Authentication Design & Management

1 Day Masterclass or
7 Hours Self Paced Video

The Why:  To provide a virtual workshop for industry leaders, practitioners and consultants looking to develop authentication systems for both B2E, B2C and IoT/Machine ecosystems.

For Who:  Your Current Role: Information leader, CISO, identity architect, security architect, CIO, digital consultant

Pre-Reqs: Infrastructure understanding, digital concepts, basic security, basic identity. This is a no-code course.

The What:  6 modules of deep dive learning content – covering standards, design planning, deployment use cases and measurement.

~7 hours of video material.


Authentication Design & Management Part 1

Part 1 focuses on the basics of authentication – something you know, something you are and something you have – and some assumptions and first principles regarding authentication protocol design.

Definitions

The differences between something you know, something you are and something you have – and how MFA combines two from the three. 

We also look at authorization and assurance.

First Principles

We analyse the concept of entity authentication, an authentication protocol (with messages, flows, actions and assumptions) before tackling the problem of freshness and replay prevention.

Static (Passwords and PINs)

The problems with passwords – user and service side. Password vulnerabilities and storage. PIN guessing. Basic counter measures.

Dynamic (OTP)

A look at the concept of one time passwords – generated service side and user side, as well a look at magic links.

Possession (Phones & Cards)

An introduction to possession factors such as CAC/PIV cards, phones as a token and USB security keys.

Biometrics

An introduction to biometrics – characteristics, cross over error rates, template storage considerations and the difference between morphological and behavioural.

Pre Authentication (Proofing and Identity Storage)

What needs to happen before authentication an take place? Registration and proofing are introduced along with identity profile storage considerations.

Post Authentication (Sessions and Tokens)

What happens post authentication?  We discuss session management and how tokens can be issued including SAML, OIDC and basic web cookies.

Credential Life Cycle

Credentials – in the form of private keys – need to be created, issued and revoked during their association and binding to an identity.

Authentication Design & Management Part 2

Part 2 focuses on the industry standards that exist with respect to authentication – providing a high level view of their components, usage and vulnerabilities.  Part 2 also takes a look at deployment design considerations for B2E, B2C and IoT/Machine based environments.

Standards Overview

A look at some of the established, current and emerging standards and projects that pertain to authentication including:

FIDO, FIDO2/WebAuth/Passkeys, NIST 800-63-B, PSD2-SCA, OATH (TOTP/HOTP), Kerberos, RADIUS, OIDC, SAML, OWASP and Mitre Att&ck.

IoT

A discussion of IoT based authentication for consumer, SCADA, smart city and home automation.  Considerations, security threats, design planning.

Machine Identity

A recent rise in API, devops and machine based identity has driven new architecture patterns regarding possession based infrastructure authentication.

Design Planning

A top down look at business objectives and how that integrates with authentication strategies and tactics for B2E and B2C ecosystems.

B2E Workforce Use Cases

A review of the main use cases facing an enterprise workforce authentication solution such as MFA consolidation and the integration with zero trust architectures.

B2C Consumer Use Cases

A review of the main use cases facing consumer identity projects including proofing, self service and passwordless authentication.

Metrics and Measurement

How to measure authentication project success, by looking at coverage, performance and effectiveness models.

Emerging Trends

A look at emerging trends within authentication such as continual, contextual and adaptive controls and the rise of phishing resistance.

Preview Introduction into Self Paced Training >>

Can’t wait? Enrol today in self-paced online training via Teachable

7 hours of content and downloadable material