SlideShare uma empresa Scribd logo

User authentication trends

Transferir como PPT, PDF
Zuraiq K K
Zuraiq K K

Few slides about User Authentication; Brief history/trends in the usage of biometrics for user authentication on internet based applications.

Tecnologia
1 de 39
Slide 1Slide 1 Session : User Authentication - Trends 11-Nov-2014 Prepared by: Zuraiq
Slide 2 This Session… -- Is Technical – will include an introduction/background -- Will include Interactions, Questions and Answers… -- The Sections…. The Start User Authentications Biometrics So… Thank You -- Disclaimer
Slide 3Slide 3 The Start!
Slide 4 Question 1: The Picture! – Please Identify…. Creation and Creator!….
Slide 5 Nature and Man…. -- Question 2: Who is the painter? Where is it located now? -- Depicts – “Human Being” as the supreme creation Combines: Science + Math + Philosophy!!!! -- “The Geometry of a Man” References: http://www.youtube.com/watch?v=GGUOtwDhyzc : Vitruvian Man – The Beauty of Diagrams http://www.youtube.com/watch?v=aMsaFP3kgqQ : Da Vinci’s Virtuvian Man of Math - James Earle
Slide 6 Golden Ratio!!! -- Question 3: What is “Golden Ratio” ? -- Beautiful and Harmonious – It’s about Patterns! -- Architecture and Arts – Across Cultures and Regions -- Pyramids, Stonehenge, Parthenon, Many of the paintings, Music and Musical Instruments, Symbols -- Fibonacci Series -- Nature: Conspicuous Reoccurrence, Surprisingly Oftem -- Elliot Rafael Waves + Chaos Theory – The Influence References:  Wikipedia  http://www.youtube.com/watch?v=O2wU-HT7FiM – Fibonacci and the Golden Mean. http://www.youtube.com/watch?v=SjSHVDfXHQ4 : The magic of Fibonacci Numbers
Slide 7 So… There is a -- Brilliance in the design, And also is Uniformity… -- Yet, they are unique – individually…
Slide 8Slide 8 User Authentications!
Slide 9 Question 4 : Why ? -- Why “User Authentication” ?… My Answers: -- Part of our business, Daily Life -- Always Fresh -- Increased Awareness -- Renewed Focus…
Slide 10 The Password World – Few Facts -- More than 70% of people revealed their passwords in exchange of a bar of chocolate -- 66% shared their passwords with colleagues -- 75% knows their co-worker’s password -- 60% use the same password for everything, including their personal banking -- Worst Passwords – Easy to predict -- Own Name (16%), password (12%), football team (11%), DOB(8%) http://www.forbes.com/sites/davelewis/2014/10/29/internet-of-things-security-vs-time-to-market/
Slide 11 Question 5 : Worst Passwords - 2013 1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10.adobe123 11.123123 12.Admin 13.1234567890 14.letmein 15.photoshop 16.1234 17.monkey 18.shadow 19.sunshine 20.12345
Slide 12 Authentication - Basics -- Question 6: What is “Authentication” ? -- Examples: Allow someone enter based on a photo id card Entry into a Cinema Hall ATM Withdrawal Access a secured website, say Internet Banking Emigration Clearance in an airport Degree Certificate – Original or Not? Checking the authority of a person… Information Authenticity – Video Tapes, Source etc Single Sign On Confirmation E-mails, OTP Tracing the date of an artifact – carbon dating SO…. What is “Authentication” ?
Slide 13 The Identity! -- The Identity Crisis  -- Basics: Definition – Authentication 1 - Accepting proof of Identity 2 – Comparing the attributes of the object itself to what is known about it 3 – Establishing identity based on external affirmations -- Lingo : Identity, Authorization, Access, Strong Authorization -- Multi-factor Authentication - MFA
Slide 14 Multi-factor Authentication! -- Knowledge factors – Something you know [Passphrase, PIN, Challenge/Response] -- Possession factors – Something you have [ID Card, Token, Phone] -- Inherence factors – Something you are [Fingerprint, Retina, Iris, Voice, Face] -- Dynamic factors – Something you do - Question 6 -- Hybrid [Private Keys Encrypted by a Fingerprint Device Inside a USB Token] -- So… How many? Who will decide? Criterion? More Reading: https://twofactorauth.org/
Slide 15 Multi-factor Authentication! -- Tokens – Connected, Disconnected, H/W, S/W, USB Based, Audio Port Based -- Cards – Magnetic Strip Cards, Grid Cards, Patterns -- Wireless Tokens [RF Id, Bluetooth] -- Software: Capcha, SSO -- Onetime pads, iButtons  These are OLD…. -- Mobile Phone Based Tokens – Soft token, SMS, QR Code, Call, smart phone Push, Mobile Signatures, Apps
Slide 16 Multi-factor Authentication!
Slide 17Slide 17 Biometrics
Slide 18 Biometrics!!! -- What is Biometrics?
Slide 19 Biometrics!!! -- What is Biometrics? Biometric refers to "automatic" identification of a person, based on her physiological or behavioral characteristics. As a characteristic: is a measurable characteristic of an individual As a Process: Automated Methods of Recognizing an individual based on the measurable characterstic
Slide 20 Biometrics – Timelines… 1858: First systematic capture of hand images for identification is recorded 1870: Bertillon develops anthropometrics to identify individuals 1892: Galton develops a classification system for fingerprints 1896: Henry develops a finger print classification system 1936: Concept of using the iris pattern for identification is proposed 1960s: Face recognition becomes semi-automated 1960: First model of acoustic speech production is created 1965: Automated signature recognition research begins 1969: FBI pushes to make fingerprint recognition an automated process 1974: First commercial hand geometry systems become available 1986: Exchange of fingerprint minutiae data standard is published 1988: First semi-automated facial recognition system is deployed 1992: Biometric Consortium is established within US Government 1997: First commercial, generic biometric interoperability standard published 1999: FBI's IAFIS major components become operational 2002: M1 Technical Committee on Biometrics is formed 2003: Formal US Government coordination of biometric activities begins 2004: US-VISIT program becomes operational 2004: DOD implements ABIS 2005: US patent on iris recognition concept expire
Slide 21 Biometrics – Predecessors… -- Handprints may have acted as a signature…. -- 500 BC – Fingerprint Usage as a person’s mark – settling transactions -- Chinese used fingerprints and footprints to differentiate children -- Early Egyptians: Traders were identified by their physical description Differentiate between trusted traders and new traders
Slide 22 Process Flow – Generic ….
Slide 23 Biometrics – Broad Classification -- Behavioral [Keystroke, Signature: Static, Dynamic] -- Physical [Fingerprint, Voice, Hand/Finger/Face Geometry, Facial Recognition, Signature, Voice, Iris] -- Still In Progress [Smell, Ear Shape, Finger Nail Bed, Face-3D, Gait, Lip Movement, Vein Scan] -- Traits: Collectability, Uniqueness, Performance, Acceptability, Expected Number of Users -- Components: Server, Signal Processing, Data Storage, Matching Algorithm, Decision Process -- Capturing Technology: RF, Optical, Capacitive, Pressure Tracking
Slide 24 Bio Metrics - Pictorial
Slide 25 Finger Prints – Few Facts -- Oldest form of Biormterics; Widely in practice -- Highly Reliable -- Uses distinctive features of Fingerprints: Ridges, Spurs, Bridges, Patterns -- -- --
Slide 26 Iris Scan – Few Facts -- Iris is a protected internal organ whose random texture is stable throughout life -- High degree of randomness; No 2 iris are identical -- Stable in a persons life -- Infra red / High Resolution Photograph -- Iris Unique Characteristics: Ridges (Rings), Furrows, Striations (freckles) --
Slide 27 Other Biometrics… -- Voice Scan: Measures sound waves of a human speech; Voice print compared to a previous one. -- Signature Scan: Measures speed, pressure, stroke order of a signature -- Retina Scan: Measures Unique characterestics of a retina; Blood vessel patterns, Vein Patterns -- Facial Scan: camera measures the following facial features: Distance between eyes, eyes and nose ridge, angles of cheek, slope of the nose, Facial Temperatures -- Hand Scan: Measures Top and Side of a hand – Not the palm [Hand Geometry]
Slide 28 Biometrics – Metrics  -- FAR : False Acceptance Rate [Wrong Identification] -- FRR : False Recognition Rate [Access Denial] -- FTE: Failure to Enrol Rate -- AVT : Ability To Verify [AVT = (1 – FTE)(1-FRR) -- IRIS: FAR – 1/1,000,000; FRR : 2% -- Fingerprint: FAR – 1/100,000; FRR: 1% -- Algorithmic; Matching Scores -- Standards: BioAPI, BAPI
Slide 29 Biometrics – Areas -- Identification Systems: Who am I ? [Determine Identity] -- Verification Systems: Am I who I claim to be ? [Authenticate Identity] -- In short, Determine or Authenticate Authority! --Verification Systems: More Accurate Less Expensive Faster Limited in Functionality More Efforts by User than Computer
Slide 30 Biometrics – Areas -- Criminal Identification -- Automobiles -- Airport Security -- Prison Security -- --
Slide 31 Bio-Metric - Usage
Slide 32 Bio-Metric Passports Reference: http://commons.wikimedia.org/wiki/Biometric_passport
Slide 33 Biometrics – Pros -- Cannot be manipulated by Brute Force -- Not easy to Copy or Steal and Avoids Lost Identity Cases -- No Need to memorize -- Natural -- Happens in Real Time, and in a Definitive Manner
Slide 34 Question 6: Biometrics – Cons -- Can be faded with time : Fingerprint, Voice [Answer] -- Not still matured – For example Fingerprint -- Standards are not in place yet – Replacement, if Lost -- Not easy to introduce variability -- Still Expensive -- Replacement, if Lost -- Cultural/Religious Issues -- Privacy Concerns of misuse
Slide 35Slide 35 So….
Slide 36 So, What are we guarding against ? Question Simple – “Unauthorized Access” And what are the threats ? [Question] --- Stealing --- Confidence Tricks --- Technical Tricks [Local, Remote] --- Victim Mistakes --- Implementation Oversights --- DoS Attacks --- Enrollment Attacks https://www.owasp.org/index.php/Comprehensive_list_of_Threats_to_Authe ntication_Procedures_and_Data
Slide 37 Concluding Remarks -- IdM – is a new area of business and it is Serious! -- Biometrics – You cannot ignore it! -- Challenge is to make it simpler – the “User Experience” around it… -- User Authentication is an area that demands 100% perfection without compromise!!!
Slide 38Slide 38
Slide 39Slide 39 Next Session On 18-Nov-14

Recomendados

Application de Reconnaissance faciale - eigenfaces, fisherfaces et lbph
Application de Reconnaissance faciale - eigenfaces, fisherfaces et lbphApplication de Reconnaissance faciale - eigenfaces, fisherfaces et lbph
Application de Reconnaissance faciale - eigenfaces, fisherfaces et lbphSarra ERRREGUI
 
Biometric Sensors
Biometric SensorsBiometric Sensors
Biometric Sensorsparmsidhu
 
Fortigate Hand Book
Fortigate Hand BookFortigate Hand Book
Fortigate Hand BookYusuf Usmani
 
Ecrime Practical Biometric
Ecrime Practical BiometricEcrime Practical Biometric
Ecrime Practical BiometricJorge Sebastiao
 
Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningAnkit Gupta
 
SEMINAR ON BIOMETRIC TECHNOLOGY.1pptx.pptx
SEMINAR ON BIOMETRIC TECHNOLOGY.1pptx.pptxSEMINAR ON BIOMETRIC TECHNOLOGY.1pptx.pptx
SEMINAR ON BIOMETRIC TECHNOLOGY.1pptx.pptx1A255Gauravwankar
 
Biometrics technology ravi kumar
Biometrics technology ravi kumarBiometrics technology ravi kumar
Biometrics technology ravi kumarRavi Kumar
 
It's about biometric system L10A_Savvides_Biometrics.pdf
It's about biometric system L10A_Savvides_Biometrics.pdfIt's about biometric system L10A_Savvides_Biometrics.pdf
It's about biometric system L10A_Savvides_Biometrics.pdfpreethi3173
 

Recomendados

Application de Reconnaissance faciale - eigenfaces, fisherfaces et lbph
Application de Reconnaissance faciale - eigenfaces, fisherfaces et lbphApplication de Reconnaissance faciale - eigenfaces, fisherfaces et lbph
Application de Reconnaissance faciale - eigenfaces, fisherfaces et lbphSarra ERRREGUI
 
Biometric Sensors
Biometric SensorsBiometric Sensors
Biometric Sensorsparmsidhu
 
Fortigate Hand Book
Fortigate Hand BookFortigate Hand Book
Fortigate Hand BookYusuf Usmani
 
Ecrime Practical Biometric
Ecrime Practical BiometricEcrime Practical Biometric
Ecrime Practical BiometricJorge Sebastiao
 
Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningAnkit Gupta
 
SEMINAR ON BIOMETRIC TECHNOLOGY.1pptx.pptx
SEMINAR ON BIOMETRIC TECHNOLOGY.1pptx.pptxSEMINAR ON BIOMETRIC TECHNOLOGY.1pptx.pptx
SEMINAR ON BIOMETRIC TECHNOLOGY.1pptx.pptx1A255Gauravwankar
 
Biometrics technology ravi kumar
Biometrics technology ravi kumarBiometrics technology ravi kumar
Biometrics technology ravi kumarRavi Kumar
 
It's about biometric system L10A_Savvides_Biometrics.pdf
It's about biometric system L10A_Savvides_Biometrics.pdfIt's about biometric system L10A_Savvides_Biometrics.pdf
It's about biometric system L10A_Savvides_Biometrics.pdfpreethi3173
 
Biometrics_ppt.ppt
Biometrics_ppt.pptBiometrics_ppt.ppt
Biometrics_ppt.pptVidhiAgarwal80
 
Biometrics_ppt.ppt
Biometrics_ppt.pptBiometrics_ppt.ppt
Biometrics_ppt.pptRajeshRavi44
 
Biometrics/fingerprint sensors
Biometrics/fingerprint sensorsBiometrics/fingerprint sensors
Biometrics/fingerprint sensorsJeffrey Funk
 
BiometricsPresentation.pptx
BiometricsPresentation.pptxBiometricsPresentation.pptx
BiometricsPresentation.pptx20BIT001ABHISHEKRR
 
sagarppt111111-150929182421-lva1-app6891.pptx
sagarppt111111-150929182421-lva1-app6891.pptxsagarppt111111-150929182421-lva1-app6891.pptx
sagarppt111111-150929182421-lva1-app6891.pptxCoreGaming3
 
Fingerprint recognition system by sagar chand gupta
Fingerprint recognition system by sagar chand guptaFingerprint recognition system by sagar chand gupta
Fingerprint recognition system by sagar chand guptascg121433
 
Biometrics technology
Biometrics technologyBiometrics technology
Biometrics technologyMohamed Sol Al Okaily
 
Biometrics techniques
Biometrics techniquesBiometrics techniques
Biometrics techniquesjackofhearty1
 
Biometrics Research/Thesis Paper
Biometrics Research/Thesis PaperBiometrics Research/Thesis Paper
Biometrics Research/Thesis PaperSumaiya Ismail
 
Alaa elbeheri research_presentation
Alaa elbeheri research_presentation Alaa elbeheri research_presentation
Alaa elbeheri research_presentation alaabebe
 
Biometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptxBiometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptxNareshKireedula
 
Biometrics Technology
Biometrics TechnologyBiometrics Technology
Biometrics Technologylole2
 
Biometrics
BiometricsBiometrics
BiometricsPriyanka Sharma
 
A86eseminar on biometrics
A86eseminar on biometricsA86eseminar on biometrics
A86eseminar on biometricsSrishti Sabharwal
 
Financial services 20150503
Financial services 20150503Financial services 20150503
Financial services 20150503Clare Nelson, CISSP, CIPP-E
 
Human_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxHuman_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxMuddasarahmed5
 
IRJET- Secure Vault System using Iris Biometrics and PIC Microcontroller
IRJET- Secure Vault System using Iris Biometrics and PIC MicrocontrollerIRJET- Secure Vault System using Iris Biometrics and PIC Microcontroller
IRJET- Secure Vault System using Iris Biometrics and PIC MicrocontrollerIRJET Journal
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptxTrushaKyada
 
kiran's slide info
kiran's slide infokiran's slide info
kiran's slide infoKalyanam Kiran
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Mais conteúdo relacionado

Semelhante a User authentication trends

Biometrics_ppt.ppt
Biometrics_ppt.pptBiometrics_ppt.ppt
Biometrics_ppt.pptRajeshRavi44
 
Biometrics/fingerprint sensors
Biometrics/fingerprint sensorsBiometrics/fingerprint sensors
Biometrics/fingerprint sensorsJeffrey Funk
 
sagarppt111111-150929182421-lva1-app6891.pptx
sagarppt111111-150929182421-lva1-app6891.pptxsagarppt111111-150929182421-lva1-app6891.pptx
sagarppt111111-150929182421-lva1-app6891.pptxCoreGaming3
 
Fingerprint recognition system by sagar chand gupta
Fingerprint recognition system by sagar chand guptaFingerprint recognition system by sagar chand gupta
Fingerprint recognition system by sagar chand guptascg121433
 
Biometrics techniques
Biometrics techniquesBiometrics techniques
Biometrics techniquesjackofhearty1
 
Biometrics Research/Thesis Paper
Biometrics Research/Thesis PaperBiometrics Research/Thesis Paper
Biometrics Research/Thesis PaperSumaiya Ismail
 
Alaa elbeheri research_presentation
Alaa elbeheri research_presentation Alaa elbeheri research_presentation
Alaa elbeheri research_presentation alaabebe
 
Biometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptxBiometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptxNareshKireedula
 
Biometrics Technology
Biometrics TechnologyBiometrics Technology
Biometrics Technologylole2
 
Human_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxHuman_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxMuddasarahmed5
 
IRJET- Secure Vault System using Iris Biometrics and PIC Microcontroller
IRJET- Secure Vault System using Iris Biometrics and PIC MicrocontrollerIRJET- Secure Vault System using Iris Biometrics and PIC Microcontroller
IRJET- Secure Vault System using Iris Biometrics and PIC MicrocontrollerIRJET Journal
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptxTrushaKyada
 

Semelhante a User authentication trends (20)

Biometrics_ppt.ppt
Biometrics_ppt.pptBiometrics_ppt.ppt
Biometrics_ppt.ppt
 
Biometrics_ppt.ppt
Biometrics_ppt.pptBiometrics_ppt.ppt
Biometrics_ppt.ppt
 
Biometrics/fingerprint sensors
Biometrics/fingerprint sensorsBiometrics/fingerprint sensors
Biometrics/fingerprint sensors
 
BiometricsPresentation.pptx
BiometricsPresentation.pptxBiometricsPresentation.pptx
BiometricsPresentation.pptx
 
sagarppt111111-150929182421-lva1-app6891.pptx
sagarppt111111-150929182421-lva1-app6891.pptxsagarppt111111-150929182421-lva1-app6891.pptx
sagarppt111111-150929182421-lva1-app6891.pptx
 
Fingerprint recognition system by sagar chand gupta
Fingerprint recognition system by sagar chand guptaFingerprint recognition system by sagar chand gupta
Fingerprint recognition system by sagar chand gupta
 
Biometrics technology
Biometrics technologyBiometrics technology
Biometrics technology
 
Biometrics techniques
Biometrics techniquesBiometrics techniques
Biometrics techniques
 
Biometrics Research/Thesis Paper
Biometrics Research/Thesis PaperBiometrics Research/Thesis Paper
Biometrics Research/Thesis Paper
 
Alaa elbeheri research_presentation
Alaa elbeheri research_presentation Alaa elbeheri research_presentation
Alaa elbeheri research_presentation
 
Biometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptxBiometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptx
 
Biometrics Technology
Biometrics TechnologyBiometrics Technology
Biometrics Technology
 
Biometrics
BiometricsBiometrics
Biometrics
 
A86eseminar on biometrics
A86eseminar on biometricsA86eseminar on biometrics
A86eseminar on biometrics
 
Financial services 20150503
Financial services 20150503Financial services 20150503
Financial services 20150503
 
Human_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptxHuman_Factors_KA_webinar_-_slides.pptx
Human_Factors_KA_webinar_-_slides.pptx
 
IRJET- Secure Vault System using Iris Biometrics and PIC Microcontroller
IRJET- Secure Vault System using Iris Biometrics and PIC MicrocontrollerIRJET- Secure Vault System using Iris Biometrics and PIC Microcontroller
IRJET- Secure Vault System using Iris Biometrics and PIC Microcontroller
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx
 
kiran's slide info
kiran's slide infokiran's slide info
kiran's slide info
 

Último

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Último (20)

Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

User authentication trends

  • 1. Slide 1Slide 1 Session : User Authentication - Trends 11-Nov-2014 Prepared by: Zuraiq
  • 2. Slide 2 This Session… -- Is Technical – will include an introduction/background -- Will include Interactions, Questions and Answers… -- The Sections…. The Start User Authentications Biometrics So… Thank You -- Disclaimer
  • 4. Slide 4 Question 1: The Picture! – Please Identify…. Creation and Creator!….
  • 5. Slide 5 Nature and Man…. -- Question 2: Who is the painter? Where is it located now? -- Depicts – “Human Being” as the supreme creation Combines: Science + Math + Philosophy!!!! -- “The Geometry of a Man” References: http://www.youtube.com/watch?v=GGUOtwDhyzc : Vitruvian Man – The Beauty of Diagrams http://www.youtube.com/watch?v=aMsaFP3kgqQ : Da Vinci’s Virtuvian Man of Math - James Earle
  • 6. Slide 6 Golden Ratio!!! -- Question 3: What is “Golden Ratio” ? -- Beautiful and Harmonious – It’s about Patterns! -- Architecture and Arts – Across Cultures and Regions -- Pyramids, Stonehenge, Parthenon, Many of the paintings, Music and Musical Instruments, Symbols -- Fibonacci Series -- Nature: Conspicuous Reoccurrence, Surprisingly Oftem -- Elliot Rafael Waves + Chaos Theory – The Influence References:  Wikipedia  http://www.youtube.com/watch?v=O2wU-HT7FiM – Fibonacci and the Golden Mean. http://www.youtube.com/watch?v=SjSHVDfXHQ4 : The magic of Fibonacci Numbers
  • 7. Slide 7 So… There is a -- Brilliance in the design, And also is Uniformity… -- Yet, they are unique – individually…
  • 8. Slide 8Slide 8 User Authentications!
  • 9. Slide 9 Question 4 : Why ? -- Why “User Authentication” ?… My Answers: -- Part of our business, Daily Life -- Always Fresh -- Increased Awareness -- Renewed Focus…
  • 10. Slide 10 The Password World – Few Facts -- More than 70% of people revealed their passwords in exchange of a bar of chocolate -- 66% shared their passwords with colleagues -- 75% knows their co-worker’s password -- 60% use the same password for everything, including their personal banking -- Worst Passwords – Easy to predict -- Own Name (16%), password (12%), football team (11%), DOB(8%) http://www.forbes.com/sites/davelewis/2014/10/29/internet-of-things-security-vs-time-to-market/
  • 11. Slide 11 Question 5 : Worst Passwords - 2013 1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10.adobe123 11.123123 12.Admin 13.1234567890 14.letmein 15.photoshop 16.1234 17.monkey 18.shadow 19.sunshine 20.12345
  • 12. Slide 12 Authentication - Basics -- Question 6: What is “Authentication” ? -- Examples: Allow someone enter based on a photo id card Entry into a Cinema Hall ATM Withdrawal Access a secured website, say Internet Banking Emigration Clearance in an airport Degree Certificate – Original or Not? Checking the authority of a person… Information Authenticity – Video Tapes, Source etc Single Sign On Confirmation E-mails, OTP Tracing the date of an artifact – carbon dating SO…. What is “Authentication” ?
  • 13. Slide 13 The Identity! -- The Identity Crisis  -- Basics: Definition – Authentication 1 - Accepting proof of Identity 2 – Comparing the attributes of the object itself to what is known about it 3 – Establishing identity based on external affirmations -- Lingo : Identity, Authorization, Access, Strong Authorization -- Multi-factor Authentication - MFA
  • 14. Slide 14 Multi-factor Authentication! -- Knowledge factors – Something you know [Passphrase, PIN, Challenge/Response] -- Possession factors – Something you have [ID Card, Token, Phone] -- Inherence factors – Something you are [Fingerprint, Retina, Iris, Voice, Face] -- Dynamic factors – Something you do - Question 6 -- Hybrid [Private Keys Encrypted by a Fingerprint Device Inside a USB Token] -- So… How many? Who will decide? Criterion? More Reading: https://twofactorauth.org/
  • 15. Slide 15 Multi-factor Authentication! -- Tokens – Connected, Disconnected, H/W, S/W, USB Based, Audio Port Based -- Cards – Magnetic Strip Cards, Grid Cards, Patterns -- Wireless Tokens [RF Id, Bluetooth] -- Software: Capcha, SSO -- Onetime pads, iButtons  These are OLD…. -- Mobile Phone Based Tokens – Soft token, SMS, QR Code, Call, smart phone Push, Mobile Signatures, Apps
  • 19. Slide 19 Biometrics!!! -- What is Biometrics? Biometric refers to "automatic" identification of a person, based on her physiological or behavioral characteristics. As a characteristic: is a measurable characteristic of an individual As a Process: Automated Methods of Recognizing an individual based on the measurable characterstic
  • 20. Slide 20 Biometrics – Timelines… 1858: First systematic capture of hand images for identification is recorded 1870: Bertillon develops anthropometrics to identify individuals 1892: Galton develops a classification system for fingerprints 1896: Henry develops a finger print classification system 1936: Concept of using the iris pattern for identification is proposed 1960s: Face recognition becomes semi-automated 1960: First model of acoustic speech production is created 1965: Automated signature recognition research begins 1969: FBI pushes to make fingerprint recognition an automated process 1974: First commercial hand geometry systems become available 1986: Exchange of fingerprint minutiae data standard is published 1988: First semi-automated facial recognition system is deployed 1992: Biometric Consortium is established within US Government 1997: First commercial, generic biometric interoperability standard published 1999: FBI's IAFIS major components become operational 2002: M1 Technical Committee on Biometrics is formed 2003: Formal US Government coordination of biometric activities begins 2004: US-VISIT program becomes operational 2004: DOD implements ABIS 2005: US patent on iris recognition concept expire
  • 21. Slide 21 Biometrics – Predecessors… -- Handprints may have acted as a signature…. -- 500 BC – Fingerprint Usage as a person’s mark – settling transactions -- Chinese used fingerprints and footprints to differentiate children -- Early Egyptians: Traders were identified by their physical description Differentiate between trusted traders and new traders
  • 22. Slide 22 Process Flow – Generic ….
  • 23. Slide 23 Biometrics – Broad Classification -- Behavioral [Keystroke, Signature: Static, Dynamic] -- Physical [Fingerprint, Voice, Hand/Finger/Face Geometry, Facial Recognition, Signature, Voice, Iris] -- Still In Progress [Smell, Ear Shape, Finger Nail Bed, Face-3D, Gait, Lip Movement, Vein Scan] -- Traits: Collectability, Uniqueness, Performance, Acceptability, Expected Number of Users -- Components: Server, Signal Processing, Data Storage, Matching Algorithm, Decision Process -- Capturing Technology: RF, Optical, Capacitive, Pressure Tracking
  • 24. Slide 24 Bio Metrics - Pictorial
  • 25. Slide 25 Finger Prints – Few Facts -- Oldest form of Biormterics; Widely in practice -- Highly Reliable -- Uses distinctive features of Fingerprints: Ridges, Spurs, Bridges, Patterns -- -- --
  • 26. Slide 26 Iris Scan – Few Facts -- Iris is a protected internal organ whose random texture is stable throughout life -- High degree of randomness; No 2 iris are identical -- Stable in a persons life -- Infra red / High Resolution Photograph -- Iris Unique Characteristics: Ridges (Rings), Furrows, Striations (freckles) --
  • 27. Slide 27 Other Biometrics… -- Voice Scan: Measures sound waves of a human speech; Voice print compared to a previous one. -- Signature Scan: Measures speed, pressure, stroke order of a signature -- Retina Scan: Measures Unique characterestics of a retina; Blood vessel patterns, Vein Patterns -- Facial Scan: camera measures the following facial features: Distance between eyes, eyes and nose ridge, angles of cheek, slope of the nose, Facial Temperatures -- Hand Scan: Measures Top and Side of a hand – Not the palm [Hand Geometry]
  • 28. Slide 28 Biometrics – Metrics  -- FAR : False Acceptance Rate [Wrong Identification] -- FRR : False Recognition Rate [Access Denial] -- FTE: Failure to Enrol Rate -- AVT : Ability To Verify [AVT = (1 – FTE)(1-FRR) -- IRIS: FAR – 1/1,000,000; FRR : 2% -- Fingerprint: FAR – 1/100,000; FRR: 1% -- Algorithmic; Matching Scores -- Standards: BioAPI, BAPI
  • 29. Slide 29 Biometrics – Areas -- Identification Systems: Who am I ? [Determine Identity] -- Verification Systems: Am I who I claim to be ? [Authenticate Identity] -- In short, Determine or Authenticate Authority! --Verification Systems: More Accurate Less Expensive Faster Limited in Functionality More Efforts by User than Computer
  • 30. Slide 30 Biometrics – Areas -- Criminal Identification -- Automobiles -- Airport Security -- Prison Security -- --
  • 32. Slide 32 Bio-Metric Passports Reference: http://commons.wikimedia.org/wiki/Biometric_passport
  • 33. Slide 33 Biometrics – Pros -- Cannot be manipulated by Brute Force -- Not easy to Copy or Steal and Avoids Lost Identity Cases -- No Need to memorize -- Natural -- Happens in Real Time, and in a Definitive Manner
  • 34. Slide 34 Question 6: Biometrics – Cons -- Can be faded with time : Fingerprint, Voice [Answer] -- Not still matured – For example Fingerprint -- Standards are not in place yet – Replacement, if Lost -- Not easy to introduce variability -- Still Expensive -- Replacement, if Lost -- Cultural/Religious Issues -- Privacy Concerns of misuse
  • 36. Slide 36 So, What are we guarding against ? Question Simple – “Unauthorized Access” And what are the threats ? [Question] --- Stealing --- Confidence Tricks --- Technical Tricks [Local, Remote] --- Victim Mistakes --- Implementation Oversights --- DoS Attacks --- Enrollment Attacks https://www.owasp.org/index.php/Comprehensive_list_of_Threats_to_Authe ntication_Procedures_and_Data
  • 37. Slide 37 Concluding Remarks -- IdM – is a new area of business and it is Serious! -- Biometrics – You cannot ignore it! -- Challenge is to make it simpler – the “User Experience” around it… -- User Authentication is an area that demands 100% perfection without compromise!!!
  • 39. Slide 39Slide 39 Next Session On 18-Nov-14