AT&T Certified Secure File Interchange 2 Oct 2010 Dynamic Identity Verification and Authentication (DIVA) Dynamic Distributed Key Infrastructures (DDKI)

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

© Copyright International Telecommunication Union (ITU). All Rights Reserved page - 1 Alexander NTOKO Project Manager, ITU Electronic Commerce.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Securing the Worlds Information Secure Dynamic Credit and Debit Cards Stop Credit Card and Identity Theft Andre Brisson Stephen Boren Co founders/ Co.
Innovation Towards a next generation secure internet Private Application Ecosystems Sanjay Deshpande CEO and Chief Innovation Officer Center.
Key Management And Key Distribution The essential problems addressed by all cryptosystems is how to safely exchange keys and how to easily manage the.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
No - No - No - Nokia Whitenoise Laboratories Canada Inc. André Brisson - Founder July 2, 2014 Total Telco Security for Cloud Colossal Data - Secure data.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Mutual OATH HOTP Variants 65th IETF - Dallas, TX March 2006.
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Lecture 23 Internet Authentication Applications
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
The Telecom Council of Silicon Valley Spring 2015 Showcase.
Understanding Active Directory
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Introduction To Windows NT ® Server And Internet Information Server.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Lesson 1-What Is Information Security?. Overview History of security. Security as a process.
Wonga example Register Question- What risks do you think businesses face due to IT developments?
Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.
Electronic Data Interchange (EDI)
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Chapter 10: Authentication Guide to Computer Network Security.
WIRELESS LAN SECURITY Using
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Unit 1: Protection and Security for Grid Computing Part 2
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
An Overview of the Smart Grid David K. Owens Chair, AABE Legislative Issues and Public Policy Committee AABE Smart Grid Working Group Webinar September.
Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.
Lecture 7 Page 1 CS 236 Online Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know The.
1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,
Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia.
Securing the World’s Information Andre Brisson – Stephen Boren Whitenoise Laboratories Inc. Dynamic Identity Verification & Authorization.
Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Lecture 24 Wireless Network Security
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department.
Focus On Bluetooth Security Presented by Kanij Fatema Sharme.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
MANAGING RISK. CYBER CRIME The use of the internet and developments in IT bring with it a risk of cyber crime. Credit card details are stolen, hackers.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
BOPS – Biometric Open Protocol Standard Emilio J. Sanchez-Sierra.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Information Systems Design and Development Security Precautions Computing Science.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
IEEE CyberTrust workshop
Federated IdM Across Heterogeneous Clouding Environment
Configuring and Troubleshooting Routing and Remote Access
Threat Management Gateway
THE STEPS TO MANAGE THE GRID
Security in Networking
Securing the Internet of Things: Key Insights and Best Practices Across the Industry Theresa Bui Revon IoT Cloud Strategy.
RSA Digital Certificate Solutions RSA Solutions for PKI David Mateju RSA Sales Consultant
Presentation transcript:

AT&T Certified Secure File Interchange 2 Oct 2010 Dynamic Identity Verification and Authentication (DIVA) Dynamic Distributed Key Infrastructures (DDKI) (Interoperable, scalable, secure software frameworks using DIVA) Whitenoise Laboratories Canada Inc. Global Security Challenge Cyber Security Grand Finalists Nov 2010 Global Cyber Innovation Sponsored by Lockheed Martin and the Canadian Embassy

Problem defined by the ITU There is an urgent need for large, dynamic, on-line authentication systems where there is only partial disclosure of credentials for distributed platforms and services (DAPS) These are cyber security requirements necessary for all cyber contexts. identity management securing the internet and enterprise networks secure cloud computing/endpoint authenticated encryption secure critical infrastructures secure identity based telecommunications secure smart grids prevention of malwares and spam

Internet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet.[1]computer securityInternet[1] 7 trillion machine-to-machine devices 65% of all new electronics are smart Critical infrastructures – smart grids Cloud computing Internet 4.5 billion people E-com, e-gov, e-health Cyber Security MUST address the Internet of Things. Market Universe for DIVA Cyber Security Everything is integrated now. Critical infrastructures rely on broadband and Internet because of cost and scalability. The United Nations speaks of our growing reliance on the Internet of Things. Wikipedia defines cyber security as protection against attacks over the Internet:

Secure networks require only three things 1. All components of the network are identified by a unique key 2. All persons/devices are identified dynamically and continuously 3. All usage is logged It is not daunting to either fix or harmonize all network communications.

Devices only require three things 1.A little bit of storage space for keys 158 bytes of key DNA creates a 100 billion byte keystream because of exponentialism 2.Write back capacity to update dynamic offsets 3. An internet connection or connectivity For perfect identity management and security a device only needs

Disruptive technology contained within your innovation Dynamic identity verification and authentication [DIVA] is an identity-based, software protocol that can be used in any digital context that addresses all security requirements: dynamic and continuous authentication authorization revocation repudiation inherent intrusion detection DRM digital signature secure network access Users are pre-authenticated and keys are pre-distributed (distributed keys eliminates PKI attacks) end-to-end authentication it operates as a one-time pad perfect identity for persons and devices pseudo-identity anonymity.

DDKI/DIVA satisfy all ITU/ISO requirements for Identity (IdM) and Privacy by Design protocols. 80 requirements to secure Next Generation Networks (NGN) operate on any kind of digital network any computer operating system like Windows in any kind of network model: federated silo centralized user-centric It can be used with PKI or in lieu of PKI.

Testimonial Dr. Abbie Barbir Dr. Barbir is an advisor and is: Chair of International Telecommunications Union Technology Identity Management Question Steering Committee for the OASIS IDtrust Member Section Chair for the Kantara Initiative Privacy, OASIS, W3C, WS-I, OMA, ITU-T, Canadian Advisory Committee (CAC) JTC1 SC6, Standards Council of Canada IETF, Parlay and IPSphere System administration Bank of America DIVA and DDKI provide a completely interoperable and scalable software framework that isnt hardware dependent. Whitenoise Laboratories (Canada) Inc. has developed a leading edge technology that is ripe and ready for large scaled distributed dynamic authentication and enablement of secure on-line transactions.

Both server and endpoint have a copy of the account identity management key. The server sends a request to the endpoint for an identification token of a specific length, in this case twenty-five bytes. It is not sending across either an offset or a key with this request. Last valid offset 22 1F CB FE FA 17 F2 8E A5 F0 8A E1 55 D6 DD E2 9A 65 2F F6 EA 71 FE F7 D7 B8 28 5D 26 8B Keystream is a minimum of bytes in length. We are continuously and dynamically comparing tokens to insure the correct identity of the network user. A token is an unused segment of key stream of an arbitrary length. It is random and has the equivalency of being encrypted – it cannot be guessed or broken and it is only used once. Device state 1a The endpoint replies by sending a 25-byte token beginning at its last valid offset. Last valid offset plus token 22 1F CB FE FA 17 F2 8E A5 F0 8A E1 55 D6 DD E2 9A 65 2F F6 EA 71 FE F7 D7 B8 28 5D 26 8B length = 25 bytes This is arbitrary and scalable depending on security requirements. Device state 1b How does DIVA work?

Server authenticates user/device by comparing the received token bit-by-bit to the token generated at the server for this account/person/device. Server acknowledges by sending authorization Both server and endpoint update dynamic offset independently Last offset New offset = last offset + token F CB FE FA 17 F2 8E A5 F0 8A E1 55 D6 DD E2 9A 65 2F F6 EA 71 FE F7 D7 B8 28 5D 26 8B length = 25 bytes This is arbitrary and scalable depending on security requirements. Device state 2 The system is synchronized for the next continuous authentication query. The account is automatically locked if the comparison of tokens fails. This would happen if someone has copied a key and the offsets are not synchronous. DIVA dynamic update of offset

100% Accuracy - Only two DIVA outcomes The legitimate key and server offset dynamically updates with this use independently. The pirated or spoofed key (if possible) is no longer synchronized with the server and the legitimate key. The pirate will be detected if he makes a login attempt. The pirate cant access network. Stolen copy is useless. No theft has occurred. 1.The legitimate user logs back onto the network first. Someone tries to steal a key. This is the likely scenario the vast majority of the time.

2. The pirate logs onto the network first. The offset at the server and pirated key updates with this use. The legitimate key is no longer synchronized with the server. The next time the legitimate owner logs onto the secure network, the server recognizes that the offset is no longer synchronized because of the pirated key. The account is automatically locked. System Administrator and client know that their account has been accessed. The logs know the exact duration of the event and the exact transactions within that time beginning at the last time the server and client were synchronized and ending at the point in time when the account was locked. The pirate I P address is known for law enforcement use. Simple customer service Reactivate the account Re-issue a new device Gotcha Hacker!

Everyone wants disruptive technology without the disruption. The only step required to implement DIVA is to integrate the DIVA call into a Single-Sign-On login protocol for network or application access. When a network is configured to require DIVA at login, an Identity Information Service (ISS) protocol is invoked to provide complete network security. This can be either remotely provided or internal to an enterprise.

Public Key systems will be safely transitioned in disruption PKI was an ad hoc approach implemented after the fact PKI was never scientifically qualified to be a ubiquitous framework PKI is ALWAYS vulnerable to man-in-the-middle attacks PKI is ALWAYS vulnerable to side channel attack classes After 40 years < 10% of North American use enterprise PKI servers We need fundamental, safe, disruptive shift to DDKI PKI will be used in limited, specific contexts that DIVA can secure because a key cannot be stolen or copied without being detected when DIVA is present: one-time key exchange additional authentication factor Note: there will not be a single, secure PKI network on earth within five years when quantum computing arrives because of the fixed keys sizes.

Middle layer secure network providers like Verisign, RSA and Entrust will be disrupted because: lowest cost - < 10% the cost of comparable PKI systems simplest remote provisioning, installation and enrollment simplest security to understand, train and manage simplest framework to configure for international commerce while satisfying needs of different countries to control their own national security and dialing in their own unique approach Even if public key systems could provide an equivalent level of security as dynamic distributed key frameworks, DDKI and DIVA provide the: Telecoms like AT&T will be able to sell secure network services and complete secure networks (provisioned/trained overnight/over the phone), directly.

The biometric (biological), behavioral (person or code) and heuristic (experience based) conundrum A person distributes a scan of a biometric (fingerprint, face scan etc.) to the server one time. A scanner takes a snapshot and compares specific co-ordinates against the stored copy. The more points compared, the greater the accuracy and fewer false positives – but the greater the cost. Mass market biometrics compare fewer points but have more false positives. This defeats the purpose. Note: DIVA and Whitenoise can be used to randomize the coordinates that are compared between an end- point scanner and minimize the number of coordinates that need to be compared (because it is now operating like a one-time-pad) in order to get an acceptable level of assurance while minimizing the attendant costs of utilizing biometric information. Ad Hoc approaches to cyber security will be disrupted (treating a symptom not curing the cause)

ALL cyber security is dependent on secure communications (internally + externally). Biometric binds identity to an account Example of seriousness: On October 27, 2010 CNN reported that the US lost communications with approximately 10% of its nuclear arsenal. Identity proofing must be local (same as biometrics) Dynamic verification of reputation material Biometrics/behavior/heuristics - one additional authentication factor. Biometrics - market universe is human (disregards machine-to-machine) Safeguarding biometric information is not addressed. This can be done with 100% accuracy with digital keys using ISO/ITU Level 4 assurance which requires:

Specific products services deploying DDKI/DIVA Secure Session Manager – all identity management and network access security Secure File Interchange 2 (managed) – secure transfer of files and data Secure File Interchange 2 Enterprise (self contained) - both AT&T has certified Secure File Interchange 2 Nov 2, 2010 AT&T ecosystem (largest telco in the US) Bell (largest telco in Canada) Use Wavefront, a commercialization centre accelerating the growth of Canadian wireless companies, to facilitate international market linkages and business opportunities. Immediate market All products/services are less than 5% -10% the cost of competing products.

Whitenoise is recognized internationally: Aug White House OSTP invitation to the US National Cyber Leap Year Summit. Apr invited by the United Nations International Telecommunications Union - UN-ITU – for identity management and identity systems moving towards standardization. Jun invited to Commonwealth Telecommunications Organization on cyber security Jun named subject matter experts by the International Standards Advisory Council of Canada for the Global Standards Collaboration plenary working groups Spring named by Industry Canada as a delegate to UN-ITU June finalist BCTIA technology award Fall 2010 – release of the book In Denial:Code Red Memberships Canadian Advisory Council CAC/JTC1/SC27 WG2 and WG5 for contributions to ISO/ITU 2010/2011 Canadian National Organization for the International Telecommunications Union/Industry Canada Standards Council of Canada International Standards Advisory Council of Canada Information Technology Association of Canada Cyber Security Committee Information Technology Association of Canada National Identity Management Committee Information Technology Association of Canada Radio Frequency Committee Computer Systems Training Advisory Committee at the British Columbia Institute of Technology Information Technology Association of Canada Cryptography Committee Information Technology Association of Canada Cyber Security Forum, Electronic Commerce Protection (Anti-Spam) Subcommittee Information Technology Association of Canada Cyber Security Forum, Privacy Subcommittee Achievements International and national standards organizations Whitenoise technologies are patented in countries with 2/3 of the world population and economic activity including: EU, USA, China, India, Canada, Japan, South Korea etc.

Presentation by André Brisson and Stephen Boren Co Founders Whitenoise Laboratories (Canada) Inc. Whitenoise is controlled static Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.