SLIDE 1
OUTLINE
- Who am I?
- Authentication overview
- Current state of Authentication
- The future of authentication
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE - - PowerPoint PPT Presentation
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE - - PowerPoint PPT Presentation
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT
SLIDE 2
SLIDE 3
MY JOURNEY
Internet Pirate Console Modder B.S. in CS & Math M.S. in CS (Authentication) Staff at MIT LL Offensive Security 1998-2004 2004-2011 2012-2015 2015-Present Ph.D. CS (Security) Founder of Allthenticate
SLIDE 4
THE PROBLEM
Everyone should not have access to everything.
SLIDE 5
AUTHENTICATION
Only permitting authorized users to access a resource
Chad
SLIDE 6
AUTHENTICATION
Real World Digital World
SLIDE 7
AUTHENTICATION
- What you know
- What you have
- What you are
SLIDE 8
PASSWORDS
Today
More than 15 usernames More than 150 saved passwords Dedicated apps cspensky@gmail.com cspensky@ucsb.edu cspensky@mit.edu chad.spensky@ll.mit.edu cspensky@unc.edu chad@allthenticate.net chad@cspensky.info cspensky@comcast.net cspensky@cs.ucsb.edu cspensky@alumni.pitt.edu cspensky@alumni.unc.edu ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* ******* *******
SLIDE 9
HARDWARE TOKENS
Employee
Second Factor Hardware Credential Smartphone Portable Computer
SLIDE 10
BIOMETRICS
Fingerprint Voice Recognition FaceID
SLIDE 11
AUTHENTICATION IMPLEMENTATIONS
SLIDE 12
HOW PASSWORDS WORK
Chad1 Chad1 ac18753fe31 Encrypted Tunnel Secure Hash Function Keyboard Entry Hash saved Chad1
SLIDE 13
HOW PASSWORDS FAIL
Chad1 Chad1 ac18753fe31 Encrypted Tunnel Secure Hash Function Keyboard Entry Hash saved Chad1
SLIDE 14
https://xkcd.com/538/
SLIDE 15
HOW 2FA WORKS
Chad1 ac18753fe31 Secure Hash Function 1234 Chad1 1234 Chad1 1234
SLIDE 16
HOW 2FA FAILS
Chad1 Chad1 ac18753fe31 Secure Hash Function 1234 1234 Chad1 1234
SLIDE 17
HOW 2FA WORKS
(BETTER SOLUTION)
Chad1 Chad1 ac18753fe31 Secure Hash Function Challenge Response
SLIDE 18
https://www.techspot.com/news/78292-new-reverse-proxy-tool-posted-github-can-easily.html
SLIDE 19
HOW TOKENS WORK
Request Token Required Challenge Response
SLIDE 20
HOW TOKENS FAIL
Request Token Required Challenge Response
SLIDE 21
https://nakedsecurity.sophos.com/2019/06/17/yubico-recalls-fips-yubikey-tokens-after-flaw-found/
SLIDE 22
HOW BIOMETRICS WORK
Request Biometric Required Challenge Signed Response Do X? Yes
SLIDE 23
HOW BIOMETRICS WORK
Request Biometric Required Challenge Signed Response Do X? Yes
SLIDE 24
http://news.bbc.co.uk/2/hi/asia-pacific/4396831.stm
SLIDE 25
SECURITY VS USABILITY VS COST
SLIDE 26
FINDING THE RIGHT FIT
Security Value of Asset
SLIDE 27
FINDING THE RIGHT FIT
Security User Burden
SLIDE 28
FINDING THE RIGHT FIT
Security
*******
User Burden
SLIDE 29
FINDING THE RIGHT FIT
Security Implementation Cost
SLIDE 30
FINDING THE RIGHT FIT
*******
Security Implementation Cost
SLIDE 31
THE PROBLEM
There are too many options
SLIDE 32
WE NEED FLEXIBILITY
SLIDE 33
WE NEED FLEXIBILITY
*******
SLIDE 34