SlideShare una empresa de Scribd logo

Session 7 e_raja_kailar

Hai Nguyen
Hai Nguyen

This document discusses two-factor authentication and its importance for securing PHIN systems. It analyzes different two-factor authentication methods like digital certificates, one-time passwords, and biometrics. Digital certificates support open standards and interoperability for automated B2B authentication and messaging. One-time passwords provide mobility but require digital certificates for server authentication. The document proposes two approaches: Approach A uses passwords and client certificates for users and Approach B uses key-fobs for users but requires managing two infrastructures. It concludes by emphasizing strong authentication, authorization, and identity management for perimeter security.

Tecnología
1 de 22
Descargar para leer sin conexión
PHIN Systems Security and Two Factor Authentication Raja Kailar, Ph.D. Senior Security Consultant, IRMO/CDC rok9@cdc.gov, kailar@bnetal.com
Problem Description PHIN – Collaborating partners, sharing public health information over un-trusted networks Security depends on reliable identification and authentication (I&A) Many public health partners rely solely on login + password for I&A Need additional authentication factors for security…
PHIN - Operational Environment
PHIN Users, Interactions, Security Perimeters Users – External, Internal Interactions – B2B, C2B Perimeter – Firewalls, DMZ
High Level Security Requirements Strong Authentication Important for most requirements
Authentication Considerations What are your PHIN applications? Who are your users? Is your user population relatively stationary or mobile? From where do your users need to access PHIN applications? Intranet? Internet? Both? Does your network infrastructure provide adequate protection to PHIN data (GAP analysis)?
Minimum Authentication Recommendation: C2B/Internal User Note: If you also have external users, use same (DMZ) proxy and 2 factor authentication for all users
Minimum Authentication Recommendation: B2B Applications
Minimum Authentication Recommendation: C2B/External User
What is Two Factor Authentication and Why do we need it? Authentication Factors What I know (password, PIN) What I have (token, private key) Who I am (thumbprint, retina, voice) Two Factor Authentication What I know + what I have (PIN + token) What I know + who I am (PIN + thumbprint) Strong Identity Assurance – harder to spoof
Two Factor Authentication – One Time Password (Secure Token)
Two Factor Authentication - Digital Certificates
Two Factor Authentication - Biometrics
Authentication Mechanisms – System Differentiation Digital Certificates PKCS12 Files Suited for laptop users One time passwords (Secure Tokens) Key-fob: Mobile Smart Cards: Need card, readers Biometrics Hardware/software readers Mobility / Ease of Use
Authentication Mechanisms – System Differentiation Digital Certificates Binary match One time password (Secure Token) Binary match Biometrics Fuzzy match False positives/negatives possible Assurance Level / Accuracy
Authentication Mechanisms – System Differentiation Digital Certificates Open standards based (X.509, SSL) Digital Signatures (XMLDSIG) Interoperable One time passwords (Secure Tokens) Proprietary, domain specific Biometrics Proprietary, domain specific Use in Automated Authentication Handshaking (B2B)
Authentication Mechanisms – System Differentiation $100,0001000Biometrics $60,000 - $100,000 $100,000 - $200,000 Deployment Cost (approximate) 1000 1000 Users Secure Tokens Digital Certificates System • Deployment cost based on market leaders (low cost alternatives exist) • Lifecycle management costs are implementation and environment dependent. Cost
And the winner is? Depends on your PHIN usage: Digital Certificates - only technology that supports Open Standards based Interoperability for Automated B2B authentication (e.g., PHIN web-services) Asymmetric key based encryption for messaging Digital Signatures for communication non-repudiation Secure token (key-fob) - mobility and ease of use for C2B authentication Digital certificates needed for server authentication (SSL)
Authentication - Approach A Users authenticate to a DMZ web-server (proxy) using password + client certificates over SSL B2B applications authenticate to a DMZ proxy web- server using client certificates over SSL Suited for relatively static user populations or for laptop users Single authentication infrastructure to implement and manage
Authentication – Approach B Users authenticate to DMZ web-server (proxy) using key- fob External B2B applications authenticate to DMZ using client certificates over SSL May be required if user population is highly mobile Two infrastructures to manage/keep in sync
Other Perimeter Security Considerations Authorization, Access Control, User Identity Lifecycle Management Single Sign-on
Questions? rok9@cdc.gov kailar@bnetal.com

Recomendados

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Sms based otp
Sms based otpSms based otp
Sms based otpHai Nguyen
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Why Two-Factor Authentication?
Why Two-Factor Authentication?Why Two-Factor Authentication?
Why Two-Factor Authentication?Fortytwo
 

Recomendados

Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Securing corporate assets_with_2_fa
Securing corporate assets_with_2_faSecuring corporate assets_with_2_fa
Securing corporate assets_with_2_faHai Nguyen
 
Sms based otp
Sms based otpSms based otp
Sms based otpHai Nguyen
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Two factor authentication
Two factor authenticationTwo factor authentication
Two factor authenticationHai Nguyen
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Why Two-Factor Authentication?
Why Two-Factor Authentication?Why Two-Factor Authentication?
Why Two-Factor Authentication?Fortytwo
 
2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 
Access management
Access managementAccess management
Access managementVenkatesh Jambulingam
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesIBM Security
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to SolusSolus
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyNick Malcolm
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
SolusDeck
SolusDeckSolusDeck
SolusDeckandreeabrodo
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDECTM360
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolIJERD Editor
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheetHai Nguyen
 
Shmat ccs12
Shmat ccs12Shmat ccs12
Shmat ccs12Hai Nguyen
 

Más contenido relacionado

La actualidad más candente

2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]Hai Nguyen
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesIBM Security
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcitmmubashirkhan
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AlonePortalGuard
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to SolusSolus
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018Will Adams
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyNick Malcolm
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor AuthenticationNikhil Shaw
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDECTM360
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolIJERD Editor
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 

La actualidad más candente (20)

2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]2 factor authentication 3 [compatibility mode]
2 factor authentication 3 [compatibility mode]
 
Access management
Access managementAccess management
Access management
 
Combat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion TechniquesCombat the Latest Two-Factor Authentication Evasion Techniques
Combat the Latest Two-Factor Authentication Evasion Techniques
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSS
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication
 
Two factor authentication presentation mcit
Two factor authentication presentation mcitTwo factor authentication presentation mcit
Two factor authentication presentation mcit
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
Avoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not AloneAvoiding Two-factor Authentication? You're Not Alone
Avoiding Two-factor Authentication? You're Not Alone
 
Introduction to Solus
Introduction to SolusIntroduction to Solus
Introduction to Solus
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Two factor authentication 2018
Two factor authentication 2018Two factor authentication 2018
Two factor authentication 2018
 
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with AuthyAdding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with Authy
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
 
SolusDeck
SolusDeckSolusDeck
SolusDeck
 
Two Factor Authentication
Two Factor AuthenticationTwo Factor Authentication
Two Factor Authentication
 
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDETWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
TWO FACTOR AUTHENTICATION - COMPREHENSIVE GUIDE
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 

Destacado

Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheetHai Nguyen
 
Man in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperMan in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperHai Nguyen
 
Man in-the-browser-in-depth-report
Man in-the-browser-in-depth-reportMan in-the-browser-in-depth-report
Man in-the-browser-in-depth-reportHai Nguyen
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthenticationHai Nguyen
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808Hai Nguyen
 
Advanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureAdvanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureSecureAuth
 
презентація
презентаціяпрезентація
презентаціяshenmue85
 

Destacado (9)

Scc soft token datasheet
Scc soft token datasheetScc soft token datasheet
Scc soft token datasheet
 
Shmat ccs12
Shmat ccs12Shmat ccs12
Shmat ccs12
 
Man in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaperMan in-the-browser tectia-whitepaper
Man in-the-browser tectia-whitepaper
 
Man in-the-browser-in-depth-report
Man in-the-browser-in-depth-reportMan in-the-browser-in-depth-report
Man in-the-browser-in-depth-report
 
Adaptive Trust Security
Adaptive Trust SecurityAdaptive Trust Security
Adaptive Trust Security
 
Rsa two factorauthentication
Rsa two factorauthenticationRsa two factorauthentication
Rsa two factorauthentication
 
9697 aatf sb_0808
9697 aatf sb_08089697 aatf sb_0808
9697 aatf sb_0808
 
Advanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and FutureAdvanced Authentication: Past, Present, and Future
Advanced Authentication: Past, Present, and Future
 
презентація
презентаціяпрезентація
презентація
 

Similar a Session 7 e_raja_kailar

#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security modelMicro Focus
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Precisely
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
Insight into IT Strategic Challenges
Insight into IT Strategic ChallengesInsight into IT Strategic Challenges
Insight into IT Strategic ChallengesJorge Sebastiao
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Turvallisuus2013
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems Maganathin Veeraragaloo
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-defQafis
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identityWAFAA AL SALMAN
 
Securing The Cloud
Securing The CloudSecuring The Cloud
Securing The Cloudgeorge.james
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...Block Armour
 
Block Armour Blockchain Defined Perimeter Brochure
Block Armour Blockchain Defined Perimeter BrochureBlock Armour Blockchain Defined Perimeter Brochure
Block Armour Blockchain Defined Perimeter BrochureBlock Armour
 
Biometrics and authentication webinar v3
Biometrics and authentication webinar v3Biometrics and authentication webinar v3
Biometrics and authentication webinar v3DigitalPersona
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationFIDO Alliance
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 sucesuminas
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachPortalGuard
 

Similar a Session 7 e_raja_kailar (20)

#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model#MFSummit2016 Secure: Mind the gap strengthening the information security model
#MFSummit2016 Secure: Mind the gap strengthening the information security model
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
Insight into IT Strategic Challenges
Insight into IT Strategic ChallengesInsight into IT Strategic Challenges
Insight into IT Strategic Challenges
 
ISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de EntrustISS SA le presenta IdentityGuard de Entrust
ISS SA le presenta IdentityGuard de Entrust
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
Development of Digital Identity Systems
Development of Digital Identity Systems Development of Digital Identity Systems
Development of Digital Identity Systems
 
Slideshare fintech-may26th-def
Slideshare fintech-may26th-defSlideshare fintech-may26th-def
Slideshare fintech-may26th-def
 
Kerberos-PKI-Federated identity
Kerberos-PKI-Federated identityKerberos-PKI-Federated identity
Kerberos-PKI-Federated identity
 
Securing The Cloud
Securing The CloudSecuring The Cloud
Securing The Cloud
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
Blockchain Defined Perimeter (BDP) - Experience the power of Software Defined...
 
Block Armour Blockchain Defined Perimeter Brochure
Block Armour Blockchain Defined Perimeter BrochureBlock Armour Blockchain Defined Perimeter Brochure
Block Armour Blockchain Defined Perimeter Brochure
 
Biometrics and authentication webinar v3
Biometrics and authentication webinar v3Biometrics and authentication webinar v3
Biometrics and authentication webinar v3
 
NIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO AuthenticationNIST 800-63 Guidance & FIDO Authentication
NIST 800-63 Guidance & FIDO Authentication
 
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05 Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
Segurança da Informação e Estrutura de Redes - Café Empresarial 15/05
 
Contextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor ApproachContextual Authentication: A Multi-factor Approach
Contextual Authentication: A Multi-factor Approach
 

Más de Hai Nguyen

Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Hai Nguyen
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 enHai Nguyen
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationHai Nguyen
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseHai Nguyen
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Hai Nguyen
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheetHai Nguyen
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheetHai Nguyen
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationHai Nguyen
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationxHai Nguyen
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingHai Nguyen
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowresHai Nguyen
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseHai Nguyen
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013Hai Nguyen
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210Hai Nguyen
 
2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authenticationHai Nguyen
 
1208 wp-two-factor-and-swivel-whitepaper
1208 wp-two-factor-and-swivel-whitepaper1208 wp-two-factor-and-swivel-whitepaper
1208 wp-two-factor-and-swivel-whitepaperHai Nguyen
 

Más de Hai Nguyen (20)

Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
Quest defender provides_secure__affordable_two-factor_authentication_for_okla...
 
Ouch 201211 en
Ouch 201211 enOuch 201211 en
Ouch 201211 en
 
N ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authenticationN ye c-rfp-two-factor-authentication
N ye c-rfp-two-factor-authentication
 
Multiple credentials-in-the-enterprise
Multiple credentials-in-the-enterpriseMultiple credentials-in-the-enterprise
Multiple credentials-in-the-enterprise
 
Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462Ijcsi 9-4-2-457-462
Ijcsi 9-4-2-457-462
 
Identity cues two factor data sheet
Identity cues two factor data sheetIdentity cues two factor data sheet
Identity cues two factor data sheet
 
Hotpin datasheet
Hotpin datasheetHotpin datasheet
Hotpin datasheet
 
Gambling
GamblingGambling
Gambling
 
Ds netsuite-two-factor-authentication
Ds netsuite-two-factor-authenticationDs netsuite-two-factor-authentication
Ds netsuite-two-factor-authentication
 
Datasheet two factor-authenticationx
Datasheet two factor-authenticationxDatasheet two factor-authenticationx
Datasheet two factor-authenticationx
 
Csd6059
Csd6059Csd6059
Csd6059
 
Cryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for bankingCryptomathic white paper 2fa for banking
Cryptomathic white paper 2fa for banking
 
Citrix sb 0707-lowres
Citrix sb 0707-lowresCitrix sb 0707-lowres
Citrix sb 0707-lowres
 
Bi guardotp
Bi guardotpBi guardotp
Bi guardotp
 
Attachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromiseAttachment 1 – mitigation measures for two factor authentication compromise
Attachment 1 – mitigation measures for two factor authentication compromise
 
Ams 2 fa april 2013
Ams 2 fa april 2013Ams 2 fa april 2013
Ams 2 fa april 2013
 
10695 sidtfa sb_0210
10695 sidtfa sb_021010695 sidtfa sb_0210
10695 sidtfa sb_0210
 
2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication
 
1208 wp-two-factor-and-swivel-whitepaper
1208 wp-two-factor-and-swivel-whitepaper1208 wp-two-factor-and-swivel-whitepaper
1208 wp-two-factor-and-swivel-whitepaper
 
527
527527
527
 

Último

Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesBernd Ruecker
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Último (20)

Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architecturesQCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

Session 7 e_raja_kailar

  • 1. PHIN Systems Security and Two Factor Authentication Raja Kailar, Ph.D. Senior Security Consultant, IRMO/CDC rok9@cdc.gov, kailar@bnetal.com
  • 2. Problem Description PHIN – Collaborating partners, sharing public health information over un-trusted networks Security depends on reliable identification and authentication (I&A) Many public health partners rely solely on login + password for I&A Need additional authentication factors for security…
  • 3. PHIN - Operational Environment
  • 4. PHIN Users, Interactions, Security Perimeters Users – External, Internal Interactions – B2B, C2B Perimeter – Firewalls, DMZ
  • 5. High Level Security Requirements Strong Authentication Important for most requirements
  • 6. Authentication Considerations What are your PHIN applications? Who are your users? Is your user population relatively stationary or mobile? From where do your users need to access PHIN applications? Intranet? Internet? Both? Does your network infrastructure provide adequate protection to PHIN data (GAP analysis)?
  • 7. Minimum Authentication Recommendation: C2B/Internal User Note: If you also have external users, use same (DMZ) proxy and 2 factor authentication for all users
  • 10. What is Two Factor Authentication and Why do we need it? Authentication Factors What I know (password, PIN) What I have (token, private key) Who I am (thumbprint, retina, voice) Two Factor Authentication What I know + what I have (PIN + token) What I know + who I am (PIN + thumbprint) Strong Identity Assurance – harder to spoof
  • 11. Two Factor Authentication – One Time Password (Secure Token)
  • 12. Two Factor Authentication - Digital Certificates
  • 14. Authentication Mechanisms – System Differentiation Digital Certificates PKCS12 Files Suited for laptop users One time passwords (Secure Tokens) Key-fob: Mobile Smart Cards: Need card, readers Biometrics Hardware/software readers Mobility / Ease of Use
  • 15. Authentication Mechanisms – System Differentiation Digital Certificates Binary match One time password (Secure Token) Binary match Biometrics Fuzzy match False positives/negatives possible Assurance Level / Accuracy
  • 16. Authentication Mechanisms – System Differentiation Digital Certificates Open standards based (X.509, SSL) Digital Signatures (XMLDSIG) Interoperable One time passwords (Secure Tokens) Proprietary, domain specific Biometrics Proprietary, domain specific Use in Automated Authentication Handshaking (B2B)
  • 17. Authentication Mechanisms – System Differentiation $100,0001000Biometrics $60,000 - $100,000 $100,000 - $200,000 Deployment Cost (approximate) 1000 1000 Users Secure Tokens Digital Certificates System • Deployment cost based on market leaders (low cost alternatives exist) • Lifecycle management costs are implementation and environment dependent. Cost
  • 18. And the winner is? Depends on your PHIN usage: Digital Certificates - only technology that supports Open Standards based Interoperability for Automated B2B authentication (e.g., PHIN web-services) Asymmetric key based encryption for messaging Digital Signatures for communication non-repudiation Secure token (key-fob) - mobility and ease of use for C2B authentication Digital certificates needed for server authentication (SSL)
  • 19. Authentication - Approach A Users authenticate to a DMZ web-server (proxy) using password + client certificates over SSL B2B applications authenticate to a DMZ proxy web- server using client certificates over SSL Suited for relatively static user populations or for laptop users Single authentication infrastructure to implement and manage
  • 20. Authentication – Approach B Users authenticate to DMZ web-server (proxy) using key- fob External B2B applications authenticate to DMZ using client certificates over SSL May be required if user population is highly mobile Two infrastructures to manage/keep in sync
  • 21. Other Perimeter Security Considerations Authorization, Access Control, User Identity Lifecycle Management Single Sign-on