SlideShare una empresa de Scribd logo

Securing the Cloud for a Connected Society

COMPUTEX TAIPEI
COMPUTEX TAIPEI

COMPUTEX TAIPEI 2013 - Cloud Industry Forum Topic: Securing the Cloud for a Connected Society Speaker: Michael Poitner Global Segment Marketing Director, Authentication, NXP Semiconductors

Tecnología
1 de 18
Descargar para leer sin conexión
Securing the Cloud for a Connected Society Computex – Cloud Industry Forum Taipei, June 6, 2013 Michael Poitner
Table of Contents Online Authentication Facts Today’s 2-factor Authentication Solutions Google’s “War on Password” and Solution Hardware Secure Elements and Threats Introduction to Fido (Fast Identity Online) User vs. Device Authentication Overview NXP Page 2 6/6/2013 Securing The Cloud – War On Password
Online Authentication: few facts Username and password prevalent for the past 40 years: Still adapted? Although I connect to 8 different services per day, I use some of them very I own 25 online accounts. a password re-initialization seldom and sometimes In you expect user has 6.5 Doaverage, athe service costs the to me to forget $15 associated different passwords remember provider password. 25 passwords? • Account takeover (ATF+NAF) rose by 50% in 2012 (Javelin March 2013) • Average 25 accounts per user • 6.5 different passwords • 8 services used per day in average • $15 per password re-initialization User Page 3 Service Provider 6/6/2013 • Passwords are being • Reused • Phished • Keylogged Securing The Cloud – War On Password
Online Authentication: more facts Passwords are not secure enough Some more hacking incidents Cisco IOS Passwords Issue: March 18 Michelle Obama, Hillary Clinton, Britney Spears, …: March 11 Evernote hacked, Password reset for 50M: March 2 cPanel web hosting control service hacked: Feb 28 Google 2-step verification tricked: Feb 26 Facebook, Apple, Microsoft corporate network hacked: Feb 22 250,000 Twitter accounts (Burger King, Jeep) hacked: Feb 19 Source: Ponemon Institute 2013 (sponsored by NokNok Labs Inc.) Page 4 6/6/2013 Securing The Cloud – War On Password
Good Pa$$phr@ses#1 are rare Source: http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html Page 5 6/6/2013 Securing The Cloud – War On Password
Online Authentication: few facts Multi-factors authentication proved efficiency in reducing fraud Multi-Factor Authentication, e.g. a token and a secret I don’t want to carry one (Pin or password) each of physical token for proved veryaccounts. my secure User Page 6 • With Chip-and-PIN card introduction in UK, fraud has decreased by 69% • For user convenience, tokens should be shared between services Service Provider 6/6/2013 Securing The Cloud – War On Password 6
Online Authentication: few facts PC is no longer the only access platform What about securing to Please don’t ask me My TVthesmartphone I use my now connected. accesses credential back move is through my Iand forth between all my can console? my more use it than Mymy to gameoften access PC favorite Facebook access content connected car? platforms • 64% of Facebook users via Smartphone, up by 57% yearover-year (FB Q4-12) • By 2016, 100M homes will be equipped with SmartTV in US and Western Europe (NPD In-Stat 2012) • Must have consistent level of security through all platforms User Page 7 Service Provider 6/6/2013 Security level is defined • Solution must by the weakest link. We be user-friendly: avoid too must insure utmost many user securitymanipulations through all platforms Securing The Cloud – War On Password
Today’s 2-factor solutions (consumer) Something you have + Something you know SMS OTP • Cost (user and issuer) OTP App/ Soft Certificates • Delay • Vulnerable to malware on host system • Use proprietary algorithms • No 2nd factor if phone/tablet is used for Internet access • Coverage issues • Typically one per site OTP Security • Phishable Convenience/ Features • Cannot hold identity • OTP not calculated in a Secure Element 6/6/2013 • On the large side • Type 6 or 8 digits into the phone • Vulnverable to MITM and MITB attacks Page 8 OTP fobs • No contactless interface Securing The Cloud – War On Password
Google declared “War On Passwords” IEEE paper “Authentication at Scale” Wired article Jan 18 “Gnubby” term leaked on Google blog Jan 18 Yubico blog Jan 21 Google protocol RSA conference Feb 25 Strong user auth Strong auth everywhere FIDO membership U2F working group April 18 Page 9 6/6/2013 Securing The Cloud – War On Password
Authentication System Architecture AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING DEVICE ABSTRACTION AUTHENTICATION AUTHENTICATION SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES Page 10 6/6/2013 Securing The Cloud – War On Password
Hardware Secure Element: a natural placeholder for security credentials • Tamper resistant: credentials can’t be duplicated nor altered • Proven security: core technology for banking cards and e-passports • Works on Windows, Mac and Linux. No driver needed. • Standardized and “open”: Supports multiple web sites • Ubiquitous interface: USB or NFC Page 11 6/6/2013 Securing The Cloud – War On Password
Typical Secure Element attacks Micro-probing Forcing Manipulation Electron Microscopy Atomic Force Microscopy (AFM) Contrast Etching Decoration Page 12 6/6/2013 Global And Local Light Attacks Spike/Glitch injection Alpha Particle Penetration Securing The Cloud – War On Password Non invasive Attacks: Leakage Invasive Attacks Reverse Engineering Delayering Semi-invasive Attacks: Fault Attacks Combined Attacks Photo emission Analysis EMA Analysis Timing Analysis SPA/DPA Analysis
NXP has joined the FIDO alliance board Board Members Page 13 6/6/2013 Securing The Cloud – War On Password
FIDO System Architecture FIDO AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING FIDO AUTHENTICATION CLIENT (WINDOWS, MAC, IOS, ANDROID…) DEVICE ABSTRACTION FIDO AUTHENTICATION 6/6/2013 SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES FIDO AUTHENTICATORS Page 14 AUTHENTICATION Securing The Cloud – War On Password
User vs. Device Authentication Protect sensitive networks and infrastructures • Industrial Control • Smart Grid Secure communications and services • Medical Devices secure firmware management Trust provisioning Tailored solution Bank-grade security Credential management Page 15 • Cloud Services 6/6/2013 Securing The Cloud – War On Password
NXP Semiconductors NXP Strong Innovation Pipeline: Distinctive Technologies:  Headquarters: Eindhoven/NL Over $600M / year in R&D Portfolio of secure/non-secure MCU  Employees: ~25,000 employees 3,200 engineers Embedded non-volatile & flash 11,000 patents Mixed signal processing Down to 40nm processes Zero power RF & NFC in more than 25 countries  Net sales: $4.3B in 2012 Page 16 6/6/2013 Securing The Cloud – War On Password
NXP is the Identification Industry’s #1 Semiconductor Supplier eGovernment Bank Cards Smart Mobility (MIFARE) Cards Tags & Authentication Readers Mobile Page 17 6/6/2013 Securing The Cloud – War On Password
Thank you for your attention! michael.poitner@nxp.com http://www.us-cert.gov/ http://krebsonsecurity.com/ http://www.schneier.com/ https://www.grc.com/haystack.htm

Recomendados

HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
FIDO Based Consumer Authentication
FIDO Based Consumer AuthenticationFIDO Based Consumer Authentication
FIDO Based Consumer AuthenticationFIDO Alliance
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Block Armour
 

Recomendados

HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
FIDO Based Consumer Authentication
FIDO Based Consumer AuthenticationFIDO Based Consumer Authentication
FIDO Based Consumer AuthenticationFIDO Alliance
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Block Armour
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...CODE BLUE
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and MethodsLeonardo De Moura Rocha Lima
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security PatternsMark Benson
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
Don't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceDon't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceEnterprise Technology Management (ETM)
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018African Cyber Security Summit
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 

Más contenido relacionado

La actualidad más candente

Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...CODE BLUE
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security PatternsMark Benson
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 

La actualidad más candente (20)

Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the Internet
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Security
 
Don't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceDon't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_compliance
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 

Similar a Securing the Cloud for a Connected Society

Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Rafael Maranon
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido AllianceCOMPUTEX TAIPEI
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCloudIDSummit
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...Rachel Wandishin
 
MILCOM 2013 Keynote Presentation: Larry Payne
MILCOM 2013 Keynote Presentation: Larry Payne MILCOM 2013 Keynote Presentation: Larry Payne
MILCOM 2013 Keynote Presentation: Larry Payne AFCEA International
 
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...Ranjan Jain
 
Security Keys Presentation.pptx
Security Keys Presentation.pptxSecurity Keys Presentation.pptx
Security Keys Presentation.pptxAlok Sharma
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 
Fido U2F PROTOCOL
Fido U2F PROTOCOLFido U2F PROTOCOL
Fido U2F PROTOCOLAther Ali
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionLeMeniz Infotech
 
Iaetsd future polling system using cloud computing in support with smart clie...
Iaetsd future polling system using cloud computing in support with smart clie...Iaetsd future polling system using cloud computing in support with smart clie...
Iaetsd future polling system using cloud computing in support with smart clie...Iaetsd Iaetsd
 

Similar a Securing the Cloud for a Connected Society (20)

Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application Security
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
 
MILCOM 2013 Keynote Presentation: Larry Payne
MILCOM 2013 Keynote Presentation: Larry Payne MILCOM 2013 Keynote Presentation: Larry Payne
MILCOM 2013 Keynote Presentation: Larry Payne
 
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
 
Security Keys Presentation.pptx
Security Keys Presentation.pptxSecurity Keys Presentation.pptx
Security Keys Presentation.pptx
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
 
Fido U2F PROTOCOL
Fido U2F PROTOCOLFido U2F PROTOCOL
Fido U2F PROTOCOL
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryption
 
Iaetsd future polling system using cloud computing in support with smart clie...
Iaetsd future polling system using cloud computing in support with smart clie...Iaetsd future polling system using cloud computing in support with smart clie...
Iaetsd future polling system using cloud computing in support with smart clie...
 

Más de COMPUTEX TAIPEI

2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...COMPUTEX TAIPEI
 
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
2015 CPX Summit Forum: BYOC - The Brand New Internet of BeingsCOMPUTEX TAIPEI
 
2014 CPX Conference_Technology Disruption Forum_Quanta Computer
2014 CPX Conference_Technology Disruption Forum_Quanta Computer2014 CPX Conference_Technology Disruption Forum_Quanta Computer
2014 CPX Conference_Technology Disruption Forum_Quanta ComputerCOMPUTEX TAIPEI
 
2014 Summit_Forum_MediaTek
2014 Summit_Forum_MediaTek2014 Summit_Forum_MediaTek
2014 Summit_Forum_MediaTekCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_Cisco
2014 Big_Data_Forum_Cisco2014 Big_Data_Forum_Cisco
2014 Big_Data_Forum_CiscoCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_Intel
2014 Big_Data_Forum_Intel2014 Big_Data_Forum_Intel
2014 Big_Data_Forum_IntelCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_Pivotal
2014 Big_Data_Forum_Pivotal2014 Big_Data_Forum_Pivotal
2014 Big_Data_Forum_PivotalCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_HGST
2014 Big_Data_Forum_HGST2014 Big_Data_Forum_HGST
2014 Big_Data_Forum_HGSTCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_Salesforce.com
2014 Big_Data_Forum_Salesforce.com2014 Big_Data_Forum_Salesforce.com
2014 Big_Data_Forum_Salesforce.comCOMPUTEX TAIPEI
 
2014 Technology_Disruption_Forum_Quipper
2014 Technology_Disruption_Forum_Quipper2014 Technology_Disruption_Forum_Quipper
2014 Technology_Disruption_Forum_QuipperCOMPUTEX TAIPEI
 
2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThings2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThingsCOMPUTEX TAIPEI
 
2014 IoT Forum_Mobile World Capital Barcelona
2014 IoT Forum_Mobile World Capital Barcelona2014 IoT Forum_Mobile World Capital Barcelona
2014 IoT Forum_Mobile World Capital BarcelonaCOMPUTEX TAIPEI
 
Many Clouds, Many Choices (Oracle)
Many Clouds, Many Choices (Oracle) Many Clouds, Many Choices (Oracle)
Many Clouds, Many Choices (Oracle) COMPUTEX TAIPEI
 
Re-architecting the Datacenter to Deliver Better Experiences (Intel)
Re-architecting the Datacenter to Deliver Better Experiences (Intel)Re-architecting the Datacenter to Deliver Better Experiences (Intel)
Re-architecting the Datacenter to Deliver Better Experiences (Intel)COMPUTEX TAIPEI
 

Más de COMPUTEX TAIPEI (20)

2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
 
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
 
2014 CPX Conference_Technology Disruption Forum_Quanta Computer
2014 CPX Conference_Technology Disruption Forum_Quanta Computer2014 CPX Conference_Technology Disruption Forum_Quanta Computer
2014 CPX Conference_Technology Disruption Forum_Quanta Computer
 
2014 Summit_Forum_MediaTek
2014 Summit_Forum_MediaTek2014 Summit_Forum_MediaTek
2014 Summit_Forum_MediaTek
 
2014 Summit_Forum_Acer
2014 Summit_Forum_Acer2014 Summit_Forum_Acer
2014 Summit_Forum_Acer
 
2014 Big_Data_Forum_Cisco
2014 Big_Data_Forum_Cisco2014 Big_Data_Forum_Cisco
2014 Big_Data_Forum_Cisco
 
2014 Big_Data_Forum_Intel
2014 Big_Data_Forum_Intel2014 Big_Data_Forum_Intel
2014 Big_Data_Forum_Intel
 
2014 Big_Data_Forum_AWS
2014 Big_Data_Forum_AWS2014 Big_Data_Forum_AWS
2014 Big_Data_Forum_AWS
 
2014 Big_Data_Forum_Pivotal
2014 Big_Data_Forum_Pivotal2014 Big_Data_Forum_Pivotal
2014 Big_Data_Forum_Pivotal
 
2014 Big_Data_Forum_HGST
2014 Big_Data_Forum_HGST2014 Big_Data_Forum_HGST
2014 Big_Data_Forum_HGST
 
2014 Big_Data_Forum_Salesforce.com
2014 Big_Data_Forum_Salesforce.com2014 Big_Data_Forum_Salesforce.com
2014 Big_Data_Forum_Salesforce.com
 
2014 Technology_Disruption_Forum_Quipper
2014 Technology_Disruption_Forum_Quipper2014 Technology_Disruption_Forum_Quipper
2014 Technology_Disruption_Forum_Quipper
 
2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThings2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThings
 
2014 IoT_Forum_NXP
2014 IoT_Forum_NXP2014 IoT_Forum_NXP
2014 IoT_Forum_NXP
 
2014 IoT_Forum_AMD
2014 IoT_Forum_AMD2014 IoT_Forum_AMD
2014 IoT_Forum_AMD
 
2014 IoT Forum_Mobile World Capital Barcelona
2014 IoT Forum_Mobile World Capital Barcelona2014 IoT Forum_Mobile World Capital Barcelona
2014 IoT Forum_Mobile World Capital Barcelona
 
2014 IoT Forum_ST
2014 IoT Forum_ST2014 IoT Forum_ST
2014 IoT Forum_ST
 
2014 IoT Forum_Broadcom
2014 IoT Forum_Broadcom2014 IoT Forum_Broadcom
2014 IoT Forum_Broadcom
 
Many Clouds, Many Choices (Oracle)
Many Clouds, Many Choices (Oracle) Many Clouds, Many Choices (Oracle)
Many Clouds, Many Choices (Oracle)
 
Re-architecting the Datacenter to Deliver Better Experiences (Intel)
Re-architecting the Datacenter to Deliver Better Experiences (Intel)Re-architecting the Datacenter to Deliver Better Experiences (Intel)
Re-architecting the Datacenter to Deliver Better Experiences (Intel)
 

Último

Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Último (20)

Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Securing the Cloud for a Connected Society

  • 1. Securing the Cloud for a Connected Society Computex – Cloud Industry Forum Taipei, June 6, 2013 Michael Poitner
  • 2. Table of Contents Online Authentication Facts Today’s 2-factor Authentication Solutions Google’s “War on Password” and Solution Hardware Secure Elements and Threats Introduction to Fido (Fast Identity Online) User vs. Device Authentication Overview NXP Page 2 6/6/2013 Securing The Cloud – War On Password
  • 3. Online Authentication: few facts Username and password prevalent for the past 40 years: Still adapted? Although I connect to 8 different services per day, I use some of them very I own 25 online accounts. a password re-initialization seldom and sometimes In you expect user has 6.5 Doaverage, athe service costs the to me to forget $15 associated different passwords remember provider password. 25 passwords? • Account takeover (ATF+NAF) rose by 50% in 2012 (Javelin March 2013) • Average 25 accounts per user • 6.5 different passwords • 8 services used per day in average • $15 per password re-initialization User Page 3 Service Provider 6/6/2013 • Passwords are being • Reused • Phished • Keylogged Securing The Cloud – War On Password
  • 4. Online Authentication: more facts Passwords are not secure enough Some more hacking incidents Cisco IOS Passwords Issue: March 18 Michelle Obama, Hillary Clinton, Britney Spears, …: March 11 Evernote hacked, Password reset for 50M: March 2 cPanel web hosting control service hacked: Feb 28 Google 2-step verification tricked: Feb 26 Facebook, Apple, Microsoft corporate network hacked: Feb 22 250,000 Twitter accounts (Burger King, Jeep) hacked: Feb 19 Source: Ponemon Institute 2013 (sponsored by NokNok Labs Inc.) Page 4 6/6/2013 Securing The Cloud – War On Password
  • 5. Good Pa$$phr@ses#1 are rare Source: http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html Page 5 6/6/2013 Securing The Cloud – War On Password
  • 6. Online Authentication: few facts Multi-factors authentication proved efficiency in reducing fraud Multi-Factor Authentication, e.g. a token and a secret I don’t want to carry one (Pin or password) each of physical token for proved veryaccounts. my secure User Page 6 • With Chip-and-PIN card introduction in UK, fraud has decreased by 69% • For user convenience, tokens should be shared between services Service Provider 6/6/2013 Securing The Cloud – War On Password 6
  • 7. Online Authentication: few facts PC is no longer the only access platform What about securing to Please don’t ask me My TVthesmartphone I use my now connected. accesses credential back move is through my Iand forth between all my can console? my more use it than Mymy to gameoften access PC favorite Facebook access content connected car? platforms • 64% of Facebook users via Smartphone, up by 57% yearover-year (FB Q4-12) • By 2016, 100M homes will be equipped with SmartTV in US and Western Europe (NPD In-Stat 2012) • Must have consistent level of security through all platforms User Page 7 Service Provider 6/6/2013 Security level is defined • Solution must by the weakest link. We be user-friendly: avoid too must insure utmost many user securitymanipulations through all platforms Securing The Cloud – War On Password
  • 8. Today’s 2-factor solutions (consumer) Something you have + Something you know SMS OTP • Cost (user and issuer) OTP App/ Soft Certificates • Delay • Vulnerable to malware on host system • Use proprietary algorithms • No 2nd factor if phone/tablet is used for Internet access • Coverage issues • Typically one per site OTP Security • Phishable Convenience/ Features • Cannot hold identity • OTP not calculated in a Secure Element 6/6/2013 • On the large side • Type 6 or 8 digits into the phone • Vulnverable to MITM and MITB attacks Page 8 OTP fobs • No contactless interface Securing The Cloud – War On Password
  • 9. Google declared “War On Passwords” IEEE paper “Authentication at Scale” Wired article Jan 18 “Gnubby” term leaked on Google blog Jan 18 Yubico blog Jan 21 Google protocol RSA conference Feb 25 Strong user auth Strong auth everywhere FIDO membership U2F working group April 18 Page 9 6/6/2013 Securing The Cloud – War On Password
  • 10. Authentication System Architecture AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING DEVICE ABSTRACTION AUTHENTICATION AUTHENTICATION SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES Page 10 6/6/2013 Securing The Cloud – War On Password
  • 11. Hardware Secure Element: a natural placeholder for security credentials • Tamper resistant: credentials can’t be duplicated nor altered • Proven security: core technology for banking cards and e-passports • Works on Windows, Mac and Linux. No driver needed. • Standardized and “open”: Supports multiple web sites • Ubiquitous interface: USB or NFC Page 11 6/6/2013 Securing The Cloud – War On Password
  • 12. Typical Secure Element attacks Micro-probing Forcing Manipulation Electron Microscopy Atomic Force Microscopy (AFM) Contrast Etching Decoration Page 12 6/6/2013 Global And Local Light Attacks Spike/Glitch injection Alpha Particle Penetration Securing The Cloud – War On Password Non invasive Attacks: Leakage Invasive Attacks Reverse Engineering Delayering Semi-invasive Attacks: Fault Attacks Combined Attacks Photo emission Analysis EMA Analysis Timing Analysis SPA/DPA Analysis
  • 13. NXP has joined the FIDO alliance board Board Members Page 13 6/6/2013 Securing The Cloud – War On Password
  • 14. FIDO System Architecture FIDO AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING FIDO AUTHENTICATION CLIENT (WINDOWS, MAC, IOS, ANDROID…) DEVICE ABSTRACTION FIDO AUTHENTICATION 6/6/2013 SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES FIDO AUTHENTICATORS Page 14 AUTHENTICATION Securing The Cloud – War On Password
  • 15. User vs. Device Authentication Protect sensitive networks and infrastructures • Industrial Control • Smart Grid Secure communications and services • Medical Devices secure firmware management Trust provisioning Tailored solution Bank-grade security Credential management Page 15 • Cloud Services 6/6/2013 Securing The Cloud – War On Password
  • 16. NXP Semiconductors NXP Strong Innovation Pipeline: Distinctive Technologies:  Headquarters: Eindhoven/NL Over $600M / year in R&D Portfolio of secure/non-secure MCU  Employees: ~25,000 employees 3,200 engineers Embedded non-volatile & flash 11,000 patents Mixed signal processing Down to 40nm processes Zero power RF & NFC in more than 25 countries  Net sales: $4.3B in 2012 Page 16 6/6/2013 Securing The Cloud – War On Password
  • 17. NXP is the Identification Industry’s #1 Semiconductor Supplier eGovernment Bank Cards Smart Mobility (MIFARE) Cards Tags & Authentication Readers Mobile Page 17 6/6/2013 Securing The Cloud – War On Password
  • 18. Thank you for your attention! michael.poitner@nxp.com http://www.us-cert.gov/ http://krebsonsecurity.com/ http://www.schneier.com/ https://www.grc.com/haystack.htm