Geneva, Switzerland, 15-16 September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist.

Slides:

Advertisements

Similar presentations

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Advertisements

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Secure Communication Architectures.

0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Chapter 1 – Introduction

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

Security Awareness: Applying Practical Security in Your World

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Smart Grid Cyber Security Framework

Applied Cryptography for Network Security

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Geneva, Switzerland, 4 December 2014 ITU-T Study Group 17 activities in the context of digital financial services and inclusion: Security and Identity.

Geneva, Switzerland, September 2014 Introduction of ISO/IEC Identity Proofing Patrick Curry Director, British Business Federation Authority.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Patrick J. Gossman, Ph.D Deputy CIO Wayne State University Detroit, MI.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

ISEC0511 Programming for Information System Security

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

PROJECT PAPER ON BLUEFIRE MOBILE SECURITY. BY PONNURU VENKATA DINESH KUMAR STUDENT ID # A0815 PROFESSOR – VICKY HSU CS-426.

BUSINESS B1 Information Security.

September, 2005What IHE Delivers 1 G. Claeys, Agfa Healthcare Audit Trail and Node Authentication.

Chapter 6 of the Executive Guide manual Technology.

Network Security Lecture 9 Presented by: Dr. Munam Ali Shah.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

1 NEW GENERATION SECURE COMPUTING BASE. 2 INTRODUCTION  Next Generation Secure Computing Base,formerly known as Palladium.  The aim for palladium is.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Chapter 01: Introduction to Network Security. Network  A Network is the inter-connection of communications media, connectivity equipment, and electronic.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Biometrics. Biometric Identity Authentication I am the author of IEEE P BOPS Triple of Device, Biometric, 2-Way SSL Cert One Time Password Liveness.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

IP Security IP sec IPsec is short for Internet Protocol Security. It was originally created as a part of IPv6, but has been retrofitted into IPv4. It.

1 Class 15 System Security. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized data access,

Geneva, Switzerland, September 2014 Considerations for implementing secure enterprise mobility Eileen Bridges Aetna GIS Director.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

SECURITY Professor Mona Mursi. ENVIRONMENT IT infrastructures are made up of many components, abstractly: IT infrastructures are made up of many components,

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Lecture 24 Wireless Network Security

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

DICOMwebTM 2015 Conference & Hands-on Workshop University of Pennsylvania, Philadelphia, PA September 10-11, 2015 Keeping it Safe – Securing DICOM Robert.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Ingredients of Security

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Geneva, Switzerland, September 2014 ITU-T SG 17 Identity management (IdM) Progress Report Abbie Barbir Ph.D., ITU-T Study Group 17 Q10/17 (Identity.

CPT 123 Internet Skills Class Notes Internet Security Session B.

Cryptography and Network Security Chapter 1. Background  Information Security requirements have changed in recent times  traditionally provided by physical.

Biometrics and Security Colin Soutar, CTO Bioscrypt Inc. 10th CACR Information Security Workshop May 8th, 2002.

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.

BOPS – Biometric Open Protocol Standard Emilio J. Sanchez-Sierra.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Integrating the Healthcare Enterprise The Integration Profiles: Basic Security Profile.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

A l a d d I n. c o m Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó.

Working at a Small-to-Medium Business or ISP – Chapter 8

Introduction of ISO/IEC Identity Proofing

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

Geneva, Switzerland, September 2014 Identity Based Attestation and Open Exchange Protocol (IBOPS) Scott Streit Chief Scientist Hoyos Labs ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, September 2014)

2 Identity Based Attestation and Open Exchange Protocol (IBOPS) Presentation Report on new working group on Identity based attestation Purpose Developing a biometrics specification for security systems to support identity assertion, role gathering, multi-level access control, assurance, and auditing capabilities Overview The IBOPS TC is chartered to produce an end-to-end specification describing the standards necessary to perform server-based enhanced biometric security. This solution will consider enrollment phase, maintenance, storage, and revocation. IBOPS will define how software running on a client device can communicate with an IBOPS-enabled server. The IBOPS specification will provide continuous protection of identity resources in a manner that enables defining of mechanisms that ensure security to a given service level guarantee of security. The IBOPS TC may also develop interoperability profiles for the OASIS Trust Elevation Protocol, FIDO, SAML, OpenID Connect, and OAuth

Why IBOPS? We need an inter-operable specification to offer the “what” of communication, authentication and access control for biometric based security We need guidance to prevent attacks on systems We need a set of best practices for security We need an end-to-end approach to security which goes beyond identity up through trusted storage and adjudication

Use Cases ATM for Banks allowing secure access to money Cars for preferences Buildings for entry Removal of user names and passwords Removal of the need for credit cards Biometrics are always with you and only you Liveness removes facsimiles of biometrics guaranteeing you are actually a live you. Liveness gives us a convenience vs. security choice.

What is IBOPS IBOPS comprises the rules governing secure communication of biometrics-based identity assertion between a variety of client devices and the trusted server. Provides Identity Assertion, Role Gathering, Multi-Level Access Control, Assurance, and Auditing. It creates a uniform standard for the proper use and secure application of biometrics in an Identity Assertion environment, where the goal is Authentication, not authorization It defines the roles for secure communication in a biometrics-based identity assertion transactional environment between the devices It protects the users privacy: no biometrics must ever leave the mobile device, and all matching must occur in the device It defines clear rules for how biometrics and liveness, with levels of convenience, must operate on the mobile device and in the complete identity assertion process, end-to-end

IBOPS Key Rules Does not allow user biometric data to be stored in any back end repository Requires all data to be fully encrypted, even in an underlying secure transfer layer Biometric Match will always happen on device, so as to protect users privacy as well as their data Private Key generation will occur in a secure server behind a firewall and not on the device Avoids attacks that could lead to key factories. Critical data is to be kept encrypted on device Parse out information, distributing it in such a way that only indexes + “minimal” information are found in repository worthless to a hacker This paradigm forces hackers to hack a user at a time since there is no one repository of critical data, thus deterring massive breaches of data. Secure all access to back end repositories, severs, systems with mobile device based biometric access

Encrypt all information residing on mobile device with minimum cypher requirements and secured via users biometrics IBOPS allows pluggable components to replace existing components functionality accepting integration into current operating environments in a short period of time. IBOPS-compliance should use well established standards set by NIST, ITU-T, ISO for accepted levels of image quality and security Require Liveness Detection Technology (LDT) to be deployed in conjunction with an Intrusion Detection System (IDS) on the device and back end This will protect against spoofing IDS will monitor all systems and data traffic in ALL connected devices and servers in an environment defense against “Replay Attacks” and “Man in the Middle Attacks” We are in the middle of the “Hacking Wars” era, we can not ignore any of this any longer Key Rules

Next Steps New work is staring with focus on full collaboration and future standardization at the ITU-T SG 17 Please join us Geneva, Switzerland, September 20148