1 / 35

Who Are You Anyway? Identity, a Security and Life Question We All Need to Ask

Who Are You Anyway? Identity, a Security and Life Question We All Need to Ask. Vern Williams HackFormers. Vern Williams. CSO, The Patria Group President, Computer Security and Consulting Services, LLC CISSP ISSEP CSSLP CBCP ISAM BS in Oceanography, US Naval Academy

marcie
Download Presentation

Who Are You Anyway? Identity, a Security and Life Question We All Need to Ask

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Who Are You Anyway? Identity, a Security and Life Question We All Need to Ask Vern Williams HackFormers

  2. Vern Williams • CSO, The Patria Group • President, Computer Security and Consulting Services, LLC • CISSP ISSEP CSSLP CBCP ISAM • BS in Oceanography, US Naval Academy • 20 Year US Navy Nuclear Submarines • Masters of Science in Information Systems, Hawaii Pacific University • ISSA Distinguished Fellow, IEEE Senior Member • Disaster Relief Coordinator, Hill Country Bible Church /Austin Disaster Relief Network • VernWilliams@PatriaCorp.com • Vern.Williams@IEEE.org • VernWilliams.ADRN@gmail.com • 512-297-8798

  3. Agenda • Teach Security • Teach Christ • Discussion

  4. Teach Security Identity Management Or the art of knowing who is who.

  5. IdM Process • Establish authentic credential source • Determine roles and associated access • Identity proofing • Authorization • Assign authentication • Grant access (physical and logical) • Monitor, modify, and/or revoke access

  6. Establish authentic credential source • How do you know who is who? • Chain of trust • You rely on their processes • What happens when they fail? • Turkey CA TURKTRUST • NJ CA Comodo Inc. • Dutch CA DigiNotar

  7. Identity Proofing • Identity Proofing –The process by which the credential issuer validates sufficient information to uniquely identify a person applying for the credential. (NIST) • Prove that the identity exists • Prove the applicant is entitled to that identity • Address the potential for fraudulent issuance of credentials based on collusion • Identity Source Documents: Need 2 I-9 Identity Sources • Must include a government-issued picture ID and fingerprints (10 for identification and two for verification) • Background Checks: SF 85 • Required Investigations based on the information provided in SF 85 and the Identity Source Documents

  8. Authentication • Now you have a trusted source of credentials • You know who you are dealing with • Assign a role and then grant permissions. • Provide a means to authenticate • UID and password is passe’ • Multi-factor is the way to go • Federate your identities

  9. Authentication Methods • Something you know - Password, PIN, mother’s maiden name, passcode, fraternity chant • Something you have - ATM card, smart card, token, key, ID badge, driver license, passport • Something you are - Fingerprint, voice scan, iris scan, retina scan, body odor, DNA

  10. Spring 2011 Multi-Factor Authentication • Two-factor authentication - To increase the level of security, many systems will require a user to provide 2 of the 3 types of authentication: • ATM card + PIN • Credit card + signature • PIN + fingerprint • Three-factor authentication - Highest security: • Password + Fingerprint + Key Card

  11. Spring 2011 Password Problems • Insecure - Given the choice, people will choose easily remembered--hence easily guessed--passwords such as names of relatives, pets, phone numbers, birthdays, hobbies, etc. • Easily broken - Programs such as Rainbow Tables, Crack, SmartPass, PWDUMP, NTCrack and l0phtcrack can easily decrypt Unix, NetWare, and Windows passwords. • Dictionary attacks are only feasible because users choose easily guessed passwords!

  12. Spring 2011 Password Problems (cont.) • Inconvenient - In an attempt to improve security, organizations often issue users computer-generated passwords that are difficult, if not impossible to remember. • Repudiation - Unlike a written signature, when a transaction is signed with only a password, there is no real proof as to the identity of the individual that made the transaction.

  13. Spring 2011 Password Problems (continued) • A password should be like a toothbrush: • Get a good one • Use it every day • Change it regularly • Don’t share it with anyone

  14. Spring 2011 Biometrics • Authenticating a user via human characteristics • Using measurable physical characteristics of a person to prove their identification • Technologies: • DNA, blood • Signature dynamics • vein pattern • keystroke dynamics • layered biometrics • fingerprint • iris • retina • voice • Facial • Hand geometry & topography

  15. Spring 2011 Biometric Advantages • Far greater security and traceability than passwords, PINs, and tokens • Low cost to implement • High functional impact • Easy to use - cannot be forgotten, lost, or borrowed

  16. Spring 2011 Biometric Measures • Type 1 error - reject an authorized user • False rejection / false negative identification • Type 2 error - accept an imposter • False acceptance / false positive identification • CER - crossover error rate • % where false rejection = false acceptance • a CER of 3 is more accurate than a CER of 4

  17. Type 1 errors Type 2 errors CER Crossover Error Rate False Reject Rate False Acceptance Rate Spring 2011

  18. Spring 2011 Hand Geometry Time and Attendance Terminal

  19. Spring 2011 Fingerprint Biometrics

  20. Spring 2011 Phone Biometrics

  21. Teach Christ Identity of the Believer

  22. Christian Identity • Based on identity of Christ • God only knows for sure • How do we prove our identity to others? • What are the signs of our identity?

  23. Identity of Christ • The record in the Bible • Messianic Prophesy • Evidence of His deity • Impact on His followers • Archeological evidence

  24. The record in the Bible • Jesus own words • John 5:17-18 Jesus said to them, “My Father is always at his work to this very day, and I, too, am working.” For this reason the Jews tried all the harder to kill him; not only was he breaking the Sabbath, but he was even calling God his own Father, making himself equal with God. • John 10:30-33 “I and the Father are one.” Again the Jews picked up stones to stone him, but Jesus said to them, “I have shown you many great miracles from the Father. For which of these do you stone me?” “We are not stoning you for any of these,” replied the Jews, “but for blasphemy, because you, a mere man, claim to be God.” • Statements of his disciples • Philippians 2:5-6 Your attitude should be the same as that of Christ Jesus: who, being in very nature God, did not consider equality with God something to be grasped.

  25. Messianic Prophesy Messianic prophecy is the collection of over 100 predictions (a conservative estimate) in the Old Testament about the future Messiah of the Jewish people • Born of a virgin (Isaiah 7:14; Matthew 1:21-23) • A descendant of Abraham (Genesis 12:1-3; 22:18; Matthew 1:1; Galatians 3:16) • Of the tribe of Judah (Genesis 49:10; Luke 3:23, 33; Hebrews 7:14) • Of the house of David (2 Samuel 7:12-16; Matthew 1:1) • Born in Bethlehem (Micah 5:2, Matthew 2:1; Luke 2:4-7) • Taken to Egypt (Hosea 11:1; Matthew 2:14-15) • Herod´s killing of the infants (Jeremiah 31:15; Matthew 2:16-18) • Anointed by the Holy Spirit (Isaiah 11:2; Matthew 3:16-17)

  26. Messianic Prophesy (cont.) • Heralded by the messenger of the Lord (John the Baptist) (Isaiah 40:3-5; Malachi 3:1; Matthew 3:1-3) • Would perform miracles (Isaiah 35:5-6; Matthew 9:35) • Would preach good news (Isaiah 61:1; Luke 4:14-21) • Would minister in Galilee (Isaiah 9:1; Matthew 4:12-16) • Would cleanse the Temple (Malachi 3:1; Matthew 21:12-13) • Would first present Himself as King 173,880 days from the decree to rebuild Jerusalem (Daniel 9:25; Matthew 21:4-11) • Would enter Jerusalem as a king on a donkey (Zechariah 9:9; Matthew 21:4-9) • Would be rejected by Jews (Psalm 118:22; 1 Peter 2:7)

  27. Messianic Prophesy (cont.) • Die a humiliating death (Psalm 22; Isaiah 53) involving: • rejection (Isaiah 53:3; John 1:10-11; 7:5,48) • betrayal by a friend (Psalm 41:9; Luke 22:3-4; John 13:18) • sold for 30 pieces of silver (Zechariah 11:12; Matthew 26:14-15) • silence before His accusers (Isaiah 53:7; Matthew 27:12-14) • being mocked (Psalm 22: 7-8; Matthew 27:31) • beaten (Isaiah 52:14; Matthew 27:26) • spit upon (Isaiah 50:6; Matthew 27:30) • piercing His hands and feet (Psalm 22:16; Matthew 27:31) • being crucified with thieves (Isaiah 53:12; Matthew 27:38)

  28. Messianic Prophesy (cont.) • Die a humiliating death (Psalm 22; Isaiah 53) involving: • praying for His persecutors (Isaiah 53:12; Luke 23:34) • piercing His side (Zechariah 12:10; John 19:34) • given gall and vinegar to drink (Psalm 69:21, Matthew 27:34, Luke 23:36) • no broken bones (Psalm 34:20; John 19:32-36) • buried in a rich man’s tomb (Isaiah 53:9; Matthew 27:57-60) • casting lots for His garments (Psalm 22:18; John 19:23-24) • Would rise from the dead!! (Psalm 16:10; Mark 16:6; Acts 2:31) • Ascend into Heaven (Psalm 68:18; Acts 1:9) • Would sit down at the right hand of God (Psalm 110:1; Hebrews 1:3)

  29. Messianic Prophesy the odds

  30. Evidence of His deity • Miracles • Feeding the 5000 • Raising the dead • Healing the sick • The resurrection • The empty tomb • The guards were bribed to lie • Presenting himself to over 500 followers • Within days, he was seen by many and touched

  31. Impact on His followers • 11 of the 12 apostles, and many of the other early disciples, died for their adherence to this story. This is dramatic, since they all witnessed the alleged events of Jesus and still went to their deaths defending their faith. Why is this dramatic, when many throughout history have died martyred deaths for a religious belief? Because people don’t die for a lie. • The apostle Paul makes this clear in his first letter to the Corinthians: But if there is no resurrection of the dead, then not even Christ has been raised. And if Christ has not been raised, then our preaching is futile and your faith is empty. … For if only in this life we have hope in Christ, we should be pitied more than anyone (1 Cor. 15:13-14, 19).

  32. Archeological evidence • Over the last few decades, significant evidence revealing the life, teaching, death and resurrection of Jesus has been uncovered! • Christ’s childhood town of Nazareth is still active today • Ancient harbors matching the biblical record have been located in recent drought cycles. • In Jerusalem, we still see the foundations for the Jewish Temple Mount built by Herod the Great. Other remarkable sites in Jerusalem include the "Southern Steps" where Jesus and his followers entered the Temple, the Pool of Bethesda where Jesus healed a crippled man, and the recently uncovered Pool of Siloam where Jesus healed a blind man.

  33. What is our identity based on? • Acceptance of the saving grace of Christ • A free gift lest any should boast • Presence of the Holy Spirit in our lives • The fruit of the Spirit: 22But the fruit of the Spirit is love, joy, peace, forbearance, kindness, goodness, faithfulness, 23 gentleness and self-control. Against such things there is no law.Galatians 5:22-23 New International Version (NIV)

  34. Discussion Points • Is there enough evidence to convict you of being a Christian in a court of law? • If SAML is the means of passing identity credentials in the IT world, what are the ways we pass our identity in Christ on to others?

  35. Closing Thoughts • Christ has given us proof beyond a doubt of His ability to forgive us our sins and save us for Himself, we need to be ready to defend the truth of the gospel…. Of the life that is in us.

More Related