SlideShare une entreprise Scribd logo

Mobile Application Single Sign-On for Public Safety First Responders

Télécharger en tant que PPTX, PDF
A
Ads Manager

A look at the National Cybersecurity Center of Excellence reference design project for mobile application single sign-on for public safety first responders.

Mobile
1  sur  28
Mobile Application Single Sign-On Achieving a secure, reliable, accessible SSO solution for Public Safety & First Responders FIDO Webinar 12/7/2017 Bill Fisher, National Cybersecurity Center of Excellence
Defined
3nccoe.nist.govNational Cybersecurity Center of Excellence Mission Accelerate adoption of secure technologies: collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs
4nccoe.nist.govNational Cybersecurity Center of Excellence Public Safety Communications Research Lab The Public Safety Communications Research (PSCR) Division is housed within the Communications Technology Laboratory (CTL) at the National Institute of Standards and Technology (NIST) PSCR is the primary federal laboratory conducting research, development, testing, and evaluation for public safety communications technologies
Challenge
6nccoe.nist.govNational Cybersecurity Center of Excellence Project Challenge • Mobile platforms offer a significant operational advantage to public safety stakeholders by providing access to mission critical information. • These advantages can be limited if complex authentication requirements hinder Public Safety First Responder (PSFR) personnel, especially when delay – even seconds – is a matter of containing or exacerbating an emergency situation.
Solution
8nccoe.nist.govNational Cybersecurity Center of Excellence Core Capabilities p@$$w0rd +Multifactor Authentication (MFA) to Mobile Resources • Biometrics, external hardware authenticators and other authentication options Single Sign-on (SSO) to Mobile Resources • Authenticate once with mobile native app or web apps • Leverage initial MFA when accessing multiple applications
Benefits of an NCCoE Reference Design
10nccoe.nist.govNational Cybersecurity Center of Excellence NCCoE Benefits – Industry Collaboration Mobile SSO Technology Vendor Build Team: NCCoE brings in Industry experts to design and build the reference design:
11nccoe.nist.govNational Cybersecurity Center of Excellence NCCoE Benefits – Standards Based NCCoE solutions implement standards and best practices: Using modern commercially available technology:
12nccoe.nist.govNational Cybersecurity Center of Excellence NCCoE Benefits – Practical Guidance • Project will result in a freely available NIST Cybersecurity Practice Guide (SP 1800-x) including: Technical Decisions Trade-offs Lessons Learned Build Instructions Functional Tests
13nccoe.nist.govNational Cybersecurity Center of Excellence Applicable Across Sectors Though we developed this solution for Public Safety communities… • This architecture applies to any entity needing to solve MFA and SSO for mobile applications
Challenges Continued…
15nccoe.nist.govNational Cybersecurity Center of Excellence Challenges – Passwords Passwords: • Complexity - hard to remember • Hard to type on mobile phone • Need one for each application • They are often re-used • Can be phished
16nccoe.nist.govNational Cybersecurity Center of Excellence Challenges – App Developer Role your own solutions: • Custom authentication is difficult, leading to insecure implementations • Challenge of storing and maintaining user credentials securely Source: https://xkcd.com/844/
17nccoe.nist.govNational Cybersecurity Center of Excellence Challenges – Identity & Credential Management More credentials, more problems: • Separate credentials for each resource must be issued, maintained and revoked • Expensive – increased # of help desk calls • Risk of credential re-use, especially when credentials are exposed to mobile applications Source: https://xkcd.com/792/
Authentication & Single Sign-On Demonstration
19nccoe.nist.govNational Cybersecurity Center of Excellence Demonstration – What you’ll see, MFA + SSO FIDO UAF Authentication • Leverages fingerprint registered to device • No Password Input FIDO U2F Authentication • Using FIDO key as second factor • Public key pair on the device p1n + + Private Key Mobile App Single Sign-On • Access to Motorola Mapping and Chat apps without need to re-authenticate • Done Via IETF RFC for SSO on Native Mobile Apps
20nccoe.nist.govNational Cybersecurity Center of Excellence Ideally… Public Safety First Responders… • Authenticates once per day, at the beginning of their shift • Leverages that initial authentication for access to subsequent mobile apps without the need to re-authenticate.
Benefits
22nccoe.nist.govNational Cybersecurity Center of Excellence General Benefits • The amount of authentication time and attempts for PSFR personnel • The number of credentials that PSFR personnel and organizations need to manage • Requirements for complex passwords • Interoperability through the use of open, standards based architecture • Identity providers can leverage their current active directory • Authenticator flexibility through the FIDO ecosystem • External hardware authenticators, biometrics, etc… Reduces: Increases:
23nccoe.nist.govNational Cybersecurity Center of Excellence Security Benefits • Multifactor authentication in line with NIST 800-63-3 Requirements • No secrets (private keys or biometric templates) are stored server-side • Phishing resistance FIDO: IETF BCP for Mobile SSO: • User's password and other credentials are never exposed to the SaaS provider or mobile app • Apps get an OAuth Token with limited scope of authorization - apps only get access to back-end systems they should be accessing • Reduced number of credentials decreased risk of credential re-use
Next Steps?
25nccoe.nist.govNational Cybersecurity Center of Excellence Next Steps Publication of NIST SP-1800-X • iOS/Apple demonstration • Support for shared devices – working with Google to determine best solution on Android platforms Potential Future Build Additions • Technical decisions, trade-offs, lessons learned, etc… • Discussions around technical trade offs not chosen for this demo • Guidance for other areas outside the scope of the demo such as credential recovery, revocation, identity proofing, federation, etc… Source: http://southworthlibrary.org/
QUESTIONS?
Contact
301-975-0200http://nccoe.nist.gov 28nccoe.nist.govNational Cybersecurity Center of Excellence nccoe@nist.gov Contact William Fisher, Security Engineer Email: William.Fisher@nist.gov Project Updates: https://nccoe.nist.gov/projects/use-cases/mobile-sso

Recommandé

Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksIvanti
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceIvanti
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
A Primer on iOS Management and What's Changing
A Primer on iOS Management and What's ChangingA Primer on iOS Management and What's Changing
A Primer on iOS Management and What's ChangingIvanti
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityRohit Kapoor
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析Onward Security
 
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY AM Publications
 

Recommandé

Protect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksProtect Against 85% of Cyberattacks
Protect Against 85% of CyberattacksIvanti
 
Reference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsuranceReference Security Architecture for Mobility- Insurance
Reference Security Architecture for Mobility- InsurancePriyanka Aash
 
Navigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceNavigating the Zero Trust Journey for Today's Everywhere Workplace
Navigating the Zero Trust Journey for Today's Everywhere WorkplaceIvanti
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksPriyanka Aash
 
A Primer on iOS Management and What's Changing
A Primer on iOS Management and What's ChangingA Primer on iOS Management and What's Changing
A Primer on iOS Management and What's ChangingIvanti
 
LoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityLoginCat - Zero Trust Integrated Cybersecurity
LoginCat - Zero Trust Integrated CybersecurityRohit Kapoor
 
国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析国际物联网安全标准与认证大解析
国际物联网安全标准与认证大解析Onward Security
 
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY
A MODEL BASED APPROACH FOR IMPLEMENTING WLAN SECURITY AM Publications
 
Tcl security testing services v0 03 kvs 180511
Tcl security testing services v0 03 kvs 180511Tcl security testing services v0 03 kvs 180511
Tcl security testing services v0 03 kvs 180511Transition Consulting Limited, India
 
A Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioA Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioIvanti
 
System of security controls
System of security controlsSystem of security controls
System of security controlsS.E. CTS CERT-GOV-MD
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security ChallengesForest Interactive
 
Zero Trust
Zero TrustZero Trust
Zero TrustBoaz Shunami
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
FIDO Certification Program Updates
FIDO Certification Program UpdatesFIDO Certification Program Updates
FIDO Certification Program UpdatesFIDO Alliance
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffSectricity
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model PresentationGowdhaman Jothilingam
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Cisco Security
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 

Contenu connexe

Tendances

A Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioA Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioIvanti
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Ivanti
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation SlidesIvanti
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?Mir Mustafa Ali
 
FIDO Certification Program Updates
FIDO Certification Program UpdatesFIDO Certification Program Updates
FIDO Certification Program UpdatesFIDO Alliance
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffSectricity
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9Arvind Tiwary
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentationRasool Irfan
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorEnergySec
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)Ahmed Banafa
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Cisco Security
 

Tendances (20)

Tcl security testing services v0 03 kvs 180511
Tcl security testing services v0 03 kvs 180511Tcl security testing services v0 03 kvs 180511
Tcl security testing services v0 03 kvs 180511
 
A Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti PorfolioA Non-Salesy Intro to the Ivanti Porfolio
A Non-Salesy Intro to the Ivanti Porfolio
 
System of security controls
System of security controlsSystem of security controls
System of security controls
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
 
IoT Security Challenges
IoT Security ChallengesIoT Security Challenges
IoT Security Challenges
 
Zero Trust
Zero TrustZero Trust
Zero Trust
 
Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
 
2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides2021 English Part One Anti-phishing Webinar Presentation Slides
2021 English Part One Anti-phishing Webinar Presentation Slides
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
What is micro segmentation?
What is micro segmentation?What is micro segmentation?
What is micro segmentation?
 
FIDO Certification Program Updates
FIDO Certification Program UpdatesFIDO Certification Program Updates
FIDO Certification Program Updates
 
BalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT StaffBalaBit 2015: Control Your IT Staff
BalaBit 2015: Control Your IT Staff
 
IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9IoT security fresh thinking 2017 sep 9
IoT security fresh thinking 2017 sep 9
 
Secure your workloads with microsegmentation
Secure your workloads with microsegmentationSecure your workloads with microsegmentation
Secure your workloads with microsegmentation
 
Zero Trust Model Presentation
Zero Trust Model PresentationZero Trust Model Presentation
Zero Trust Model Presentation
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
 
Lessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy SectorLessons Learned for a Behavior-Based IDS in the Energy Sector
Lessons Learned for a Behavior-Based IDS in the Energy Sector
 
What is zero trust model (ztm)
What is zero trust model (ztm)What is zero trust model (ztm)
What is zero trust model (ztm)
 
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
Gartner Newsletter: Cisco TrustSec Deployed Across Enterprise Campus, Branch ...
 

Similaire à Mobile Application Single Sign-On for Public Safety First Responders

Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire Vijay Νavgire
 
Meeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesMeeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesSymantec
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Turvallisuus2013
 
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...KTN
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityNet at Work
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to RealityPriyanka Aash
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeArnold Antoo
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Kusumadihardja
 
Decision Matrix for IoT Product Development
Decision Matrix for IoT Product DevelopmentDecision Matrix for IoT Product Development
Decision Matrix for IoT Product DevelopmentAlexey Pyshkin
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseJason Bloomberg
 
Open Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation SecurityOpen Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation Securityagoldsmith1
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...OnBoard Security, Inc. - a Qualcomm Company
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsLabSharegroup
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Zeeve
 

Similaire à Mobile Application Single Sign-On for Public Safety First Responders (20)

Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire
 
Meeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security ChallengesMeeting Mobile and BYOD Security Challenges
Meeting Mobile and BYOD Security Challenges
 
Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013Cyber Tekes Safety and Security programme 2013
Cyber Tekes Safety and Security programme 2013
 
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
Creating a Step Change in Cyber Security | ISCF DSbD Business-led Demonstrato...
 
Cloud Software - Cloud-based System Security
Cloud Software - Cloud-based System SecurityCloud Software - Cloud-based System Security
Cloud Software - Cloud-based System Security
 
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
(SACON) Jim Hietala - Zero Trust Architecture: From Hype to Reality
 
Zero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital AgeZero Trust: Redefining Security in the Digital Age
Zero Trust: Redefining Security in the Digital Age
 
Didiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - EnglishDidiet Cybersecurity Consultant Portfolio - English
Didiet Cybersecurity Consultant Portfolio - English
 
Decision Matrix for IoT Product Development
Decision Matrix for IoT Product DevelopmentDecision Matrix for IoT Product Development
Decision Matrix for IoT Product Development
 
Zero Trust and Data Security
Zero Trust and Data SecurityZero Trust and Data Security
Zero Trust and Data Security
 
Certes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterpriseCertes webinar securing the frictionless enterprise
Certes webinar securing the frictionless enterprise
 
Open Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation SecurityOpen Architecture: The Key to Aviation Security
Open Architecture: The Key to Aviation Security
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
 
Product security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security CertsProduct security by Blockchain, AI and Security Certs
Product security by Blockchain, AI and Security Certs
 
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
Webinar-GBA Episode 7-Managing blockchain infrastructure for enterprise-grade...
 
Voip automation framework
Voip automation frameworkVoip automation framework
Voip automation framework
 

Dernier

BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceanilsa9823
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRnishacall1
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7Pooja Nehwal
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPsychicRuben LoveSpells
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Pooja Nehwal
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceanilsa9823
 

Dernier (7)

BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 71 Noida Escorts >༒8448380779 Escort Service
 
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun serviceCALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
CALL ON ➥8923113531 🔝Call Girls Gomti Nagar Lucknow best Night Fun service
 
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCRFULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
FULL ENJOY - 9999218229 Call Girls in {Mahipalpur}| Delhi NCR
 
9892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x79892124323 | Book Call Girls in Juhu and escort services 24x7
9892124323 | Book Call Girls in Juhu and escort services 24x7
 
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost LoverPowerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
Powerful Love Spells in Arkansas, AR (310) 882-6330 Bring Back Lost Lover
 
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
Call US Pooja 9892124323 ✓Call Girls In Mira Road ( Mumbai ) secure service,
 
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual serviceCALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
CALL ON ➥8923113531 🔝Call Girls Saharaganj Lucknow best sexual service
 

Mobile Application Single Sign-On for Public Safety First Responders

  • 1. Mobile Application Single Sign-On Achieving a secure, reliable, accessible SSO solution for Public Safety & First Responders FIDO Webinar 12/7/2017 Bill Fisher, National Cybersecurity Center of Excellence
  • 3. 3nccoe.nist.govNational Cybersecurity Center of Excellence Mission Accelerate adoption of secure technologies: collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs
  • 4. 4nccoe.nist.govNational Cybersecurity Center of Excellence Public Safety Communications Research Lab The Public Safety Communications Research (PSCR) Division is housed within the Communications Technology Laboratory (CTL) at the National Institute of Standards and Technology (NIST) PSCR is the primary federal laboratory conducting research, development, testing, and evaluation for public safety communications technologies
  • 6. 6nccoe.nist.govNational Cybersecurity Center of Excellence Project Challenge • Mobile platforms offer a significant operational advantage to public safety stakeholders by providing access to mission critical information. • These advantages can be limited if complex authentication requirements hinder Public Safety First Responder (PSFR) personnel, especially when delay – even seconds – is a matter of containing or exacerbating an emergency situation.
  • 8. 8nccoe.nist.govNational Cybersecurity Center of Excellence Core Capabilities p@$$w0rd +Multifactor Authentication (MFA) to Mobile Resources • Biometrics, external hardware authenticators and other authentication options Single Sign-on (SSO) to Mobile Resources • Authenticate once with mobile native app or web apps • Leverage initial MFA when accessing multiple applications
  • 9. Benefits of an NCCoE Reference Design
  • 10. 10nccoe.nist.govNational Cybersecurity Center of Excellence NCCoE Benefits – Industry Collaboration Mobile SSO Technology Vendor Build Team: NCCoE brings in Industry experts to design and build the reference design:
  • 11. 11nccoe.nist.govNational Cybersecurity Center of Excellence NCCoE Benefits – Standards Based NCCoE solutions implement standards and best practices: Using modern commercially available technology:
  • 12. 12nccoe.nist.govNational Cybersecurity Center of Excellence NCCoE Benefits – Practical Guidance • Project will result in a freely available NIST Cybersecurity Practice Guide (SP 1800-x) including: Technical Decisions Trade-offs Lessons Learned Build Instructions Functional Tests
  • 13. 13nccoe.nist.govNational Cybersecurity Center of Excellence Applicable Across Sectors Though we developed this solution for Public Safety communities… • This architecture applies to any entity needing to solve MFA and SSO for mobile applications
  • 15. 15nccoe.nist.govNational Cybersecurity Center of Excellence Challenges – Passwords Passwords: • Complexity - hard to remember • Hard to type on mobile phone • Need one for each application • They are often re-used • Can be phished
  • 16. 16nccoe.nist.govNational Cybersecurity Center of Excellence Challenges – App Developer Role your own solutions: • Custom authentication is difficult, leading to insecure implementations • Challenge of storing and maintaining user credentials securely Source: https://xkcd.com/844/
  • 17. 17nccoe.nist.govNational Cybersecurity Center of Excellence Challenges – Identity & Credential Management More credentials, more problems: • Separate credentials for each resource must be issued, maintained and revoked • Expensive – increased # of help desk calls • Risk of credential re-use, especially when credentials are exposed to mobile applications Source: https://xkcd.com/792/
  • 19. 19nccoe.nist.govNational Cybersecurity Center of Excellence Demonstration – What you’ll see, MFA + SSO FIDO UAF Authentication • Leverages fingerprint registered to device • No Password Input FIDO U2F Authentication • Using FIDO key as second factor • Public key pair on the device p1n + + Private Key Mobile App Single Sign-On • Access to Motorola Mapping and Chat apps without need to re-authenticate • Done Via IETF RFC for SSO on Native Mobile Apps
  • 20. 20nccoe.nist.govNational Cybersecurity Center of Excellence Ideally… Public Safety First Responders… • Authenticates once per day, at the beginning of their shift • Leverages that initial authentication for access to subsequent mobile apps without the need to re-authenticate.
  • 22. 22nccoe.nist.govNational Cybersecurity Center of Excellence General Benefits • The amount of authentication time and attempts for PSFR personnel • The number of credentials that PSFR personnel and organizations need to manage • Requirements for complex passwords • Interoperability through the use of open, standards based architecture • Identity providers can leverage their current active directory • Authenticator flexibility through the FIDO ecosystem • External hardware authenticators, biometrics, etc… Reduces: Increases:
  • 23. 23nccoe.nist.govNational Cybersecurity Center of Excellence Security Benefits • Multifactor authentication in line with NIST 800-63-3 Requirements • No secrets (private keys or biometric templates) are stored server-side • Phishing resistance FIDO: IETF BCP for Mobile SSO: • User's password and other credentials are never exposed to the SaaS provider or mobile app • Apps get an OAuth Token with limited scope of authorization - apps only get access to back-end systems they should be accessing • Reduced number of credentials decreased risk of credential re-use
  • 25. 25nccoe.nist.govNational Cybersecurity Center of Excellence Next Steps Publication of NIST SP-1800-X • iOS/Apple demonstration • Support for shared devices – working with Google to determine best solution on Android platforms Potential Future Build Additions • Technical decisions, trade-offs, lessons learned, etc… • Discussions around technical trade offs not chosen for this demo • Guidance for other areas outside the scope of the demo such as credential recovery, revocation, identity proofing, federation, etc… Source: http://southworthlibrary.org/
  • 28. 301-975-0200http://nccoe.nist.gov 28nccoe.nist.govNational Cybersecurity Center of Excellence nccoe@nist.gov Contact William Fisher, Security Engineer Email: William.Fisher@nist.gov Project Updates: https://nccoe.nist.gov/projects/use-cases/mobile-sso

Notes de l'éditeur

  1. Talking points: We do not create standards We apply standards to current challenges We use best practices and commercially available technologies to solve challenges Vision: A secure cyber infrastructure that inspires technological innovation and fosters economic growth Goals: 1. Provide practical cybersecurity: Help people secure their data and digital infrastructure by equipping them with practical ways to implement standards-based cybersecurity solutions that are modular, repeatable and scalable 2. Increase rate of adoption: Enable companies to rapidly deploy commercially available cybersecurity technologies by reducing technological, educational and economic barriers to adoption 3. Accelerate innovation: Empower innovators to creatively address businesses’ most pressing cybersecurity challenges in a state-of-the-art, collaborative environment