Who Are You Anyway? Identity, a Security and Life Question We All

advertisement
Who Are You Anyway? Identity, a
Security and Life Question We All
Need to Ask
Vern Williams
HackFormers
www.hackformers.org
Vern Williams
•
•
•
•
•
•
•
•
CSO, The Patria Group
President, Computer Security and Consulting Services, LLC
CISSP ISSEP CSSLP CBCP ISAM
BS in Oceanography, US Naval Academy
20 Year US Navy Nuclear Submarines
Masters of Science in Information Systems, Hawaii Pacific University
ISSA Distinguished Fellow, IEEE Senior Member
Disaster Relief Coordinator, Hill Country Bible Church /Austin Disaster
Relief Network
•
•
•
•
VernWilliams@PatriaCorp.com
Vern.Williams@IEEE.org
VernWilliams.ADRN@gmail.com
512-297-8798
www.hackformers.org
Agenda
• Teach Security
• Teach Christ
• Discussion
www.hackformers.org
Teach Security
Identity Management
Or the art of knowing who is who.
www.hackformers.org
IdM Process
•
•
•
•
•
•
•
Establish authentic credential source
Determine roles and associated access
Identity proofing
Authorization
Assign authentication
Grant access (physical and logical)
Monitor, modify, and/or revoke access
www.hackformers.org
Establish authentic credential source
•
•
•
•
How do you know who is who?
Chain of trust
You rely on their processes
What happens when they fail?
– Turkey CA TURKTRUST
– NJ CA Comodo Inc.
– Dutch CA DigiNotar
www.hackformers.org
Identity Proofing
• Identity Proofing –The process by which the credential
issuer validates sufficient information to uniquely identify a
person applying for the credential. (NIST)
– Prove that the identity exists
– Prove the applicant is entitled to that identity
– Address the potential for fraudulent issuance of credentials
based on collusion
• Identity Source Documents: Need 2 I-9 Identity Sources
– Must include a government-issued picture ID and fingerprints
(10 for identification and two for verification)
• Background Checks: SF 85
– Required Investigations based on the information provided in SF
85 and the Identity Source Documents
www.hackformers.org
Authentication
•
•
•
•
Now you have a trusted source of credentials
You know who you are dealing with
Assign a role and then grant permissions.
Provide a means to authenticate
– UID and password is passe’
– Multi-factor is the way to go
– Federate your identities
www.hackformers.org
Authentication Methods
• Something you know - Password, PIN,
mother’s maiden name, passcode, fraternity
chant
• Something you have - ATM card, smart card,
token, key, ID badge, driver license, passport
• Something you are - Fingerprint, voice scan,
iris scan, retina scan, body odor, DNA
www.hackformers.org
Multi-Factor Authentication
• Two-factor authentication - To increase the level of
security, many systems will require a user to provide
2 of the 3 types of authentication:
– ATM card + PIN
– Credit card + signature
– PIN + fingerprint
• Three-factor authentication - Highest security:
– Password + Fingerprint + Key Card
Spring 2011
10
Password Problems
• Insecure - Given the choice, people will choose easily
remembered--hence easily guessed--passwords such
as names of relatives, pets, phone numbers,
birthdays, hobbies, etc.
• Easily broken - Programs such as Rainbow Tables,
Crack, SmartPass, PWDUMP, NTCrack and l0phtcrack
can easily decrypt Unix, NetWare, and Windows
passwords.
– Dictionary attacks are only feasible because users choose
easily guessed passwords!
Spring 2011
11
Password Problems (cont.)
• Inconvenient - In an attempt to improve security,
organizations often issue users computer-generated
passwords that are difficult, if not impossible to
remember.
• Repudiation - Unlike a written signature, when a
transaction is signed with only a password, there is
no real proof as to the identity of the individual that
made the transaction.
Spring 2011
12
Password Problems (continued)
A password should be like a
toothbrush:
•
•
•
•
Get a good one
Use it every day
Change it regularly
Don’t share it with anyone
Spring 2011
13
Biometrics
• Authenticating a user via human characteristics
• Using measurable physical characteristics of a person to
prove their identification
• Technologies:
 DNA, blood
 fingerprint
 Signature dynamics
 iris
 vein pattern
 retina
 keystroke dynamics
 voice
 layered biometrics
 Facial
 Hand geometry &
topography
Spring 2011
14
Biometric Advantages
• Far greater security and traceability than
passwords, PINs, and tokens
• Low cost to implement
• High functional impact
• Easy to use - cannot be forgotten, lost, or
borrowed
Spring 2011
15
Biometric Measures
• Type 1 error - reject an authorized user
– False rejection / false negative identification
• Type 2 error - accept an imposter
– False acceptance / false positive identification
• CER - crossover error rate
– % where false rejection = false acceptance
– a CER of 3 is more accurate than a CER of 4
Spring 2011
16
Crossover Error Rate
Type 1
errors
False Reject Rate
Type 2
errors
CER
False Acceptance Rate
Spring 2011
17
Hand Geometry
Time and Attendance Terminal
Spring 2011
18
Fingerprint Biometrics
Spring 2011
19
Phone Biometrics
Spring 2011
20
Teach Christ
Identity of the Believer
www.hackformers.org
Christian Identity
•
•
•
•
Based on identity of Christ
God only knows for sure
How do we prove our identity to others?
What are the signs of our identity?
www.hackformers.org
Identity of Christ
•
•
•
•
•
The record in the Bible
Messianic Prophesy
Evidence of His deity
Impact on His followers
Archeological evidence
www.hackformers.org
The record in the Bible
• Jesus own words
– John 5:17-18 Jesus said to them, “My Father is always at his work to
this very day, and I, too, am working.” For this reason the Jews tried all
the harder to kill him; not only was he breaking the Sabbath, but he
was even calling God his own Father, making himself equal with God.
– John 10:30-33 “I and the Father are one.” Again the Jews picked up
stones to stone him, but Jesus said to them, “I have shown you many
great miracles from the Father. For which of these do you stone me?”
“We are not stoning you for any of these,” replied the Jews, “but for
blasphemy, because you, a mere man, claim to be God.”
• Statements of his disciples
– Philippians 2:5-6 Your attitude should be the same as that of Christ
Jesus: who, being in very nature God, did not consider equality with
God something to be grasped.
www.hackformers.org
Messianic Prophesy
Messianic prophecy is the collection of over 100 predictions (a
conservative estimate) in the Old Testament about the future Messiah
of the Jewish people
• Born of a virgin (Isaiah 7:14; Matthew 1:21-23)
• A descendant of Abraham (Genesis 12:1-3; 22:18; Matthew 1:1;
Galatians 3:16)
• Of the tribe of Judah (Genesis 49:10; Luke 3:23, 33; Hebrews 7:14)
• Of the house of David (2 Samuel 7:12-16; Matthew 1:1)
• Born in Bethlehem (Micah 5:2, Matthew 2:1; Luke 2:4-7)
• Taken to Egypt (Hosea 11:1; Matthew 2:14-15)
• Herod´s killing of the infants (Jeremiah 31:15; Matthew 2:16-18)
• Anointed by the Holy Spirit (Isaiah 11:2; Matthew 3:16-17)
www.hackformers.org
Messianic Prophesy (cont.)
• Heralded by the messenger of the Lord (John the Baptist)
(Isaiah 40:3-5; Malachi 3:1; Matthew 3:1-3)
• Would perform miracles (Isaiah 35:5-6; Matthew 9:35)
• Would preach good news (Isaiah 61:1; Luke 4:14-21)
• Would minister in Galilee (Isaiah 9:1; Matthew 4:12-16)
• Would cleanse the Temple (Malachi 3:1; Matthew 21:12-13)
• Would first present Himself as King 173,880 days from the
decree to rebuild Jerusalem (Daniel 9:25; Matthew 21:4-11)
• Would enter Jerusalem as a king on a donkey (Zechariah 9:9;
Matthew 21:4-9)
• Would be rejected by Jews (Psalm 118:22; 1 Peter 2:7)
www.hackformers.org
Messianic Prophesy (cont.)
• Die a humiliating death (Psalm 22; Isaiah 53) involving:
– rejection (Isaiah 53:3; John 1:10-11; 7:5,48)
– betrayal by a friend (Psalm 41:9; Luke 22:3-4; John 13:18)
– sold for 30 pieces of silver (Zechariah 11:12; Matthew
26:14-15)
– silence before His accusers (Isaiah 53:7; Matthew 27:1214)
– being mocked (Psalm 22: 7-8; Matthew 27:31)
– beaten (Isaiah 52:14; Matthew 27:26)
– spit upon (Isaiah 50:6; Matthew 27:30)
– piercing His hands and feet (Psalm 22:16; Matthew 27:31)
– being crucified with thieves (Isaiah 53:12; Matthew 27:38)
www.hackformers.org
Messianic Prophesy (cont.)
• Die a humiliating death (Psalm 22; Isaiah 53) involving:
– praying for His persecutors (Isaiah 53:12; Luke 23:34)
– piercing His side (Zechariah 12:10; John 19:34)
– given gall and vinegar to drink (Psalm 69:21, Matthew 27:34,
Luke 23:36)
– no broken bones (Psalm 34:20; John 19:32-36)
– buried in a rich man’s tomb (Isaiah 53:9; Matthew 27:57-60)
– casting lots for His garments (Psalm 22:18; John 19:23-24)
• Would rise from the dead!! (Psalm 16:10; Mark 16:6;
Acts 2:31)
• Ascend into Heaven (Psalm 68:18; Acts 1:9)
• Would sit down at the right hand of God (Psalm 110:1;
Hebrews 1:3)
www.hackformers.org
Messianic Prophesy the odds
www.hackformers.org
Evidence of His deity
• Miracles
– Feeding the 5000
– Raising the dead
– Healing the sick
• The resurrection
– The empty tomb
– The guards were bribed to lie
• Presenting himself to over 500 followers
– Within days, he was seen by many and touched
www.hackformers.org
Impact on His followers
• 11 of the 12 apostles, and many of the other early disciples,
died for their adherence to this story. This is dramatic, since
they all witnessed the alleged events of Jesus and still went to
their deaths defending their faith. Why is this dramatic, when
many throughout history have died martyred deaths for a
religious belief? Because people don’t die for a lie.
• The apostle Paul makes this clear in his first letter to the
Corinthians: But if there is no resurrection of the dead, then
not even Christ has been raised. And if Christ has not been
raised, then our preaching is futile and your faith is empty. …
For if only in this life we have hope in Christ, we should be
pitied more than anyone (1 Cor. 15:13-14, 19).
www.hackformers.org
Archeological evidence
• Over the last few decades, significant evidence revealing the
life, teaching, death and resurrection of Jesus has been
uncovered!
• Christ’s childhood town of Nazareth is still active today
• Ancient harbors matching the biblical record have been
located in recent drought cycles.
• In Jerusalem, we still see the foundations for the Jewish
Temple Mount built by Herod the Great. Other remarkable
sites in Jerusalem include the "Southern Steps" where Jesus
and his followers entered the Temple, the Pool of Bethesda
where Jesus healed a crippled man, and the recently
uncovered Pool of Siloam where Jesus healed a blind man.
www.hackformers.org
What is our identity based on?
• Acceptance of the saving grace of Christ
– A free gift lest any should boast
• Presence of the Holy Spirit in our lives
• The fruit of the Spirit: 22 But the fruit of the Spirit is
love, joy, peace, forbearance, kindness, goodness,
faithfulness, 23 gentleness and self-control. Against
such things there is no law. Galatians 5:22-23 New International Version
(NIV)
www.hackformers.org
Discussion Points
• Is there enough evidence to convict you of
being a Christian in a court of law?
• If SAML is the means of passing identity
credentials in the IT world, what are the ways
we pass our identity in Christ on to others?
www.hackformers.org
Closing Thoughts
• Christ has given us proof beyond a doubt of
His ability to forgive us our sins and save us for
Himself, we need to be ready to defend the
truth of the gospel…. Of the life that is in us.
www.hackformers.org
Download