10375 Centurion Parkway N, Suite 120
Jacksonville, FL 32256
Speaker: Dr. Johannes Ullrich, Dean of Research for the SANS Technology Institute
Topic: Beyond Passwords. Emerging Phishing Resistant Authentication Techniques
Everybody uses passwords, but everybody knows they do not work. Over the last couple years, large data leaks from various sites have been aggregated into databases of hundreds of millions of passwords that are easily available and heavily used in credential stuffing attacks. In this presentation, we will first talk about the current threats to password based authentication systems, and how even some two factor authentication methods are vulnerable to phishing. We will discuss some defenses against credential stuffing, and show how credential stuffing is used in current attacks. But what is really needed is a phishing resistant authentication mechanism. The trick with phishing resistant authentication mechanisms is that the target site first needs to authenticate itself to the user. Various past methods (like TLS) have failed to accomplish this. But a new set of token based authentication mechanisms, like U2F and WebM, promise to change this and take the human out of the loop. This presentation will demonstrate how to implement these techniques and what hurdles have to be overcome to implement them.Bio:
Johannes is currently responsible for the SANS Internet Storm Center (ISC) and the GIAC Gold program. In 2000, he founded DShield.org, which is now the data collection engine behind the ISC. His work with the ISC has been widely recognized, and in 2004, Network World
named him one of the 50 most powerful people in the networking industry. Prior to working for SANS, Johannes worked as a lead support engineer for a web development company and as a research physicist. Johannes holds a PhD in physics from SUNY Albany and is based in Jacksonville, Florida. His daily podcast summarizes current security news in a concise format.
Thank you Platinum Sponsors: