Post on 18-May-2015
description
Elderly People’s Ankles
Characterizing Artifacts of Legacy Security Technology and Their Effects on Modern
Applications of Authentication and Authorization
Hi.
Nay @toopherjosh
Ian Glazer and I have a bet…
Who can use the most slides without affecting quality?
I
will
win.
Let’s get to it –
Picture of “children”
Let’s play a game.
Seriously… I’ll wait until you agree…
Picture 1.2
Picture 1.1
Picture 2.1
Picture 2.2
Picture 2.2
Picture 2.2
Statistics
µ
σ
The null
There is a 68% chance this is boring.
A long long time ago…
In the year 2000…
Don’t judge – you had one too.
Where even the water has calories
null hypothesis = you are a good person
You are a terrorist.
null hypothesis = you are a terrorist.
You are a terrorist shoe bomber.
null hypothesis = you are a shoe bomber.
elderly people’s ankles
elderly people’s ankles
EPA
Picture 3.1
Picture 3.2
You are not you.
You are not you.
You are not you.
null hypothesis = you are not you.
you are not you.
you are not you.
your user
you are not you.
your user customer
1 act play
Act 1 <login>
3 act play
Act 1 <login>
Act 2 <action>
Act 3 <logout>
Yes… I totally had to look all that up on wiki
?
Act 1 <login>
Act 2 <action>
<Act 1>
Act 1 <login>
Act 2 <action>
A Happy Ending?
Repetition Poisoning
We retain the right to rename your kids
Repetition Poisoning
Repetition Poisoning Test
ILK BILK SILK
What fiber to SILKworms produce?
ILK BILK SILK
ILK BILK SILK
What’s another word for DEFRAUD?
ILK BILK SILK
ILK BILK SILK
What’s a word to describe a person or thing similar to which you’ve previously
referred?
ILK BILK SILK
ILK BILK SILK
What do cows drink?
Wrong.
Cows drink water.
</Act 1>
<Act 2>
?
<Act 2.1>
U/P + device recognition < MITB
U/P + device recognition < Zeus
1 / 30 days
3-4 times per day
MFA @ 1%
invisibility ≠ omission
</Act 2.1>
<Act 2.2>
?
UX
UX è optimized
UX è optimized = no modification to human behavior
Context
</Act 2.2>
<Act 2.31>
Identity is valuable.
Identity, Inc.; NYSE: IDNT
Yeah you are.
</Act 2.31>
<Act 2.32>
The Internet of Things (IoT)
The Internet of Things (IoT) <groan>
Relying Party Benefit User Benefit
Relying Party Benefit User Benefit
Context creates invisibility.
Invisibility enables security.
</Act 2.32>
<Act 3>
Act 3 <logout>
?
Optimize UX
Context creates invisibility.
Invisibility enables security.
</Act 3>
Session Login Cri5cal Ac5on Session Logout
Shift in perspective can identify EPAs
Invisibility enables security.
Great. So what do I do?
Laws of Modern MFA
1. Tell the user what you’re doing.
2. Communicate completely out of band.
3. Get out of their way (invisibility)
1. Tell the user what you’re doing. 2. Communicate completely out of band. 3. Get out of their way (invisibility)
Laws of Modern MFA
@toopherjosh Thanks.