NISlecture 2017/2 (24.02.2017, 12.15-13.00 in K105)
Title: Security aspects of smartphone authentication
Speaker: Rolf Lindemann
The industry introduced username and passwords more than 40 years ago and has subsequently seen incremental improvements to maintain an adequate security posture. Complexity rules, password change frequency, and requirements to avoid password re-use were added over time to improve the security of username+password infrastructure. Since then, (a) the average number of accounts has increased to a level that it is unfeasible for users to memorize distinct passwords per account and (b) mobile devices without physical keyboards are proliferating. Typing in passwords on such devices is cumbersome and prone to error. On the other hand, new attacks have appeared that demonstrate the fundamental security limitations of the existing password concept. Several variations of one-time-password schemes have been invented to fix the password security problem (e.g. one-time passcode (OTP) tokens, SMS OTP, OTP generator Apps). Unfortunately, such schemes further reduced usability and did not succeed in protecting against scalable attacks (e.g. Phishing, MITM). Biometric user verification, initially used for Government purposes, can be more convenient for users than typing passwords. We will look into the security aspects of the unattended nature of mobile biometrics and the implications for a secure implementation of secure and biometrics based authentication.
About the Speaker
: Rolf Lindemann works for Nok Nok Labs, Inc. as Senior Director Products & Technology and brings more than 15 years of experience in product management, R&D and operations from the IT security industry. He has contributed to various FIDO specifications and has been a frequent speaker at industry events. Prior to Nok Nok Labs Rolf Lindemann worked as Senior Director Product Management in the user authentication group at Symantec where he was responsible for research and product strategy on device authentication in smart grids and mobile networks. Before Symantec's acquisition of TC TrustCenter, he was Executive Director Product Strategy at TC TrustCenter GmbH. Named to that position in 2009 he was responsible for analyzing market trends and aligning the overall product portfolio to new market opportunities. Rolf Lindemann received his PhD from the Technical University in Hamburg-Harburg and holds a master's degree in electrical engineering.