State of e-Authentication in Higher Education Bernie Gleason

Slides:

Advertisements

Similar presentations

Beyond Compliance: Advanced SmartGrid Authentication Paul Miller Uniloc.

Advertisements

Credentialing, Levels of Assurance and Risk: What’s Good Enough Dr. Michael Conlon Director of Data Infrastructure University of Florida.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Public Key Infrastructure at the University of Pittsburgh Robert F. Pack, Vice Provost Academic Planning and Resources Management March 27, 2000 CNI Spring.

Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management What is it? Why? Responsibilities? Bill Weems Academic Computing University of Texas Health Science Center at Houston.

Security systems need to be able to distinguish the “white hats” from the “black hats”. This all begins with identity. What are some common identifiers.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Chapter 10: Authentication Guide to Computer Network Security.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Digital Identity Management Strategy, Policies and Architecture Kent Percival A presentation to the Information Services Committee.

Joseph Ferracin Director IT Security Solutions Managing Security.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

PKI Development Forum Jim Lowe, Campus Information Security Officer Brian Rust, Communications April 17, 2008.

Information Technology  © 2001 The Trustees of Boston College  5/8/2003  Slide 1 Why Standards? Campus Perspective Bernard W. Gleason XML Forum Alexandria,

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

28 th International Traffic Records Forum Biometrics/SmartCard Workshop 28 th International Traffic Records Forum August 4, 2002 Orlando, Florida.

Biometrics Authentication Technology

A Practical Comparison of Modern Authentication Mechanisms.

McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.

Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

TECHNICAL SEMINAR PRESENTATION BIOMETRICS:THE MAGIC OF IDENTIFICATION.

IT Security Policies and Campus Networks The dilemma of translating good security policies to practical campus networking Sara McAneney IT Security Officer.

1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.

Biometrics Chuck Cook Matthew Etten Jeremy Vaughn.

Access Control / Authenticity Michael Sheppard 11/10/10.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.

Networking Network Classification, by there: 3 Security And Communications software.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.

COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.

SEC835 Identity and Access Management Overview. Tasks of IAM Specify the rules of electronic identity Maintain identity Validate identity Define access.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

Digital Security Jesline James! 9cc. Contents  The CREATORS!!!! =] The CREATORS!!!! =]  What is Digital Security? What is Digital Security?  How does.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

Information Technology  © 2001 The Trustees of Boston College   Slide 1 Call to Action! Bernard W. Gleason JA-SIG uPortal Conference Vancouver, British.

Understand User Authentication LESSON 2.1A Security Fundamentals.

Identity Standards Architect, Microsoft

Identity and Access Management

Secure Connected Infrastructure

Secure Single Sign-On Across Security Domains

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Challenge/Response Authentication

Data and Applications Security Developments and Directions

Authentication.

SECURITY in IT ~Shikhar Agarwal.

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Biometrics Reg: AMP/HNDIT/F/F/E/2013/067.

Office 365 Identity Management

Biometric technology.

Strong Password Authentication Protocols

HIMSS National Conference New Orleans Convention Center

COEN 351 Authentication.

Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8

Ignition’s Security Features

Presentation transcript:

State of e-Authentication in Higher Education Bernie Gleason Stronger Authentication – Issues, Techniques, Security Tokens & Biometrics State of e-Authentication in Higher Education Bernie Gleason August 20, 2004

Acknowledgements ”Most Trusted University” University of Miami has a strategic goal to become respected as one of the “Most Trusted Universities.” Illustrations and strategies in this presentation have been provided with the permission of the University of Miami. Identity management and authentication concepts have been contributed by members of the Information Technology department at Boston College. Special thanks to IBM for their sponsorship and support

E-Business Progression

Academic Environment Heterogeneous Disparate Authentication Mechanisms Redundant Identity Data “Weak Passwords” – the norm Proprietary Integration Methods Expanding User Base and Access Methods Trust Agreements Elusive

Basic Transitive Trust Model

Trust Model Progression More Customer Types More Access Devices Weak Passwords Single Sign-On Identity Management Directory Services Portals Federations PKI XML Standards Web services ASPs – Rebirth Grids Service-oriented Architectures (SOA)

Weak Password Authentication Often pretending passwords are strong Can build from the current base Need to add more muscle – second factors Maintain privacy Maturation is going to take time

Two-Factor Authentication ATM requires that I use two factors: “something I have” Bankcard “something I know” Password/PIN On-line transaction requires one factor: What should be the on-line equivalent on the ATM second factor?

Authentication – Three Factors Passwords “something we know” Tokens and Cards – “something we possess” (e.g., ID cards, smart cards, digital certificates) Biometrics “something that is part of us” (e.g., retina scan, fingerprints, facial recognition)

Smart Cards and Security Tokens USB Tokens Dartmouth University of Texas Medical

Interim Two-Factor Authentication Practices

Biometrics in Practice Hand Scans Facial Recognition Retina Scans Conversational Voice Fingerprints Don Estridge High School in Boca Raton Dormitory surveillance in combination with security cameras Swift & Company tracking cattle in conjunction with GPS system Spoken secret (e.g. password) is used to verified identity with the voice Piggly Wiggly stores - fingerprints r for credit and debit card processing and check cashing

Biometrics in Practice -- Fingerprints

Biometrics in Practice – Facial Recognition

Managing Biometrics Database – Identity is authenticated against a central database or directory Local – Biometric is stored in the device or token and authentication test is simply that the user of the device is the person assigned.

Biometric Acceptance Required authentication strength for the transaction Privacy precautions and requirements Cost and customer convenience Customer audience and customer access device capabilities Adopted institutional standards and supporting infrastructure (e.g., PKI) Accepted practices, both within and outside of Higher Education

Charting a Strategy Accept passwords as a way of life Concentrate on building a stronger security and identity management infrastructure – what users don’t see or experience but take for granted Implement innovative ways that make the user experience easier and more intuitive Apply new methods universally in a non-intrusive, transparent manner Require second factors of authentication only at the time that access to sensitive data and transactions is needed

New Paradigm Existing ID Numbers and Passwords – “something we know” Existing CaneID Cards – “something we possess” for low-level authentication and existing applications, but upgraded with standard credit card security features Public Key Infrastructure – underlying security framework but the keys and complexity masked from the users Smart USB Tokens -- “something we possess” for higher-level authentication and distributed to all core constituents (faculty, students and staff) Fingerprint Scans -- “something that is part of us” and optionally imbedded in USB tokens

Matching Risk to Authentication Technique Authorization Risk Assessment Minimal Risk Low Risk Substantial Assurance High Assurance Authentication Technique PIN Password + PIN Two Factors Three Factors with Biometric

Future PKI Infrastructure Most Trusted Passwords Smart Devices Biometrics Central Authentication Authority PKI Infrastructure

Questions?

Trust Agreements is the User is Central Authentication Service is the Target Application Transitive Trust – B trusts A and B trusts C, so C trusts A Proxy – B trusts A and B trusts F, F trusts C, so C trusts A Federated – B trusts A, B trusts Circle, so C trusts A