BITS September 15, 2014 Presentation

An overview of Contextual Location Fingerprint technology (CLF) and its application in security operations.

Presentation Goals:

1. Present an overview of Contextual Location Fingerprint technology (CLF).2. Discuss summary of topics relative to the application of context in authentication systems.3. Explore applications of CLF.4. Discuss the potential evolution of CLF, it’s partner technologies, and the impacts to cyber-

security policy.

During this presentation, we’ll:

● Present a baseline overview on the common methods of authentication, policy definition and policy enforcement (covered in the Appendix).

● Discuss the math and science behind contextual location fingerprint and address how it has no commonalities with other forms of location authentication, such as geolocation, triangulation or IP address look-up.

● Review the management of CLF in the enterprise.● Review application of CLF in different environments / projects.● Make it clear that we’re not moving to an “either this or that” approach to authentication and

cyber-security. We’re trying to enable an adaptable and fluid approach to dealing with evolving threat profiles and new technologies / approaches to mitigating these risks.

Presentation Objectives

The content presented within this document is a culmination of internal R&D, government testing, and development meetings with numerous public and private parties, including:

● DOD● NIST● NSF● International Financial Institutions● Large Utility Operators● Technology partners

These meetings and planning sessions included senior executives, security architects, engineers, operators and business development professionals.

Sources of Information Discussed in this Presentation

What is a Contextual Location Fingerprint (CLF)?

A CLF is a set of data about a location which can only be determined from that location. CLFs are used to establish confidence that an asset is in a known location by collecting and comparing information only obtainable from examining contextual information at the location in question.

CLFs are an authentication mechanism, designed to be used in multi-factor authentication and policy definition / enforcement systems.

What is a Contextual Location Fingerprint

How does a Contextual Location Fingerprint work?

Contextual Data Collection Devices (CDCDs) are used to collect a specific type of information about an environment. Examples include RF signal delay characteristics, 3-D environment mapping, and acoustic reflection characteristics (SONAR).

The information collected from the CDCDs forms the initial “fingerprint” of an environment. When a location verification challenge is sent to a machine in an environment, that machine can access the local CDCDs to collect telemetry for use as an authentication challenge response.

Our two current CDCDs include:1. Sensors to measure RF signal delays introduced by all matter

surrounding the sensors.2. 3-D Camera and LIDAR equipment to establish an internal 3-D

model of a location.

How Does a CLF Work?

What Contextual Location Fingerprints Are Not

It’s important to separate CLF from more classical means of leveraging location as an authentication factor. CLFs are not:

● geolocation● triangulation● based on IP address look-up

The goal of the CLF is not to replace these other forms of location authentication. When you consider Authentication Confidence Factors, CLF is designed to augment existing authentication mechanisms to increase an action’s trust level relative to the risk of that action.

CLF Authentication Challenge / Response

- =

Base CLF DataCLF Challenge Response Data

Comparison Result

Many traditional authentication systems are based on keys and one-way functions. They have the benefit of being fast and providing absolute right / wrong response to authentication challenges. The main drawback of these “classical” methods is that as advances are made in number theory, computing power and algorithm research, the risks associated with key compromises increase and their confidence values decrease; i.e. the right answer doesn’t necessarily mean the right person / machine is supplying that answer.

In contract, CLF authentication algorithms are based on statistical comparisons of current telemetry data compared to an established baseline. This allows us to establish an authentication confidence percentage which are time dependent.

Single Location CLF Deployment

A CLF location has the following characteristics:

● Its size is arbitrary and determined by an organization’s granularity and policies.● Multiple CDCDs are used to increase overall statistical confidences.

Enterprise Usage of CLF

Application of CLF In a Network Bridge

Integrating CLF with Intel’s PSS & TXT Tech

In this integration effort, the CLF enabled location (identified as the green room) continually validated its location in an out-of-band process. This process established a new, temporary, and asymmetric session key pair for that location. The private key is pushed to any PSS devices located in that room or entering the room. Applications on such a device were able to use the private key to sign application payloads to validate that the traffic originated from the approved location.

This model augmented existing authentication systems (such as username/password) but was implemented without the user having to take any additional steps.

Current authentication models not only lack in terms of variety, but the current policy definition and enforcement systems are largely static in the controls available to administrators within organizations.

With limited variety and static policy controls, the challenge of implementing a strong, deny-first policy increases because business “exceptions” often outweigh operational risks.

So Why Is This Important?

When we introduce new methods of authentication and the ability for dynamic risk calculation, we have the means to modify policy in real-time. This allows us to deal with current realities, not just those defined when a particular tool was implemented.

It’s important to understand that not all authentication types need to be used all the time. There’s a simple equation to be enabled:

If current_risk_of_action > current_auth then [establish additional auth]else [proceed with action]

Alternative Model, with Dynamic Policy and Contextual Authentication Options

Things to take aways from this presentation:

1. Anything can become an authentication factor if there’s value in that factor relative to risk management.

2. Cyber-security programs are more than just authentication. We also need to include policy definition and policy enforcement, as well as static and dynamic risk modeling into a cohesive formula to be able to deal with criminal counter efforts to our own efforts.

3. Prevention of 100% of cyber-security events may not be possible, but we can be fluid and adaptable in our defense through coordinated frameworks and a continual eye towards all types of emerging technologies which can benefit our cyber-security solution stacks.

4. Don’t wait for the future to adapt the tools and policies that will become part of tomorrow's security solutions.

Things we can do:5. Partner with technology vendors and government agencies engaged in developing these next

generation tools, hardware and software. There are opportunities to use pooled resources from for-profit sectors as well as government resources from organizations like IARPA, DARPA, NSF and NIST to establish pilot programs and path-to-market opportunities which can help all parties refine the technologies and policies to deal with dynamic risk calculations and contextual authentication paradigms.

6. Provide guidance to technology vendors with next generation solutions so that they are better educated on the use cases, threat concerns and operational constraints that exist within your organizations.

Summary and Call To Action

Authentication - The process of making a statement and then providing proof that the statement made is true. For example, when I log in to a computer, I’m making the statement that “I am David Hanna and to prove it, my password is XYZ.”

Authentication Confidence Factors - The level of confidence that the authentication statement actually relates to the thing being authenticated. For example, identifying a user through a username and password may have a lower authentication confidence than authenticating a user through 3-D facial recognition and DNA testing.

Authorization - The process of allowing or denying an action based on established authentication characteristics. For example, a system may say “You have proved you are David Hanna so I will allow you access to ABC.” Authorization is about policy. An important point throughout this presentation is the flexibility we have in defining policy (and subsequently in mitigating risk) is directly proportional to the types of authentication mechanisms we have at our disposal and their associated confidence factors.

Appendix - Terms and Definitions

Static Policy Definition - Defining, in business terms, when something is either allowed or denied access to something. E.g. “Members of the group ‘Human Resources’ are allowed to view files in the Salaries folder, all other people should be denied any access to this folder.”

Dynamic Policy Definition - The ability to use real-time information to create or update policy definitions within an enterprise. E.g. “An increased number of failed authentication attempts have been attempted in the last 30 minutes. Accounts will now be locked out after 2 failed attempts and all users must establish new passwords upon their next successful login.”

Policy Enforcement - The hardware and software which understands policy definitions and is able to enforce those definitions. E.g. “Authenticated User Jones has made a request to read the file BossesSalary.doc, but Authenticated User Jones is not a member of the group ‘Human Resources’, so I will not allow that file to be read.”

Appendix - Terms and Definitions

Intrusion Detection Systems (IDS)

If a negative CLF challenge occurs when all other authentication factors are correct, it may help point to an intrusion event.

Session Initiation Protocol (SIP) Server

CLF technology can be a component of SDES (Session Description Protocol Security Descriptions) which is used as a key establishment and exchange protocol in SIP servers.

Policy Manager

CLF technology is designed to be incorporated into commercial policy managers. We’re currently working on IF-MAP certification.

Appendix - Additional Application of CLF

Authentication, Authorization and Accounting Server (AAA)

CLF allows for the verification of an asset or user’s location through the use of CDCDs (Contextual Data Collection Devices). By integrating CLF into either an SIP or application protocol environment, additional auditing of transactions is possible, e.g., compliance with privacy regulations restricting access to data in specific locations and jurisdictions (e.g., specified buildings and rooms or the EU vs. the US).

Firewall

CLF information can be incorporated into firewall policy configurations.

VPN Gateway

Similar to integration with firewalls, CLF can be an authentication component used for tunnel establishment.

Appendix - Additional Application of CLF