In an ever interconnected and inter-reliant world, the state of security has been a cause for deep pessimism. In the midst of all the gloom, there is good cause for optimism.
With some fits and starts, the building blocks for transforming mobile security are taking shape at every level from the processor, to the chipset to special purpose hardware to operating systems and protocols that address use cases from device integrity to user authentication to payments.
How do we think about security, privacy, identity and authentication in this world? This talk will provide a rapid overview of some selected building blocks and some practical examples that are now deployed at scale to illustrate the coming wave and how you as a practitioner or customer can participate and position yourself for maximum benefit.
2. SECURITY IN PERSPECTIVE:
Its like drinking water from the tap in 1800s
NOK NOK LABS 2
Pills, Potions & Spells vs. Chlorination
3. PURPOSE OF SECURITY
Device Integrity Network Integrity
OS & App Integrity User Integrity
Data & Transaction
Integrity
(and Privacy where appropriate)
3
4. SECURITY NEEDS TO SPAN LINKS
4
Integrity
User Hardware OS/App Network Service
NOK NOK LABS
18. BUILDING AUTHENTICATORS: THREE PROFILES
18
RichOS#
Trusted#
Execu@on#
Environment#
Secure#Element#
Soeware#and#Tamper>Resistant#Hardware#
Cost#to#Acquire#and#Manage#Tokens# Stronger#
Soeware#&#Hardware#
Cost#to#Acquire#and#Manage#Mobile#Device# Stronger#
Soeware#Only#
No#extra#cost# Strong#
NOK NOK LABS
19. A UNIQUE OPPORTUNITY
19
Hardware Integrity
OS Integrity
App Integrity
Network Integrity
User Integrity
Re-Architect
Computing Using
Hardware-Based Trust
Chain of Trust
Trusted Platform for Authentication
NOK NOK LABS
20. SUPPORT IN THE FABRIC
• QualcommshippingFIDOsupportinSnapDragon
chipsetsstartingDec2014
• Microsoftdeclares inFeb2015FIDOsupportcoming
toWindows10andaffiliatedservices
• GoogleintendstobringbiometricAPIs&system
keychaintoAndroidM–June2015
• ApplecontinuingtosupportTouchID&system
keychaininiOS–2014-2015
NOK NOK LABS 20
21. FIDO-CAPABLEMOBILE,TABLET+PCFORECAST
Non-FIDO
FIDO iOS
FIDO Android
FIDO Windows
35#Million,#Aug.#2014#
2.5&Billion,&Dec.&2019&User#Growth#of#70.43%#over#5#
Years#
2016 201920182017
86.73% 93.43% 96.98% 98.61%
6.57%
3.02% 1.39%
2.6BTotal Devices
2.5B Fido Capable
331M iOS Devices
1.1B Android Devices
1.16B Windows Devices
2.08B Total Devices
1.8B Fido Capable
281M iOS Devices
793M Android Devices
724M Windows Devices
2.19B Total Devices
2.05B Fido Capable
298M iOS Devices
945M Android Devices
805M Windows Devices
2.36B Total Devices
2.29B Fido Capable
315M iOS Devices
942M Android Devices
1.04B Windows Devices
13.27%
NOK NOK LABS
23. ONLINEAUTHENTICATIONFORDOCOMOSERVICES
Biometric Authentication from DOCOMO, May 26, 2015
Online#authen@ca@on#using#biometric#informa@on:#
Authen@ca@on#for#docomo#ID#and#carrier#billing#payments
Password>less#biometric#
authen@ca@on
Iris Fingerprint login
Unlock#
devices#
payments#
24. 24
Everything
Authenticates
50 Billion
Connected Devices by 2020:
Internet of Things
People Devices Ecosystems
+ +
Corporate Networks
Mobile Commerce
Mobile Payments
Social Networks
eHealth
Consumer Use Cases
Enterprise Use Cases
HOPEFORSCALINGAHIGHLYCONNECTEDWORLD
NOK NOK LABS
25. Any Device.
Any Application.
Any Authenticator.
25
T
FINGERPRINT
SEC
U
FA
BIOME
TOKEN
RBA
ACTIVE
FINGERPRINT
SECURE
ELEMENT
NFC
BIOMETRIC
PIN
RBA
SILEFINGERPRINT
ELEME
NFFACE
BIOMETRIC
TOKENACTIVE
SILE
ELEMENT
USB
FACE
PIN
TOK
RBA
PASSIVE
SILEN
FINGERPRINT
VOICEUSB
BIOMETRIC
TPM
VOICE
NFC
FACE
TPM
FINGERPRINT
NFC
USB
RBA
ACTIV
TP
FINGERPRINT
SECURE
NFC
FACE
RBA
PASSIVE
SILENT
TPM
FINGERPRINT
VOICE
ELEMENT
ACTIVE
BIOMETRIC
PIN
PASSIVE
SILENT
TPM
FINGERPRINT
SECURE
ELEMENT
NFC
PIN
TOKEN
PASSIVE
FINGERPRINT
VOICE
SECURE
E
TOKEN
R
VOICE
SECURE
NFC
TOKEN
TPM
PIN
RBA
FINGERPRINT
SECURE
NFC
USB
VOICE
NFC
PASSIVE
USB
TOKEN
PASSIVE
TPM
SECURE
ELE
FACE
BIOMETRIC
ACTIVE
SECURE
USB
ACTIVE
TPM
VOICE
NFC
USB
FACE
PIN
RBA
ACTIVE
TPM
SECURE
ELEMENT
PIN
RBA
SILENT
USB
PIN
SILENT
ELEMENT
NFC
FINGERPRINT
USB
TPM
VOICE
RBA
PASSIVE
ACTIVE
TPM
SECURE
USB
FACE
ACTIVE
VOICE
PIN
PASSIVE
TPM
FINGERPRINT
RBA
ACTIVE
TPM
ELEMENT
ACTIVE
SILENT
TPM
USB
RBA
SECURE
BIOMETRIC
PIN
SILENT
TPM
VOICE
USB
PIN
USB
FACE
BIOMETRIC
NFC
TOKEN
RBA
PIN
RBA
SILENT
FACE
RBA
PASSIVE
ACTIVE
SILENT
TPM
FINGERPRINT
RBA
ACTIVE
TPM
TOKEN
ACTIVE SILENT
VOICE
USB
FACE
PIN
RBA
ACTIVE
SILENT
RBA
VOICE
NFC
USB
ACTIVE
TPM
BIOMETRIC
TOKENTPM
FACE
TOKEN
PASSIVE
PIN
TPM
TPM
FACE
TPM
FACE
PASSIVE
SILENT
BIOMETRIC
SECURE
PIN
PASSIVE
SILENT
VOICE
USB
PIN
TOKEN
PASSIVE
NFC
BIOMETRIC
RBA
SILENT
TPM
SECURE
VOICE
USB
USB
FACE
SILENT
SECURE
PIN
SILENT
ELEMENT
USB
FACE
VOICE
USB
SECURE
FACE
PIN
FINGERPRINT
SILENT
PIN
BIOMETRIC
TPM
USB
FACE
ELEMENT
TPM
VOICE
SILENT
USB
RBA
SILENT
TPM
VOICE
FACE
PASSIVE
PIN
TOKEN
ACTIVE
USB
PASSIVE
USB
FACE
TPM
PASSIVE
SECURE
USB
TPM
FACE
PIN
RBA
NFC
USB
RBA
ACTIVE
NFC
USB
PIN NFC
SILENT
VOICE
FACE
PIN
RBA
PASSIVE
NFC
USB
PIN
TPM
PASSIVE
PIN
USB
TPM
NFC
USB
FACE SILENT
FINGERPRINT
USB
USB
USB
TPM
FACE
TPM
USB
PIN
FACE
USB
FACE
USB
NFC
FACE
TPM
PIN
FACE
FACE
USB
TPM
NFC
RBA
USB
PIN
PIN
TPM
USB
RBA
RBA
PIN
USB
USB
USB
USB
NFC
FACE
PIN
NFC
VOICE
USB
USB
USB
TPM
USB
USB
TPM
FACE
NFC
RBA
USB
FACE
PIN
VOICE
USB
USB
USB
RBA
TPM
NFC
USB
TPM
USB
USB
USB
TPM
FACE
USB
FACE
USB
TPM
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
USB
27. BENEFITSOFTHEFIDOAPPROACH
27
PrivacySecurityUser
Experience
AuthenticateAuthenticate
Requirements for next generation authentication
Public/private keys
instead of passwords
Fraud Reduction
Unified Auth
Infrastructure#
Natural and faster
authentication
Use authentication method
of choice
User& Device& Service&
User information stays
on device
Not stored on servers
that can be
compromised
Cost
Standards -Based
Adaptable infrastructure
Future-proofed and
flexible
Scalability
NOK NOK LABS