Presentation is loading. Please wait.

Presentation is loading. Please wait.

Two Factor Pilot Project Security Liaisons 4/10/13 Joshua Beeman Melissa Muth.

Published byEdgar Willis Modified over 9 years ago

Similar presentations

Presentation on theme: "Two Factor Pilot Project Security Liaisons 4/10/13 Joshua Beeman Melissa Muth."— Presentation transcript:

1 Two Factor Pilot Project Security Liaisons 4/10/13 Joshua Beeman Melissa Muth

2 Talk Outline Overview of Multi Factor Authentication (MFA) MFA at Penn History Current Pilot

3 Two Factor/Multi-Factor

4 Common Knowledge Factors Something You Know Something You Are Something You Have Password: ***********

5 What problem are we solving?

6

7

8 Not a magic bullet Man in the Middle Trojan/Piggybacki ng

9 MFA in Popular Commercial Services

10 Common Past MFA Experience One-time funding & long term cost Technology limitations RSA tokens (expensive, proprietary) CryptoCard (too complex for some?) Specific use case (OOB network) Hard to get prioritized Affecting individuals, not apps Other more pressing concerns

11 History of MFA at Penn In addition to all the above… Several pilots and research efforts RSA vs. PhoneFactor Concerns with both products

12 History of MFA at Penn Lessons Learned 1.Proprietary vs. open source 2.Power of personal mobile devices was real 3.Cost - and who pays it – can make or break it What application and/or how it MFA is deployed matters (self-provisioning, opt-in, “remember this device”) 4.Security (PhoneFactor spoofing)

13 MFA Small Ball If you know there is value (there is a risk)… If you think you can find a solution… Set the table and wait for the chance to score. FY 13 Goal: Implement a pilot two-factor service using Google Authenticator and CoSign for individual users who opt in, including the infrastructure for provisioning and management of tokens. FY12 Goal: Evaluate and draft white paper on open-source, standards-based, one-time passcode generators for mobile platforms.

14 Client Options

15 Barada’s Gort

16 Client Options

17 Google Authenticator

18 Winner: Google Authenticator Server-side authentication component QR code generation for easy provisioning Generation of printable backup codes Broad platform support (iOS, Android, Blackberry, Linux)

19 Found: [partial] Open Source Solution Provisioning ✓ Authentication (server) ✓ Client ✓ Management + Cosign integration

20 Goal: Pilot Two-Factor Service Opt-in by user (not just service) Option for user to “trust” a browser Self-service interface Opt in/out Regenerate scratch codes Change secret Revoke browser trust Integrate with web authN (Cosign)

21 Pilot Project Team: Development, Info Sec, Support, Networking, Data Administration Timeline (Sept 2012 – May 2013) Definition & Planning: Sep 2012-Oct 2012 Development: Nov 2012-Feb 2013 Testing & Documentation: Mar 2013 Pilot Rollout: May 2013 

22 Decision Points Which group should run the service? Development group: web service for all 2f functionality Networking group: integrate 2f with Cosign When/how to display second factor prompt Only if user authenticates successfully with 1 st factor, and has opted in Requires modification to Cosign; alternative (showing 2f only if cookie present) would leave users in dark about when to provide 2f.

23 Decision Points What to call it PennKey Token? PennToken? Two-step verification How to support it Push the one-time codes! Alternate phone number Designee to opt the user out Whom to invite Must be in online directory IT & Security contacts

24 2F status Self-serve UI nearly complete Cosign integration underway [screen shots]

25

26

27

28

29

30

31

32

33 Almost there…

Download ppt "Two Factor Pilot Project Security Liaisons 4/10/13 Joshua Beeman Melissa Muth."

Similar presentations

Achieving online trust through Mutual Authentication.

Achieving online trust through Mutual Authentication.
Selecting a Strong Authentication Solution Scott Mackelprang, V.P. of Security Digital Insight.

Selecting a Strong Authentication Solution Scott Mackelprang, V.P. of Security Digital Insight.
Oracle IDM at First National Bank

Oracle IDM at First National Bank
Objectives Overview Define an operating system

Objectives Overview Define an operating system
Processes. Outline Definition of process Type of processes Improvement models Example Next steps… 1.

Processes. Outline Definition of process Type of processes Improvement models Example Next steps… 1.
Medical University of South Carolina Office of the CIO – Information Services Endpoint Security Team Mobile Device Management March 8, 2012.

Medical University of South Carolina Office of the CIO – Information Services Endpoint Security Team Mobile Device Management March 8, 2012.
CSE 4939 Alex Riordan Brian Pruitt-Goddard Remote Unit Testing.

CSE 4939 Alex Riordan Brian Pruitt-Goddard Remote Unit Testing.
Ellucian Mobile: Don’t text and drive, kids!

Ellucian Mobile: Don’t text and drive, kids!
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.

Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.

SCRUB: Secure Computing Research for Users’ Benefit David Wagner 1.
U N C L A S S I F I E D LA-UR-09-03103 LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.

U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.
Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.

Next Generation Two Factor Authentication. Laptop Home / Other Business PC Hotel / Cyber Café / Airport Smart Phone / Blackberry 21 st Century Remote.
Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp

Page 1 of 29 Net-Scale Technologies, Inc. Network Based Personal Information and Messaging Services Urs Muller Beat Flepp
Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in.

Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in.
Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.

Securing Online Transactions with a Trusted Digital Identity Dave Steeves - Security Software Engineer Microsoft’s.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Password? CLASP Phase 2: Revised Proposal C5 Meeting, 16 February 2001 Denise Heagerty, IT/IS.

Password? CLASP Phase 2: Revised Proposal C5 Meeting, 16 February 2001 Denise Heagerty, IT/IS.
Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.

Chung Man Ho Willims Chow Man Kei Gary Kwok Pak Wai Lion.
Ho Ting Chung, Zeturl (52246962) 1.  Authentication  Encryption 2.

Ho Ting Chung, Zeturl ( ) 1.  Authentication  Encryption 2.
0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.

0-1 Team # Status Report (1 of 4) Client Contact –Point 1 –Point 2 Team Meetings –Point 1 –Point 2 Team Organization –Point 1 –Point 2 Team #: Team Name.

Similar presentations

Ads by Google