SlideShare uma empresa Scribd logo

Securing the Cloud for a Connected Society

COMPUTEX TAIPEI
COMPUTEX TAIPEI

COMPUTEX TAIPEI 2013 - Cloud Industry Forum Topic: Securing the Cloud for a Connected Society Speaker: Michael Poitner Global Segment Marketing Director, Authentication, NXP Semiconductors

Tecnologia
1 de 18
Baixar para ler offline
Securing the Cloud for a Connected Society Computex – Cloud Industry Forum Taipei, June 6, 2013 Michael Poitner
Table of Contents Online Authentication Facts Today’s 2-factor Authentication Solutions Google’s “War on Password” and Solution Hardware Secure Elements and Threats Introduction to Fido (Fast Identity Online) User vs. Device Authentication Overview NXP Page 2 6/6/2013 Securing The Cloud – War On Password
Online Authentication: few facts Username and password prevalent for the past 40 years: Still adapted? Although I connect to 8 different services per day, I use some of them very I own 25 online accounts. a password re-initialization seldom and sometimes In you expect user has 6.5 Doaverage, athe service costs the to me to forget $15 associated different passwords remember provider password. 25 passwords? • Account takeover (ATF+NAF) rose by 50% in 2012 (Javelin March 2013) • Average 25 accounts per user • 6.5 different passwords • 8 services used per day in average • $15 per password re-initialization User Page 3 Service Provider 6/6/2013 • Passwords are being • Reused • Phished • Keylogged Securing The Cloud – War On Password
Online Authentication: more facts Passwords are not secure enough Some more hacking incidents Cisco IOS Passwords Issue: March 18 Michelle Obama, Hillary Clinton, Britney Spears, …: March 11 Evernote hacked, Password reset for 50M: March 2 cPanel web hosting control service hacked: Feb 28 Google 2-step verification tricked: Feb 26 Facebook, Apple, Microsoft corporate network hacked: Feb 22 250,000 Twitter accounts (Burger King, Jeep) hacked: Feb 19 Source: Ponemon Institute 2013 (sponsored by NokNok Labs Inc.) Page 4 6/6/2013 Securing The Cloud – War On Password
Good Pa$$phr@ses#1 are rare Source: http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html Page 5 6/6/2013 Securing The Cloud – War On Password
Online Authentication: few facts Multi-factors authentication proved efficiency in reducing fraud Multi-Factor Authentication, e.g. a token and a secret I don’t want to carry one (Pin or password) each of physical token for proved veryaccounts. my secure User Page 6 • With Chip-and-PIN card introduction in UK, fraud has decreased by 69% • For user convenience, tokens should be shared between services Service Provider 6/6/2013 Securing The Cloud – War On Password 6
Online Authentication: few facts PC is no longer the only access platform What about securing to Please don’t ask me My TVthesmartphone I use my now connected. accesses credential back move is through my Iand forth between all my can console? my more use it than Mymy to gameoften access PC favorite Facebook access content connected car? platforms • 64% of Facebook users via Smartphone, up by 57% yearover-year (FB Q4-12) • By 2016, 100M homes will be equipped with SmartTV in US and Western Europe (NPD In-Stat 2012) • Must have consistent level of security through all platforms User Page 7 Service Provider 6/6/2013 Security level is defined • Solution must by the weakest link. We be user-friendly: avoid too must insure utmost many user securitymanipulations through all platforms Securing The Cloud – War On Password
Today’s 2-factor solutions (consumer) Something you have + Something you know SMS OTP • Cost (user and issuer) OTP App/ Soft Certificates • Delay • Vulnerable to malware on host system • Use proprietary algorithms • No 2nd factor if phone/tablet is used for Internet access • Coverage issues • Typically one per site OTP Security • Phishable Convenience/ Features • Cannot hold identity • OTP not calculated in a Secure Element 6/6/2013 • On the large side • Type 6 or 8 digits into the phone • Vulnverable to MITM and MITB attacks Page 8 OTP fobs • No contactless interface Securing The Cloud – War On Password
Google declared “War On Passwords” IEEE paper “Authentication at Scale” Wired article Jan 18 “Gnubby” term leaked on Google blog Jan 18 Yubico blog Jan 21 Google protocol RSA conference Feb 25 Strong user auth Strong auth everywhere FIDO membership U2F working group April 18 Page 9 6/6/2013 Securing The Cloud – War On Password
Authentication System Architecture AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING DEVICE ABSTRACTION AUTHENTICATION AUTHENTICATION SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES Page 10 6/6/2013 Securing The Cloud – War On Password
Hardware Secure Element: a natural placeholder for security credentials • Tamper resistant: credentials can’t be duplicated nor altered • Proven security: core technology for banking cards and e-passports • Works on Windows, Mac and Linux. No driver needed. • Standardized and “open”: Supports multiple web sites • Ubiquitous interface: USB or NFC Page 11 6/6/2013 Securing The Cloud – War On Password
Typical Secure Element attacks Micro-probing Forcing Manipulation Electron Microscopy Atomic Force Microscopy (AFM) Contrast Etching Decoration Page 12 6/6/2013 Global And Local Light Attacks Spike/Glitch injection Alpha Particle Penetration Securing The Cloud – War On Password Non invasive Attacks: Leakage Invasive Attacks Reverse Engineering Delayering Semi-invasive Attacks: Fault Attacks Combined Attacks Photo emission Analysis EMA Analysis Timing Analysis SPA/DPA Analysis
NXP has joined the FIDO alliance board Board Members Page 13 6/6/2013 Securing The Cloud – War On Password
FIDO System Architecture FIDO AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING FIDO AUTHENTICATION CLIENT (WINDOWS, MAC, IOS, ANDROID…) DEVICE ABSTRACTION FIDO AUTHENTICATION 6/6/2013 SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES FIDO AUTHENTICATORS Page 14 AUTHENTICATION Securing The Cloud – War On Password
User vs. Device Authentication Protect sensitive networks and infrastructures • Industrial Control • Smart Grid Secure communications and services • Medical Devices secure firmware management Trust provisioning Tailored solution Bank-grade security Credential management Page 15 • Cloud Services 6/6/2013 Securing The Cloud – War On Password
NXP Semiconductors NXP Strong Innovation Pipeline: Distinctive Technologies:  Headquarters: Eindhoven/NL Over $600M / year in R&D Portfolio of secure/non-secure MCU  Employees: ~25,000 employees 3,200 engineers Embedded non-volatile & flash 11,000 patents Mixed signal processing Down to 40nm processes Zero power RF & NFC in more than 25 countries  Net sales: $4.3B in 2012 Page 16 6/6/2013 Securing The Cloud – War On Password
NXP is the Identification Industry’s #1 Semiconductor Supplier eGovernment Bank Cards Smart Mobility (MIFARE) Cards Tags & Authentication Readers Mobile Page 17 6/6/2013 Securing The Cloud – War On Password
Thank you for your attention! michael.poitner@nxp.com http://www.us-cert.gov/ http://krebsonsecurity.com/ http://www.schneier.com/ https://www.grc.com/haystack.htm

Recomendados

HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
FIDO Based Consumer Authentication
FIDO Based Consumer AuthenticationFIDO Based Consumer Authentication
FIDO Based Consumer AuthenticationFIDO Alliance
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Block Armour
 

Recomendados

HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR: The Leading Provider of True Passwordless Security®
HYPR: The Leading Provider of True Passwordless Security®HYPR
 
FIDO Based Consumer Authentication
FIDO Based Consumer AuthenticationFIDO Based Consumer Authentication
FIDO Based Consumer AuthenticationFIDO Alliance
 
Debunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN SecurityDebunking the Myths of SSL VPN Security
Debunking the Myths of SSL VPN Securityinside-BigData.com
 
What is Zero Trust
What is Zero TrustWhat is Zero Trust
What is Zero TrustOkta-Inc
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Zero Trust Cybersecurity for Microsoft Azure Cloud
Zero Trust Cybersecurity for Microsoft Azure Cloud Block Armour
 
Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...CODE BLUE
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and MethodsLeonardo De Moura Rocha Lima
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security PatternsMark Benson
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
Don't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceDon't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceEnterprise Technology Management (ETM)
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]Leonardo De Moura Rocha Lima
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018African Cyber Security Summit
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 

Mais conteúdo relacionado

Mais procurados

Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeBlock Armour
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...CODE BLUE
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Zscaler
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Securescoopnewsgroup
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetNathan Wallace, PhD, PE
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTTransUnion
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT securityJulien Vermillard
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security PatternsMark Benson
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksHarry Gunns
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesIvanti
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Securitycentralohioissa
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsGeorge Fletcher
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalFrank Siepmann
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things SecurityTutun Juhana
 

Mais procurados (20)

Next-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space AgeNext-generation Zero Trust Cybersecurity for the Space Age
Next-generation Zero Trust Cybersecurity for the Space Age
 
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)Block Armour Unified Secure Access Solution (based on Zero Trust principles)
Block Armour Unified Secure Access Solution (based on Zero Trust principles)
 
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
[CB20] Cleaning up the mess: discovery, monitoring, analysis, and notificatio...
 
IoT Security: Cases and Methods
IoT Security: Cases and MethodsIoT Security: Cases and Methods
IoT Security: Cases and Methods
 
Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8Three ways-zero-trust-security-redefines-partner-access-v8
Three ways-zero-trust-security-redefines-partner-access-v8
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without Boundaries
 
How Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & SecureHow Zero Trust Makes the Mission Simple & Secure
How Zero Trust Makes the Mission Simple & Secure
 
IoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the InternetIoT Security: How Your TV and Thermostat are Attacking the Internet
IoT Security: How Your TV and Thermostat are Attacking the Internet
 
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoTAuthentiThings: The Pitfalls and Promises of Authentication in the IoT
AuthentiThings: The Pitfalls and Promises of Authentication in the IoT
 
The 5 elements of IoT security
The 5 elements of IoT securityThe 5 elements of IoT security
The 5 elements of IoT security
 
Internet of Things Security Patterns
Internet of Things Security PatternsInternet of Things Security Patterns
Internet of Things Security Patterns
 
Cloud Security Primer - F5 Networks
Cloud Security Primer - F5 NetworksCloud Security Primer - F5 Networks
Cloud Security Primer - F5 Networks
 
Navigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation SlidesNavigating Zero Trust Presentation Slides
Navigating Zero Trust Presentation Slides
 
Jamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS SecurityJamie Bowser - A Touch(ID) of iOS Security
Jamie Bowser - A Touch(ID) of iOS Security
 
Don't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_complianceDon't let wireless_detour_your_pci_compliance
Don't let wireless_detour_your_pci_compliance
 
IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]IoT Security: Cases and Methods [CON5446]
IoT Security: Cases and Methods [CON5446]
 
Internet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open StandardsInternet of Things: Identity & Security with Open Standards
Internet of Things: Identity & Security with Open Standards
 
Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018Conférence ARBOR ACSS 2018
Conférence ARBOR ACSS 2018
 
IoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 finalIoT Security Briefing FBI 07 23-2017 final
IoT Security Briefing FBI 07 23-2017 final
 
Internet of Things Security
Internet of Things SecurityInternet of Things Security
Internet of Things Security
 

Semelhante a Securing the Cloud for a Connected Society

Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application SecuritySecureAuth
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewallsCastleforce
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Cloud Security Alliance Lviv Chapter
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Rafael Maranon
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Zernike College
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido AllianceCOMPUTEX TAIPEI
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCloudIDSummit
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...Rachel Wandishin
 
MILCOM 2013 Keynote Presentation: Larry Payne
MILCOM 2013 Keynote Presentation: Larry Payne MILCOM 2013 Keynote Presentation: Larry Payne
MILCOM 2013 Keynote Presentation: Larry Payne AFCEA International
 
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...Ranjan Jain
 
Security Keys Presentation.pptx
Security Keys Presentation.pptxSecurity Keys Presentation.pptx
Security Keys Presentation.pptxAlok Sharma
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
Fido U2F PROTOCOL
Fido U2F PROTOCOLFido U2F PROTOCOL
Fido U2F PROTOCOLAther Ali
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali OWASP Delhi
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionLeMeniz Infotech
 
Iaetsd future polling system using cloud computing in support with smart clie...
Iaetsd future polling system using cloud computing in support with smart clie...Iaetsd future polling system using cloud computing in support with smart clie...
Iaetsd future polling system using cloud computing in support with smart clie...Iaetsd Iaetsd
 

Semelhante a Securing the Cloud for a Connected Society (20)

Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
The Future of Mobile Application Security
The Future of Mobile Application SecurityThe Future of Mobile Application Security
The Future of Mobile Application Security
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Palo alto networks next generation firewalls
Palo alto networks next generation firewallsPalo alto networks next generation firewalls
Palo alto networks next generation firewalls
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability
 
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
Iurii Garasym - Cloud Security Alliance Now in Ukraine. Mission, Opportunitie...
 
Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)Steps to Scale Internet of Things (IoT)
Steps to Scale Internet of Things (IoT)
 
Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009Palo Alto Networks Soc Ent Okt2009
Palo Alto Networks Soc Ent Okt2009
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David PollingtonCIS 2015-Putting Control Back in the Users’ Hands- David Pollington
CIS 2015-Putting Control Back in the Users’ Hands- David Pollington
 
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud... Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
Security from the Start: Optimizing Your Acquia Experience with Acquia Cloud...
 
MILCOM 2013 Keynote Presentation: Larry Payne
MILCOM 2013 Keynote Presentation: Larry Payne MILCOM 2013 Keynote Presentation: Larry Payne
MILCOM 2013 Keynote Presentation: Larry Payne
 
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
Inbound Federation and Zero Sign On (ZSO) by Ranjan Jain at Ping Identity Wor...
 
Security Keys Presentation.pptx
Security Keys Presentation.pptxSecurity Keys Presentation.pptx
Security Keys Presentation.pptx
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
Fido U2F PROTOCOL
Fido U2F PROTOCOLFido U2F PROTOCOL
Fido U2F PROTOCOL
 
Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali Fido U2F Protocol by Ather Ali
Fido U2F Protocol by Ather Ali
 
Securing broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryptionSecuring broker less publish subscribe systems using identity-based encryption
Securing broker less publish subscribe systems using identity-based encryption
 
Iaetsd future polling system using cloud computing in support with smart clie...
Iaetsd future polling system using cloud computing in support with smart clie...Iaetsd future polling system using cloud computing in support with smart clie...
Iaetsd future polling system using cloud computing in support with smart clie...
 

Mais de COMPUTEX TAIPEI

2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...COMPUTEX TAIPEI
 
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
2015 CPX Summit Forum: BYOC - The Brand New Internet of BeingsCOMPUTEX TAIPEI
 
2014 CPX Conference_Technology Disruption Forum_Quanta Computer
2014 CPX Conference_Technology Disruption Forum_Quanta Computer2014 CPX Conference_Technology Disruption Forum_Quanta Computer
2014 CPX Conference_Technology Disruption Forum_Quanta ComputerCOMPUTEX TAIPEI
 
2014 Summit_Forum_MediaTek
2014 Summit_Forum_MediaTek2014 Summit_Forum_MediaTek
2014 Summit_Forum_MediaTekCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_Cisco
2014 Big_Data_Forum_Cisco2014 Big_Data_Forum_Cisco
2014 Big_Data_Forum_CiscoCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_Intel
2014 Big_Data_Forum_Intel2014 Big_Data_Forum_Intel
2014 Big_Data_Forum_IntelCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_Pivotal
2014 Big_Data_Forum_Pivotal2014 Big_Data_Forum_Pivotal
2014 Big_Data_Forum_PivotalCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_HGST
2014 Big_Data_Forum_HGST2014 Big_Data_Forum_HGST
2014 Big_Data_Forum_HGSTCOMPUTEX TAIPEI
 
2014 Big_Data_Forum_Salesforce.com
2014 Big_Data_Forum_Salesforce.com2014 Big_Data_Forum_Salesforce.com
2014 Big_Data_Forum_Salesforce.comCOMPUTEX TAIPEI
 
2014 Technology_Disruption_Forum_Quipper
2014 Technology_Disruption_Forum_Quipper2014 Technology_Disruption_Forum_Quipper
2014 Technology_Disruption_Forum_QuipperCOMPUTEX TAIPEI
 
2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThings2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThingsCOMPUTEX TAIPEI
 
2014 IoT Forum_Mobile World Capital Barcelona
2014 IoT Forum_Mobile World Capital Barcelona2014 IoT Forum_Mobile World Capital Barcelona
2014 IoT Forum_Mobile World Capital BarcelonaCOMPUTEX TAIPEI
 
Many Clouds, Many Choices (Oracle)
Many Clouds, Many Choices (Oracle) Many Clouds, Many Choices (Oracle)
Many Clouds, Many Choices (Oracle) COMPUTEX TAIPEI
 
Re-architecting the Datacenter to Deliver Better Experiences (Intel)
Re-architecting the Datacenter to Deliver Better Experiences (Intel)Re-architecting the Datacenter to Deliver Better Experiences (Intel)
Re-architecting the Datacenter to Deliver Better Experiences (Intel)COMPUTEX TAIPEI
 

Mais de COMPUTEX TAIPEI (20)

2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
2015 CPX Summit Forum_The Era of Smart Mobility: Integrating Software and Har...
 
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
2015 CPX Summit Forum: BYOC - The Brand New Internet of Beings
 
2014 CPX Conference_Technology Disruption Forum_Quanta Computer
2014 CPX Conference_Technology Disruption Forum_Quanta Computer2014 CPX Conference_Technology Disruption Forum_Quanta Computer
2014 CPX Conference_Technology Disruption Forum_Quanta Computer
 
2014 Summit_Forum_MediaTek
2014 Summit_Forum_MediaTek2014 Summit_Forum_MediaTek
2014 Summit_Forum_MediaTek
 
2014 Summit_Forum_Acer
2014 Summit_Forum_Acer2014 Summit_Forum_Acer
2014 Summit_Forum_Acer
 
2014 Big_Data_Forum_Cisco
2014 Big_Data_Forum_Cisco2014 Big_Data_Forum_Cisco
2014 Big_Data_Forum_Cisco
 
2014 Big_Data_Forum_Intel
2014 Big_Data_Forum_Intel2014 Big_Data_Forum_Intel
2014 Big_Data_Forum_Intel
 
2014 Big_Data_Forum_AWS
2014 Big_Data_Forum_AWS2014 Big_Data_Forum_AWS
2014 Big_Data_Forum_AWS
 
2014 Big_Data_Forum_Pivotal
2014 Big_Data_Forum_Pivotal2014 Big_Data_Forum_Pivotal
2014 Big_Data_Forum_Pivotal
 
2014 Big_Data_Forum_HGST
2014 Big_Data_Forum_HGST2014 Big_Data_Forum_HGST
2014 Big_Data_Forum_HGST
 
2014 Big_Data_Forum_Salesforce.com
2014 Big_Data_Forum_Salesforce.com2014 Big_Data_Forum_Salesforce.com
2014 Big_Data_Forum_Salesforce.com
 
2014 Technology_Disruption_Forum_Quipper
2014 Technology_Disruption_Forum_Quipper2014 Technology_Disruption_Forum_Quipper
2014 Technology_Disruption_Forum_Quipper
 
2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThings2014 Technology_Disruption_Forum_SmartThings
2014 Technology_Disruption_Forum_SmartThings
 
2014 IoT_Forum_NXP
2014 IoT_Forum_NXP2014 IoT_Forum_NXP
2014 IoT_Forum_NXP
 
2014 IoT_Forum_AMD
2014 IoT_Forum_AMD2014 IoT_Forum_AMD
2014 IoT_Forum_AMD
 
2014 IoT Forum_Mobile World Capital Barcelona
2014 IoT Forum_Mobile World Capital Barcelona2014 IoT Forum_Mobile World Capital Barcelona
2014 IoT Forum_Mobile World Capital Barcelona
 
2014 IoT Forum_ST
2014 IoT Forum_ST2014 IoT Forum_ST
2014 IoT Forum_ST
 
2014 IoT Forum_Broadcom
2014 IoT Forum_Broadcom2014 IoT Forum_Broadcom
2014 IoT Forum_Broadcom
 
Many Clouds, Many Choices (Oracle)
Many Clouds, Many Choices (Oracle) Many Clouds, Many Choices (Oracle)
Many Clouds, Many Choices (Oracle)
 
Re-architecting the Datacenter to Deliver Better Experiences (Intel)
Re-architecting the Datacenter to Deliver Better Experiences (Intel)Re-architecting the Datacenter to Deliver Better Experiences (Intel)
Re-architecting the Datacenter to Deliver Better Experiences (Intel)
 

Último

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Último (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Securing the Cloud for a Connected Society

  • 1. Securing the Cloud for a Connected Society Computex – Cloud Industry Forum Taipei, June 6, 2013 Michael Poitner
  • 2. Table of Contents Online Authentication Facts Today’s 2-factor Authentication Solutions Google’s “War on Password” and Solution Hardware Secure Elements and Threats Introduction to Fido (Fast Identity Online) User vs. Device Authentication Overview NXP Page 2 6/6/2013 Securing The Cloud – War On Password
  • 3. Online Authentication: few facts Username and password prevalent for the past 40 years: Still adapted? Although I connect to 8 different services per day, I use some of them very I own 25 online accounts. a password re-initialization seldom and sometimes In you expect user has 6.5 Doaverage, athe service costs the to me to forget $15 associated different passwords remember provider password. 25 passwords? • Account takeover (ATF+NAF) rose by 50% in 2012 (Javelin March 2013) • Average 25 accounts per user • 6.5 different passwords • 8 services used per day in average • $15 per password re-initialization User Page 3 Service Provider 6/6/2013 • Passwords are being • Reused • Phished • Keylogged Securing The Cloud – War On Password
  • 4. Online Authentication: more facts Passwords are not secure enough Some more hacking incidents Cisco IOS Passwords Issue: March 18 Michelle Obama, Hillary Clinton, Britney Spears, …: March 11 Evernote hacked, Password reset for 50M: March 2 cPanel web hosting control service hacked: Feb 28 Google 2-step verification tricked: Feb 26 Facebook, Apple, Microsoft corporate network hacked: Feb 22 250,000 Twitter accounts (Burger King, Jeep) hacked: Feb 19 Source: Ponemon Institute 2013 (sponsored by NokNok Labs Inc.) Page 4 6/6/2013 Securing The Cloud – War On Password
  • 5. Good Pa$$phr@ses#1 are rare Source: http://www.troyhunt.com/2011/03/only-secure-password-is-one-you-cant.html Page 5 6/6/2013 Securing The Cloud – War On Password
  • 6. Online Authentication: few facts Multi-factors authentication proved efficiency in reducing fraud Multi-Factor Authentication, e.g. a token and a secret I don’t want to carry one (Pin or password) each of physical token for proved veryaccounts. my secure User Page 6 • With Chip-and-PIN card introduction in UK, fraud has decreased by 69% • For user convenience, tokens should be shared between services Service Provider 6/6/2013 Securing The Cloud – War On Password 6
  • 7. Online Authentication: few facts PC is no longer the only access platform What about securing to Please don’t ask me My TVthesmartphone I use my now connected. accesses credential back move is through my Iand forth between all my can console? my more use it than Mymy to gameoften access PC favorite Facebook access content connected car? platforms • 64% of Facebook users via Smartphone, up by 57% yearover-year (FB Q4-12) • By 2016, 100M homes will be equipped with SmartTV in US and Western Europe (NPD In-Stat 2012) • Must have consistent level of security through all platforms User Page 7 Service Provider 6/6/2013 Security level is defined • Solution must by the weakest link. We be user-friendly: avoid too must insure utmost many user securitymanipulations through all platforms Securing The Cloud – War On Password
  • 8. Today’s 2-factor solutions (consumer) Something you have + Something you know SMS OTP • Cost (user and issuer) OTP App/ Soft Certificates • Delay • Vulnerable to malware on host system • Use proprietary algorithms • No 2nd factor if phone/tablet is used for Internet access • Coverage issues • Typically one per site OTP Security • Phishable Convenience/ Features • Cannot hold identity • OTP not calculated in a Secure Element 6/6/2013 • On the large side • Type 6 or 8 digits into the phone • Vulnverable to MITM and MITB attacks Page 8 OTP fobs • No contactless interface Securing The Cloud – War On Password
  • 9. Google declared “War On Passwords” IEEE paper “Authentication at Scale” Wired article Jan 18 “Gnubby” term leaked on Google blog Jan 18 Yubico blog Jan 21 Google protocol RSA conference Feb 25 Strong user auth Strong auth everywhere FIDO membership U2F working group April 18 Page 9 6/6/2013 Securing The Cloud – War On Password
  • 10. Authentication System Architecture AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING DEVICE ABSTRACTION AUTHENTICATION AUTHENTICATION SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES Page 10 6/6/2013 Securing The Cloud – War On Password
  • 11. Hardware Secure Element: a natural placeholder for security credentials • Tamper resistant: credentials can’t be duplicated nor altered • Proven security: core technology for banking cards and e-passports • Works on Windows, Mac and Linux. No driver needed. • Standardized and “open”: Supports multiple web sites • Ubiquitous interface: USB or NFC Page 11 6/6/2013 Securing The Cloud – War On Password
  • 12. Typical Secure Element attacks Micro-probing Forcing Manipulation Electron Microscopy Atomic Force Microscopy (AFM) Contrast Etching Decoration Page 12 6/6/2013 Global And Local Light Attacks Spike/Glitch injection Alpha Particle Penetration Securing The Cloud – War On Password Non invasive Attacks: Leakage Invasive Attacks Reverse Engineering Delayering Semi-invasive Attacks: Fault Attacks Combined Attacks Photo emission Analysis EMA Analysis Timing Analysis SPA/DPA Analysis
  • 13. NXP has joined the FIDO alliance board Board Members Page 13 6/6/2013 Securing The Cloud – War On Password
  • 14. FIDO System Architecture FIDO AUTHENTICATION PROTOCOL END USER RELYING PARTY WEBSITE DISCOVERY BROWSER MOBILE APP WEB APPLICATION PROVISIONING FIDO AUTHENTICATION CLIENT (WINDOWS, MAC, IOS, ANDROID…) DEVICE ABSTRACTION FIDO AUTHENTICATION 6/6/2013 SERVER IDENTITY SYSTEMS AUTHENTICATION VALIDATION SERVICES FIDO AUTHENTICATORS Page 14 AUTHENTICATION Securing The Cloud – War On Password
  • 15. User vs. Device Authentication Protect sensitive networks and infrastructures • Industrial Control • Smart Grid Secure communications and services • Medical Devices secure firmware management Trust provisioning Tailored solution Bank-grade security Credential management Page 15 • Cloud Services 6/6/2013 Securing The Cloud – War On Password
  • 16. NXP Semiconductors NXP Strong Innovation Pipeline: Distinctive Technologies:  Headquarters: Eindhoven/NL Over $600M / year in R&D Portfolio of secure/non-secure MCU  Employees: ~25,000 employees 3,200 engineers Embedded non-volatile & flash 11,000 patents Mixed signal processing Down to 40nm processes Zero power RF & NFC in more than 25 countries  Net sales: $4.3B in 2012 Page 16 6/6/2013 Securing The Cloud – War On Password
  • 17. NXP is the Identification Industry’s #1 Semiconductor Supplier eGovernment Bank Cards Smart Mobility (MIFARE) Cards Tags & Authentication Readers Mobile Page 17 6/6/2013 Securing The Cloud – War On Password
  • 18. Thank you for your attention! michael.poitner@nxp.com http://www.us-cert.gov/ http://krebsonsecurity.com/ http://www.schneier.com/ https://www.grc.com/haystack.htm