SLIDE 1
IDENTITY AND AUTHENTICATION Chad Spensky Allthenticate WHO AM I? - - PowerPoint PPT Presentation
IDENTITY AND AUTHENTICATION Chad Spensky Allthenticate WHO AM I? - - PowerPoint PPT Presentation
IDENTITY AND AUTHENTICATION Chad Spensky Allthenticate WHO AM I? WHO AM I? Chad Spensky (Professional) Ph.D. Student Computer Security Researcher Founder of Allthenticate WHO AM I? Chad Spensky (Social) Beach Volleyball
SLIDE 2
SLIDE 3
WHO AM I?
- Chad Spensky (Professional)
- Ph.D. Student
- Computer Security Researcher
- Founder of Allthenticate
SLIDE 4
WHO AM I?
- Chad Spensky (Social)
- Beach Volleyball Player
- Country Music Enthusiast
- Fried Chicken Connoisseur
SLIDE 5
WHO AM I?
- Shortman (Online)
- Hacker
- CTF Player
- You?
SLIDE 6
THE PROBLEM
I should have access to some things, and not others
SLIDE 7
THE PROBLEM
My Bank Account Your Bank Account
SLIDE 8
THE PROBLEM
Your E-mail My E-mail
SLIDE 9
THE PROBLEM
Your House
SLIDE 10
AUTHENTICATION
Convincing a digital entity that I am me
SLIDE 11
AUTHENTICATION
Convincing a digital entity that I am me authorized
SLIDE 12
AUTHENTICATION
Only permitting authorized users to access a resource
Chad
SLIDE 13
AUTHENTICATION
Real World Digital World
SLIDE 14
AUTHENTICATION
- What you know
- What you have
- What you are
SLIDE 15
WHAT YOU KNOW
******* A Secret Personal Details
SLIDE 16
WHAT YOU HAVE
SLIDE 17
WHAT YOU ARE
SLIDE 18
THE GOOD
- Know: Always with you
- Have: No mental burden
- Are: Just be yourself
SLIDE 19
THE BAD
- Know:
You must remember it. always.
- Have:
You must always have it.
- Are: What if you temporarily change? (e.g., cold or injury)
SLIDE 20
THE UGLY
- Know:
You must be better than a computer.
- Have: What if it gets stolen?
- Are:
You can never share or revoke who you are.
SLIDE 21
PASSWORDS
1990s
******* ******* *******
SLIDE 22
PASSWORDS
1990s
chad1 ******* *******
SLIDE 23
PASSWORDS
1990s
chad1 chad86 *******
SLIDE 24
PASSWORDS
1990s
chad1 chad86 NotChad!
SLIDE 25
PASSWORDS
- Attackers were blinding guessing or cracking offline credentials
- Stronger passwords are harder to guess/crack
1990s
SLIDE 26
PASSWORDS
Today
More than 15 usernames More than 150 saved passwords 3 dedicate apps cspensky@gmail.com cspensky@ucsb.edu cspensky@mit.edu chad.spensky@ll.mit.edu cspensky@unc.edu chad@allthenticate.net chad@cspensky.info cspensky@comcast.net cspensky@cs.ucsb.edu cspensky@alumni.pitt.edu cspensky@alumni.unc.edu ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******
SLIDE 27
PASSWORDS
- Attackers are phishing users to steal the credential outright
- Password strength is completely irrelevant
Today
SLIDE 28
HARDWARE TOKENS
Employee
Second Factor Hardware Credential Portable Computer
SLIDE 29
HARDWARE TOKENS
- Attackers can still phish second factors
- Most hardware credentials can be outright stolen
SLIDE 30
BIOMETRICS
Fingerprint Voice Recognition FaceID
SLIDE 31
BIOMETRICS
Fingerprint Voice Recognition FaceID
SLIDE 32
BIOMETRICS
- Easily accessible (e.g., pictures, recordings, or fingerprints)
- Once replicated, are gone forever
SLIDE 33
FINDING THE RIGHT FIT
Security Requirements Value of Asset
SLIDE 34
FINDING THE RIGHT FIT
Security User Burden
SLIDE 35
FINDING THE RIGHT FIT
Security User Burden
*******
SLIDE 36
FINDING THE RIGHT FIT
Security Implementation Cost
SLIDE 37
FINDING THE RIGHT FIT
Security
*******
Implementation Cost
SLIDE 38
THE PROBLEM
There are too many options
SLIDE 39
MORE IS NOT BETTER
More user burden More bugs More overhead
SLIDE 40
WE NEED FLEXIBILITY
SLIDE 41
WE NEED FLEXIBILITY
*******
SLIDE 42