mobile security, identity & authentication reasons for optimism 20150607 v2

FINGERPRINTSECURE

BIOMETRIC

PASSIVE

ACTIVE

SILENT

FINGERPRINT

SECURE

ELEMENT

BIOMETRIC

PIN TOKEN

ACTIVE

SILENT

FINGERPRINT

VOICEELEMENT

BIOMETRIC

PASSIVE

ACTIVE

SILENT TPM

SECURE

ELEMENT

PASSIVEACTIVE

SILENT

FINGERPRINT

BIOMETRIC

PASSIVE

ACTIVE

SILENT

FINGERPRINT

SECURENFC

PASSIVE

ACTIVE

FINGERPRINT

ELEMENT

BIOMETRIC

ACTIVE

SILENT

FINGERPRINT

SECURENFC

PASSIVE

ACTIVE

SILENT

FINGERPRINT

SECURE

ELEMENT

PINACTIVE

SILENT

ELEMENT

BIOMETRIC

PASSIVE

SILENT

FINGERPRINT

SECURE

ELEMENT

PASSIVE

ACTIVE

FINGERPRINT

SECURE

ELEMENT

BIOMETRIC

RBA PASSIVE

ACTIVE

SECURE

PASSIVEACTIVE

ELEMENT

FINGERPRINT

SECURE

PASSIVE

ACTIVE

SILENT

FINGERPRINT

BIOMETRIC

PASSIVE

SILENT

ELEMENT

PASSIVE

SECURE

ELEMENT

BIOMETRIC

ACTIVE

FINGERPRINT

SECURE

ACTIVE SILENT

FINGERPRINT

VOICENFC

PASSIVE

ACTIVE

SILENT

SECURE

ELEMENT

SILENT

TPMELEMENT

PASSIVE

SILENT

ELEMENT

ACTIVE

FINGERPRINT

ELEMENT

PASSIVE

ACTIVE

SECURE

ELEMENT

ACTIVE

FINGERPRINT

PASSIVE

ACTIVE

FINGERPRINT

ELEMENT

ACTIVE

ELEMENT

BIOMETRIC

ACTIVE

SILENT

FINGERPRINT

SECURE

ELEMENT

PASSIVE

SILENT

BIOMETRIC

ACTIVE

SECURE

BIOMETRIC

SILENT

BIOMETRIC

ACTIVE

FINGERPRINT

ELEMENT

SILENT

SECURE

PASSIVE

ACTIVE

SILENT

FINGERPRINT

ACTIVE

ACTIVE SILENT

ELEMENT

ACTIVE

SILENT

SECURE

PASSIVE

ACTIVE

BIOMETRIC

ACTIVE

BIOMETRIC

PASSIVE

ACTIVE

ELEMENT

TPM USB

BIOMETRIC

PASSIVE

SILENT

BIOMETRIC

SECURE

PASSIVE

SILENT

ELEMENT

PASSIVE

BIOMETRIC

SILENT

SECURE

SILENT

SECURE

SILENT

ELEMENT

SECURE

FINGERPRINT

SILENT

ACTIVE

SILENT

BIOMETRIC

PASSIVE

ELEMENT

SILENT

PASSIVE

ACTIVE

SECURE

PASSIVE

SECURE

ACTIVE

PASSIVE

SILENT

ACTIVE

SILENT

PASSIVE

SILENT

FINGERPRINT

ACTIVE

PASSIVE

ACTIVE

ELEMENT

USBRBA

MOBILE SECURITY, IDENTITY & AUTHENTICATION!REASONS FOR OPTIMISM!!!RAJIV DHOLAKIA!VP PRODUCTS !RAJIV@NOKNOK.COM!!

SECURITY IN PERSPECTIVE: Its like drinking water from the tap in 1800s !

NOK NOK LABS! 2!

Pills, Potions & Spells vs. Chlorination!

PURPOSE OF SECURITY!

Device Integrity ! Network Integrity !

OS & App Integrity ! User Integrity !

Data & Transaction Integrity!

(and Privacy where appropriate) !

SECURITY NEEDS TO SPAN LINKS!

Integrity User! Hardware! OS/App! Network! Service!

NOK NOK LABS!

USER INTEGRITY: THE GLOBAL AUTHENTICATION PROBLEM!

Fear! Frustration and Friction!

40#million#credit#cards##Cost:#$148M#USD#

The problem continues to get BIGGER and more EXPENSIVE!

Fraud!Stolen / hacked passwords

leading cause of identity theft !Passwords DO NOT

WORK, especially on Mobile Devices!

!Too many accounts and

passwords to remember!!

Significant commerce abandonment by users!

Personal and Corporate Damage!

56#million#credit#cards##

Nok Nok Labs!

IDENTITY SERVICES AUTHENTICATION IN CONTEXT!

NOK NOK LABS! 6!

Physical>to>digital#iden@ty##

User#Management##

Authen@ca@on#

Federa@on#

##Single Sign-On

E>Gov# Payments# Security#

Passwords# Risk>Based#Strong#

MODERN!AUTHENTICATION!

Personaliza@on#

Mobile Security Stacks!

Device&Integrity&&&&&&

LAYERED SECURITY MODELS!

NOK NOK LABS! 8!Device#Keys#&#Cer@ficates#Crypto#Engines#

Trusted#Execu@on#Environments##Ç√#

Secure#Elements#

Trustlet# Trustlet# Trustlet#

Rich&Opera2ng&System&(e.g.&Android)&#######OS#Par@@on#

User#Par@@on####

App#Sandbox#

User#Par@@on#

App#Sandbox#

Overlay&Services&######

App#Stores#

OS#Integrity#Services#(e.g.#Android#Safety#Net)#

Site#and#App##Reputa@on/Integrity#

Device#and#Cloud#Data#Managers#

Filter#what#gets#on#the#device…#

Isolate#the#apps…#

Harden#the#device…##

INTEGRITY MECHANISMS – I !

•  TPMs!•  Backwards compatibility requirements !

•  SEs!•  Limited due to operator controls!

•  TEEs (Trusted Execution Environments)!•  Third time is a charm?!

•  Secure boot !- Verification of image!•  Virtualization!- Hardware assisted isolation!•  Anti-virus !•  Device Theft Response!- Standard on mobile devices !

TEE! SE! TPM!

Hardware OS

NOK NOK LABS!

INTEGRITY MECHANISMS – II !

App User

•  App verification!- Rise Of The App Store!•  App Isolation!- App containers !- Restricted IPC !•  Protecting Data & Content!- On-device data encryption !- DRM !

•  Identity Proofing!- Know your customer!•  Strong Authentication!- Explicit & implicit!-  First mile & Second mile!

NOK NOK LABS!

ISOLATION ARCHITECTURE ARM TRUSTZONE !

Secure OS Boot!

FP Sensor!

Touchscreen!

Storage !

1.7 B ARM Cortex

SoCs Shipped!!!18 Month

Phone Refresh Rate!

NOK NOK LABS!

SECURITY NEEDS TO SPAN LINKS!

Integrity Hardware! OS! App! Network! User!

NOK NOK LABS!

So how are doing?!

SOME EXAMPLES FROM 2014!

NOK NOK LABS! 14!

Infrastructure/Relying#Party#(Payments#or#other)#

Opera@ng#System#

Hardware#

HOW FIDO WORKS TO SIMPLIFY AND SCALE AUTHENTICATION user authenticates to device, device authenticates to network

Standardized Protocols!

Local authentication unlocks app specific key!

Key used to authenticate to server (unique key per site)!

Nok Nok Labs!

server&client&

Decoupled&User&Verifica2on&from&Authen2ca2on&Protocol&

ATTACKS MITIGATED!

Remotely#a_acking#central#servers##steal&data#for#impersona@on#

Physically#a_acking#user#devices##misuse&them#for#impersona@on#

Physically#a_acking#user#devices#steal&data#for#impersona@on#

Remotely#a_acking#lots#of#user#devices#

&steal&data#for#impersona@on#

&misuse&them#for#impersona@on#

&misuse&

authen-cated&sessions!

2# 3# 4#Scalable#a_a

Physical#a_acks##possible#on#lost#or#stolen#devices#(≈3%#in#the#US#in#2013)#

User&Coercion#

Not#Scalable#

With#hardening#of#FIDO##Authen@cator##Implementa@ons#–#mi@gate#remote/scalable#a_acks#

NOK NOK LABS!

SECURITY PROFILES FOR AUTHENTICATION!

Strong Stronger

Security Hardware Integration Spectrum!

Software Only!ID!

TPM/SE!ID!

TEE + SE!ID!

Protects Keys!

Protects Keys!Protects Crypto !

Protects Keys!Protects Crypto!Protects Code !Protects Display !

Strongest NOK NOK LABS!

BUILDING AUTHENTICATORS: THREE PROFILES!

RichOS#

Trusted#Execu@on#

Environment#

Secure#Element#Soeware#and#Tamper>Resistant#Hardware#

Cost#to#Acquire#and#Manage#Tokens# Stronger#

Soeware#&#Hardware#

Cost#to#Acquire#and#Manage#Mobile#Device# Stronger#

Soeware#Only#

No#extra#cost# Strong#

NOK NOK LABS!

A UNIQUE OPPORTUNITY !

Hardware Integrity!OS Integrity!

App Integrity!

Network Integrity!

User Integrity!

Re-Architect Computing Using Hardware-Based Trust !

Chain of Trust!

Trusted Platform for Authentication!NOK NOK LABS!

SUPPORT IN THE FABRIC!

• Qualcomm shipping FIDO support in SnapDragon chipsets starting Dec 2014!• Microsoft declares in Feb 2015 FIDO support coming

to Windows 10 and affiliated services!• Google intends to bring biometric APIs & system

keychain to Android M – June 2015!• Apple continuing to support TouchID & system

keychain in iOS – 2014-2015!

NOK NOK LABS! 20!

FIDO-CAPABLE MOBILE, TABLET + PC FORECAST!Non-FIDO FIDO iOS FIDO Android FIDO Windows

35#Million,#Aug.#2014#

2.5&Billion,&Dec.&2019&User#Growth#of

#70.43%#over#5#

Years#

2016! 2019!2018!2017!

86.73%! 93.43%! 96.98%! 98.61%!

6.57%! 3.02%! 1.39%!

2.6BTotal Devices 2.5B Fido Capable

331M iOS Devices 1.1B Android Devices 1.16B Windows Devices

2.08B Total Devices 1.8B Fido Capable

281M iOS Devices 793M Android Devices 724M Windows Devices

298M iOS Devices 945M Android Devices 805M Windows Devices

315M iOS Devices 942M Android Devices 1.04B Windows Devices

13.27%!

NOK NOK LABS!

PULLING IT ALL TOGETHER: NTT DOCOMO LIVE WITH FIDO AUTHENTICATION: May 2015!

Many FIDO Ecosystem Firsts: First Carrier, Multiple OEM Launch at Same Time, First Federated Identity Solution, First Carrier Billing System, First Iris Sensor, First Chipset

Support!

NOK NOK LABS!

ONLINE AUTHENTICATION FOR DOCOMO SERVICES�

Biometric Authentication from DOCOMO, May 26, 2015��

Online#authen@ca@on#using#biometric#informa@on:#�

Authen@ca@on#for#docomo#ID#and#carrier#billing#payments�

Password>less#biometric#authen@ca@on�

Iris� Fingerprint� login�Unlock#devices#

payments#

Everything Authenticates

50 Billion Connected Devices by 2020:!

Internet of Things

People! Devices! Ecosystems!+! +!

Corporate Networks!Mobile Commerce!Mobile Payments!Social Networks!

eHealth!!

Consumer Use Cases!Enterprise Use Cases !

HOPE FOR SCALING A HIGHLY CONNECTED WORLD!

NOK NOK LABS!

Any Device.!Any Application.!Any Authenticator. !

FINGERPRINTSECURE

BIOMETRIC

PASSIVE

ACTIVE

SILENT

FINGERPRINT

SECURE

ELEMENT

BIOMETRIC

PIN TOKEN

ACTIVE

SILENT

FINGERPRINT

VOICEELEMENT

BIOMETRIC

PASSIVE

ACTIVE

SILENT TPM

SECURE

ELEMENT

PASSIVEACTIVE

SILENT

FINGERPRINT

BIOMETRIC

PASSIVE

ACTIVE

SILENT

FINGERPRINT

SECURENFC

PASSIVE

ACTIVE

FINGERPRINT

ELEMENT

BIOMETRIC

ACTIVE

SILENT

FINGERPRINT

SECURENFC

PASSIVE

ACTIVE

SILENT

FINGERPRINT

SECURE

ELEMENT

PINACTIVE

SILENT

ELEMENT

BIOMETRIC

PASSIVE

SILENT

FINGERPRINT

SECURE

ELEMENT

PASSIVE

ACTIVE

FINGERPRINT

SECURE

ELEMENT

BIOMETRIC

RBA PASSIVE

ACTIVE

SECURE

PASSIVEACTIVE

ELEMENT

FINGERPRINT

SECURE

PASSIVE

ACTIVE

SILENT

FINGERPRINT

BIOMETRIC

PASSIVE

SILENT

ELEMENT

PASSIVE

SECURE

ELEMENT

BIOMETRIC

ACTIVE

FINGERPRINT

SECURE

ACTIVE SILENT

FINGERPRINT

VOICENFC

PASSIVE

ACTIVE

SILENT

SECURE

ELEMENT

SILENT

TPMELEMENT

PASSIVE

SILENT

ELEMENT

ACTIVE

FINGERPRINT

ELEMENT

PASSIVE

ACTIVE

SECURE

ELEMENT

ACTIVE

FINGERPRINT

PASSIVE

ACTIVE

FINGERPRINT

ELEMENT

ACTIVE

ELEMENT

BIOMETRIC

ACTIVE

SILENT

FINGERPRINT

SECURE

ELEMENT

PASSIVE

SILENT

BIOMETRIC

ACTIVE

SECURE

BIOMETRIC

SILENT

BIOMETRIC

ACTIVE

FINGERPRINT

ELEMENT

SILENT

SECURE

PASSIVE

ACTIVE

SILENT

FINGERPRINT

ACTIVE

ACTIVE SILENT

ELEMENT

ACTIVE

SILENT

SECURE

PASSIVE

ACTIVE

BIOMETRIC

ACTIVE

BIOMETRIC

PASSIVE

ACTIVE

ELEMENT

TPM USB

BIOMETRIC

PASSIVE

SILENT

BIOMETRIC

SECURE

PASSIVE

SILENT

ELEMENT

PASSIVE

BIOMETRIC

SILENT

SECURE

SILENT

SECURE

SILENT

ELEMENT

SECURE

FINGERPRINT

SILENT

ACTIVE

SILENT

BIOMETRIC

PASSIVE

ELEMENT

SILENT

PASSIVE

ACTIVE

SECURE

PASSIVE

SECURE

ACTIVE

PASSIVE

SILENT

ACTIVE

SILENT

PASSIVE

SILENT

FINGERPRINT

ACTIVE

PASSIVE

ACTIVE

ELEMENT

USBRBA

Appendix!

26!NOK NOK LABS!

BENEFITS OF THE FIDO APPROACH!

Privacy!Security!User Experience!

Authenticate Authenticate

Requirements for next generation authentication!

Public/private keys !instead of passwords!

!Fraud Reduction!

!Unified Auth

Infrastructure#

Natural and faster authentication!

!Use authentication method

of choice !

User& Device& Service&

User information stays on device!

!Not stored on servers

that can be compromised!

Cost!Standards -Based !

!Adaptable infrastructure!

!Future-proofed and

flexible!!

Scalability!

NOK NOK LABS!

mobile security, identity & authentication reasons for optimism 20150607 v2

s nok nok labs

security needs

users personal

expensive fraud

potions spells

corporate damage

fear frustration

drinking water

Documents

20150607 週報

emotional (optimism) - february

cis 2015 mobile security, identity & authentication: reasons...

20150607 sotm-us-osmose-qa

choosing optimism participant

(too) optimistic about optimism: the belief that optimism...

eating news 20150607

20150607 週報.pdf

our website what is optimism? why is optimism important? ...

managerial optimism and earnings...

risc%v’update’ -...

berlant - cruel optimism

optimism контекст презентация

power optimism

american optimism

grounding optimism

pcrf - intelligent optimism

define authentication authentication credentials ...

article - learned optimism

11 optimism