13 Joshua Beeman Melissa Muth.

Slides:



Advertisements
Similar presentations
Achieving online trust through Mutual Authentication.
Advertisements

Selecting a Strong Authentication Solution Scott Mackelprang, V.P. of Security Digital Insight.
Oracle IDM at First National Bank
Objectives Overview Define an operating system
Processes. Outline Definition of process Type of processes Improvement models Example Next steps… 1.
Medical University of South Carolina Office of the CIO – Information Services Endpoint Security Team Mobile Device Management March 8, 2012.
CSE 4939 Alex Riordan Brian Pruitt-Goddard Remote Unit Testing.
Ellucian Mobile: Don’t text and drive, kids!
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.
Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in.
Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Password? CLASP Phase 2: Revised Proposal C5 Meeting, 16 February 2001 Denise Heagerty, IT/IS.
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
Ho Ting Chung, Zeturl ( ) 1.  Authentication  Encryption 2.
0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.
0-1 Team # Status Report (1 of 4) Client Contact –Status Point 1 –Status Point 2 Team Meetings –Status Point 1 –Status Point 2 Team Organization –Description.
0-1 Team ?? Status Report (1 of 3) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team 1: Auraria.
RSA SecurID November 10, 2005.
The Office of Information Technology Two-Factor Authentication.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Capture the power of a Xerox® MFP with your mobile devices.
Celoxis Intro Celoxis is a web-based project management software company based in India. The Celoxis application integrates management of projects, resources,
What is Cloud Computing? Cloud computing is the delivery of computing capabilities as a service, making access to IT resources like compute power, networking.
Cloud Computing Saneel Bidaye uni-slb2181. What is Cloud Computing? Cloud Computing refers to both the applications delivered as services over the Internet.
System Architecture.  Windows Phone 7  Mobile Phone Application  User – End Perspective  Google App Engine  Administration Console  Handles authentication,
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
Explain the purpose of an operating system
Extending Forefront beyond the limit TMG UAG ISA IAG Security Suite
1 Thomas Lippert Senior Product Manager - Mobile What’s new in SMC 5.0.
Two-step Verification Pilot Intro & Opting In. Pilot Basics Text Penn WebLogin Text + two-step verification Text Affects ALL WebLogin-protected apps “Trust.
DAS/BEST ITSecurity Division. RSA SecurID Software Tokens: Make strong authentication a convenient part of doing business. Deploy RSA software tokens.
Dartmouth PKI Update Robert Brentrup Internet2 Member Meeting April 21, 2004.
Module 2: Consumer Experience Intuit Financial Services University Internet Banking Certification Training.
Roman Goldshtein Yael Hechtlinger Yair Cohen Gilad Assif.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Basics of testing mobile apps
0 GAMETECH 12 Paul Jesukiewicz Lifelong Learning Cloud Filename/RPS Number.
How Your Customers Will Pay Online & by Phone
Chapter 9 Operating Systems Discovering Computers Technology in a World of Computers, Mobile Devices, and the Internet.
Duo UI Demo Christopher Bongaarts. CONTEXT/MOTIVATION Two-factor auth already in use –“M Key” – Safeword Silver tokens, Safeword PremierAccess software.
The UW-Madison IAM Experience Building our Dream Home Presented by Steve Devoti, Senior IT Architect © 2007 Board of Regents of the University of Wisconsin.
Prateek Demla Todd Dobbs Jasmine Jackson Vikrant Naik.
Mobile Analyzer A Distributed Computing Platform Juho Karppinen Helsinki Institute of Physics Technology Program May 23th, 2002 Mobile.
AGENDA Introduction History Version history Features and specifications Android latest Android vs Symbian Android market Advantages of Android Disadvantages.
ZIMBRA ROADMAP. Contains proprietary and confidential information owned by Synacor, Inc. © / 2015 Synacor, Inc. Deliver an advanced, feature rich collaboration.
 Step 2 Deployment Overview  What is DirSync?  Purpose – What does it do?  Understanding Synchronization  Understanding Coexistence  Understanding.
M IND Q S YSTEMS Leaders in Training /7, 2nd Floor, Srinivasa Nagar Colony (W) Above HDFC Bank, S.R.Nagar Hyderabad
LOGO Supervisor: Mr.Huỳnh Anh Dũng Students: Nguyễn Công Tuyến Nguyễn Cảnh Phương Phạm Thị Hằng Bùi Thị Huệ Trần Đức Bình Nguyễn.
CHAPTER 7 Operating System Copyright © Cengage Learning. All rights reserved.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
Implementing and Managing Azure Multi-factor Authentication
ArchPass Duo Presentation
Deployment Planning Services
How to have an Espresso Espresso User Guide.
Deployment Planning Services
Two-factor authentication
Multifactor Authentication
EMV® 3-D Secure - High Level Overview
Week 01 Comp 7780 – Class Overview.
Google 2 Step Verification Backup Codes Google 2 Steps Verification Backup Codes is very important to get access Gmail account. Backup codes is usually.
Office 365 Identity Management
ideas to mobile apps in record time,
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Multi-Factor Authentication
Setting up eduroam for an IdP means …
Presentation transcript:

Two Factor Pilot Project Security Liaisons 4/10/13 Joshua Beeman Melissa Muth

Talk Outline Overview of Multi Factor Authentication (MFA) MFA at Penn History Current Pilot

Two Factor/Multi-Factor

Common Knowledge Factors Something You Know Something You Are Something You Have Password: ***********

What problem are we solving?

Not a magic bullet Man in the Middle Trojan/Piggybacki ng

MFA in Popular Commercial Services

Common Past MFA Experience One-time funding & long term cost Technology limitations RSA tokens (expensive, proprietary) CryptoCard (too complex for some?) Specific use case (OOB network) Hard to get prioritized Affecting individuals, not apps Other more pressing concerns

History of MFA at Penn In addition to all the above… Several pilots and research efforts RSA vs. PhoneFactor Concerns with both products

History of MFA at Penn Lessons Learned 1.Proprietary vs. open source 2.Power of personal mobile devices was real 3.Cost - and who pays it – can make or break it What application and/or how it MFA is deployed matters (self-provisioning, opt-in, “remember this device”) 4.Security (PhoneFactor spoofing)

MFA Small Ball If you know there is value (there is a risk)… If you think you can find a solution… Set the table and wait for the chance to score. FY 13 Goal: Implement a pilot two-factor service using Google Authenticator and CoSign for individual users who opt in, including the infrastructure for provisioning and management of tokens. FY12 Goal: Evaluate and draft white paper on open-source, standards-based, one-time passcode generators for mobile platforms.

Client Options

Barada’s Gort

Client Options

Google Authenticator

Winner: Google Authenticator Server-side authentication component QR code generation for easy provisioning Generation of printable backup codes Broad platform support (iOS, Android, Blackberry, Linux)

Found: [partial] Open Source Solution Provisioning ✓ Authentication (server) ✓ Client ✓ Management + Cosign integration

Goal: Pilot Two-Factor Service Opt-in by user (not just service) Option for user to “trust” a browser Self-service interface Opt in/out Regenerate scratch codes Change secret Revoke browser trust Integrate with web authN (Cosign)

Pilot Project Team: Development, Info Sec, Support, Networking, Data Administration Timeline (Sept 2012 – May 2013) Definition & Planning: Sep 2012-Oct 2012 Development: Nov 2012-Feb 2013 Testing & Documentation: Mar 2013 Pilot Rollout: May 2013 

Decision Points Which group should run the service? Development group: web service for all 2f functionality Networking group: integrate 2f with Cosign When/how to display second factor prompt Only if user authenticates successfully with 1 st factor, and has opted in Requires modification to Cosign; alternative (showing 2f only if cookie present) would leave users in dark about when to provide 2f.

Decision Points What to call it PennKey Token? PennToken? Two-step verification How to support it Push the one-time codes! Alternate phone number Designee to opt the user out Whom to invite Must be in online directory IT & Security contacts

2F status Self-serve UI nearly complete Cosign integration underway [screen shots]

Almost there…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.