A QUESTION OF SCALE

Mapping Authentication to the Modern Computing Ecosystem

1

Rajiv Dholakia VP Products, Nok Nok Labs

THE HUMBLE IGNITION KEY

NOK NOK LABS 2

THINGS ARE CHANGING

NOK NOK LABS 3

First Steps Next Steps

Sony 77 M Evernote 60 M Rockyou 32 M

LinkedIn 6.5 M Yahoo 450 K Twitter 56 K

Attacks

Apple Evernote Facebook

Twitter Google

?

Convenience, Security, Personalization

A KEY INSIGHT – GATEWAY TO USER EXPERIENCE ABOUT DESIGN, DELIGHT & DOLLARS (ALSO RISK, REGULATION & REPUTATION)

NOK NOK LABS

Authentication is the

“Ignition Key”

4

USERS FRUSTRATED •  25 ACCOUNTS •  8 LOGINS / DAY •  6.5 PASSWORDS

ORGANIZATIONS OVERWHELMED •  $7.2M / DATA BREACH •  $15 / PASSWORD RESET •  $50-120+ / TOKEN

ECOSYSTEMS INHIBITED •  FRAGMENTED •  INFLEXIBLE •  FRICTION EVERYWHERE

HOW ARE WE DOING?

NOK NOK LABS 5

THE AUTHENTICATION TOWER OF BABEL

Silos, proprietary, privacy, reliance on 3rd party, tolls NOK NOK LABS

?

6

IMPLEMENTATION CHALLENGE A PLUMBING PROBLEM: SHADES OF RUBE GOLDBERG…

NOK NOK LABS

App 2

New App

?  

RP 1 RP 1

App 1

?

Applications Authentication Methods Organizations

Silo 1

Silo 2

Silo N

Silo 3

7

THE RESULTING REALITY

“AUTHENTICATION IS … EXPENSIVE TO IMPLEMENT,

IT'S HARD TO USE, IT'S TOO EASY TO SUBVERT OR CIRCUMVENT AND IT FAILS MORE AND

MORE FREQUENTLY, AND MORE AND MORE SPECTACULARLY IN TODAY'S INCREASINGLY

RISKY ELECTRONIC ENVIRONMENT.” GARTNER: MAVERICK TECHNOLOGY

NOK NOK LABS 8

MENTAL FLOSS – AUTOMATA BY JOHN LUMBUS*

9 *Cabaret  Mechanical  Theater  –  UK  (h5p://cabaret.co.uk)      

DESIGN CONSIDERATIONS…

10 NOK NOK LABS

TODAY’S WORLD: DIVERSE, DISTRIBUTED, DYNAMIC

NOK NOK LABS

75% OF THE DIGITAL UNIVERSE CREATED,

CAPTURED OR REPLICATED

IN THE CLOUD

3.1 TRILLION HARD DRIVES WORTH OF DATA CONSUMED

DAILY IN THE US

US ECOMMERCE PROJECTED AT $325BN BY 2015

No single solution will work across all use cases

1.8 BN MOBILE PHONES/YEAR 200 MN TABLETS/YEAR

11

PONEMAN-NNL RESEARCH

NOK NOK LABS 12

•  New & exclusive research, featuring 1,924 consumers:

•  US: 754

•  UK: 569 •  Germany: 601

•  Covers experiences, perceptions & preferences for identity and authentication technology

•  First annual report, covering trends, perceptions and attitudes to online authentication

•  Research undertaken by the Ponemon Institute & sponsored by Nok Nok Labs, Inc.

PONEMAN-NOK NOK STUDY DIVERSITY RULES IN END-USER COMMUNITIES – PROMISE IN MOBILE

NOK NOK LABS 13

RETIRING PASSWORDS

Iden%ty  Services  

A SYSTEMS PROBLEM (not technology)

Physical-­‐to-­‐Digital  Iden%ty    

User  Management    

Authen%ca%on  

Federa%on  

   Single

Sign-On

14

THE OTHER HALF OF THE EQUATION

NOK NOK LABS 15

STRONG AUTH

PASSWORDS SSO/FEDERATION

Recreated PMS

First Mile Second Mile

SAML

OpenID

A PEEK INTO MODERN AUTHENTICATION

PRIVATE & CONFIDENTIAL 16 NOK NOK LABS

IMPLICIT AUTHENTICATION

EXPLICIT AUTHENTICATION

THE ONLY WAY TO WIN AGAINST MALWARE – SECURE HARDWARE

NOK NOK LABS

User Space Secure

Hardware

Auth SDK

UX Layer Input, Display

Crypto Layer Auth SDK

UX Layer Input, Display

Crypto Layer

Auth SDK

Crypto Layer

UX Layer Input, Display

No Secure HW Secure Crypto +

Storage

Secure Execution

Environment

SOLUTION PATTERNS – WHICH WILL PREVAIL?

18

User-Centric

“Trust-Me-Me-Me”

Relationship-Centric

Regulation-Centric

Towards  Solu%ons  &    Building  Blocks  

19

THE REALITY

AUTHENTICATION that’s...

NOK NOK LABS

SIMPLE

STRONG

20

Aspirational Goal

ADDRESS USABILITY & DIVERSITY

21 NOK NOK LABS

Usability Usage

•  No passwords •  Existing devices •  Flexible authentication

•  Engagement •  Completed transactions •  Security compliance

Drives  

Aspirational Goal

UNIFIED STANDARDS & AUTHENTICATION AGILITY

NOK NOK LABS

ANY DEVICE. ANY APPLICATION. ANY AUTHENTICATOR.

App 2

Applications Authentication Methods

RP 1 RP 1

App 1

New App

UNIFIED STANDARDS

Organizations

?

22

Aspirational Goal

EFFORTS UNDERWAY

• Platform specific efforts (Microsoft, Apple, Android…)

• Secure Silicon Efforts - TCG-TPM (Trusted Computing Group)

-  Intel IPT (Identity Protection Technology)

- Secure Element (Global Platform)

- Others…

• New and Noteworthy: - Trusted Execution Environment (Global Platform)

- The FIDO (Fast Identity Online) Alliance

23 NOK NOK LABS

GOAL: SIMPLER, STRONGER AUTH

INTERNET SERVICES COMPONENT & DEVICE VENDORS SOFTWARE & STACKS

KEY IDEAS BEHIND FIDO

• Leverage simple but strong local authentication - User authenticates locally to Client Device

- Device authenticates to the Server

• Focus of Standardization: - “Pluggable” local authentication (USB, Biometrics, TPM/Pin…)

interfaces

- The online crypto protocols used to authenticate to the server

• Allow business appropriate and risk appropriate choice

http://www.fidoalliance.org

TAKEAWAYS FROM THIS TALK

1.  Authentication is the “Ignition Key” to design, delight, & dollars 2.  Passwords don’t scale up (to the cloud) or down (to mobile

devices) – a system solution is needed 3.  Diversity & heterogeneity will rule…no one size fits all 4.  Authentication is the “first mile”, Federation is the “second mile” 5.  Modern Authentication = Explicit + Implicit 6.  Competing solution patterns – pick carefully 7.  Get involved:

•  Advocate for standards as building blocks – think of what SSL did for you •  Educate yourself about emerging authentication technology •  Re-think your authentication strategy •  Pilot some of the emerging technology

26

FOR MORE INFORMATION

NOK NOK LABS

•  FIDO  alliance  •   An  alliance  to  simplify  authen%ca%on  •  hEp://www.fidoalliance.org  

•  Global  PlaLorm  •  hEp://www.globalplaLorm.org    

•  Nok  Nok  Labs  –  pioneering  FIDO  standards  implementa%ons  •  Brainstorm,  Demonstra%on,  Evalua%on,  Webinar  •  Poneman-­‐Nok  Nok  Labs  Report  •  rajiv@noknok.com  or  info@noknok.com    •  hEp://www.noknok.com  

 

27