Android - SecureAuth

gosecureauth.com

Android - SecureAuth

SecureAuth Corp

Dec 06, 2012

www.gosecureuath.com

SecureAuth IdP for Android

© 2012 SecureAuth. All rights reserved.


Welcome to the SecureAuth

Android DevCon IV Preso

Chris Hayes, SecureAuth Corporation

Sr. Sales Engineer

Garret Grajek, SecureAuth Corporation

CTO/COO

http://www.gosecureauth.com

2


AGENDA

1. SecureAuth IdP for Android

• Securing Existing Apps

• Web, SaaS, Mobile

• Portal

2. SecureAuth Idp for Mobile (Android)

• Securing NEW “Native” Mobile Apps

• Native App – IdP, Integration

• Q. & A.


Securing SaaS,

Web, VPN resources

on the Android

Platform


SecureAuth & Android: Access to the Enterprise

SIEMs

(Logging)

Directory

Web

Apps

Gateway

“Cloud”

Apps

End User

(Desktop or

Mobile)

5


What is Special about the

Android App Platform

Android is Linux based

• Code is Java Based

• Most importantly:

– Has own Java Virtual Machine (Dalvik)

– Supports Interprocess Communication

– Supports embedded browsers

– Support Communication to External Browsers

6


Why this is relevant

• The Android OS is very conducive for

supporting apps the way desktop computers

have been deployed

• Apps have a fully available virtual machine

• With advanced libraries

• Including crypto libraries

• Code is in Java, then compiled to .DEX Files

7


SecureAuth Takes advantage of Android

SecureAuth has a unique

– 2-Factor SSO Solution

• Based on:

– Target/Redirect WC3 WorkFlow

– Works for Web, VPN, SaaS

• Can conduct a 2-Factor Authentication based

on

– X.509, SMS, Tele, E-mail, KBA, HelpDesk

• Then Redirect to Target Application

8


SecureAuth Takes advantage of Android

All processes run in

the Dalvik Virtual

Machine

9


SecureAuth Takes Advantage of Android

With One Special Android Advantage:

– Coverts your pre-existing Web/SaaS app

• To a One-Touch Android App

– Downloadable APK

• Can be pre-configured with Destination Url

– User just clicks SecureAuth App

• To start configurable authentication

• One-Touch – no URL to configure

• Completely Server Side configurable Authentication

10


Lastly… SecureAuth Provides Bilateral

Authentication

• Bilateral Authentication (PKI)

– Server validates User

– User validates Server

Who are you

Who are you

• What Technology Conducts User/Server Authentication

– Public Key Infrastructure

– Private/Public keys – utilizing X.509 v3 Certificates

SecureAuth has advantage on Android

– User does not need to understand PKI

– User is not burdened with Pop-ups

– Enterprise does not have to deal w/ Revocation Technology

11


• Turns Existing Web/SaaS App

– To a 1-Touch Android App

• Supports:

Android 2.2, 2.3, 3.0, 3.1, 3.2, 4.0, 4.1, 4.2

• Secure

– Configurable Authentication (X.509, SMS, Telephony)

– Unique Bilateral Authentication

• PKI Based, Bilateral, Revocable

• Utilizing Existing Infrastructure

– Current Web Applications

– Current Data Stores

12


13

Demo


Securing Native

Android Apps


SecureAuth IdP for Mobile

Key Features:

1. Tie Identity to Enterprise Data Store

2. Conduct Relevant/Configurable Authentication

3. Log the Authentication

4. SSO into other apps (mobile and web)


SecureAuth IdP for Mobile

1. Tie Identity to identity Stores

User Native

Directory:

• AD, LDAP,

SQL, etc

• ID

• Password

• Profile Info

• Groups


SecureAuth IdP for Mobile

2. Configurable Authentication

Configurable

Authentication:

• X.509 Cert

• SMS

• Telephony

• E-mail OTP

• KBA/KBQ

• PIN

• Password


SecureAuth IdP for Mobile

3. Log the Authentication

Log the Auth:

• Local SIEM

• Syslog

• Reporting

• (full GUI)

• Auditing

• Text,

Syslog


SecureAuth IdP for Mobile

4a. SSO to Other Mobile Apps

SSO to other

mobile apps:

• Identity token

consume by

SA

• Can provide

SSO

• Or Step-up

Authentication

• No thick client


SecureAuth IdP for Mobile

4b. SSO to Browser Apps (Web/SaaS)

SSO to other

Browser Apps:

• Identity token

consume by

SA

• SSO to:

• Web Apps

• Browser

Apps

• Revocable

• Step-Up

Authentication


Demo

SecureAuth IdP for Mobile


SecureAuth IdP for Mobile

Workflow/Secret Sauce:

• Define a URL coding Scheme for you mobile

app (iOS, Android)

• Code for invoking/directing “native browser”

to SA for authentication

SecureAuth IdP 2-Factor Authentication

• SMS, Telephony, e-mail, KBA, Help Desk, x509

• Implant UBC after authentication

SecureAuth IdP Browser SSO (UBC)

• Read UBC before conducting auth

SecureAuth IdP directs identity token back to

Native Mobile App


Define Coding URL Scheme for Native App

Android:

… …

iOS:

2


Launch an External Browser

Android:

@Overrideprotected void onCreate(Bundle savedInstanceState) {

{super.onCreate(savedInstanceState);


Button button = (Button)

findViewById(R.id.login_button); button.setOnClickListener(new OnClickListener()

{ @Override

public void onClick(View v) {

Intent i = new Intent(Intent.ACTION_VIEW,

"https://secureauth.mycompany.com/SecureAuth1/");

} }); …}

startActivity(i);

iOS:

24

- (IBAction) startLogin: (id)sender

{

}

NSURL *url = [NSURL

URLWithString:@"https://secureauth.mycompany.com/SecureAuth1/"];

[[UIApplication sharedApplication] openURL:url];


Return Identity Token back to App

Android:

@Override

protected void onNewIntent(Intent intent) {

Uri data = intent.getData();

if (data != null) {

String accessToken = data.getQueryParameter("UserID");

// Use the accessToken.

}

}

iOS:

- (BOOL)application:(UIApplication *)application handleOpenURL:(NSURL *)url

{

for (NSString *param in [[url query] componentsSeparatedByString:@"&"])

{

NSArray *parts = [param componentsSeparatedByString:@"="];

2


SecureAuth Contacts

Contacts

Who Title E-mail Phone

Chris Hayes

Sr. Sales

Enginee

chayes@gosecureauth.com +1.860.383.5907

Garret Grajek CTO/COO ggrajek@gosecureauth.com +1.949.777.6970

John Kolesar V.P of Sales jk@gosecureauth.com +1.248.760.4040

SecureAuth Sales sales@gosecureauth.com +1.949.777.6959

http://www.GoSecureAuth.com

Thank you!


Additional Slides


HOW DOES

SECUREAUTH IdP

WORK

1. Consume Identity

• From varied resources, devices

• Desktop, Mobile, Web SSO, AD SSO

2. Map Identity

• From varied resources

• Map to relevant data store

3. Authenticate

• 2-Factor Authentication

• SMS, Tele, X.509, PIN, Yubikey

KBA, E-mail, Help Desk

4. Assert Identity

• X.509

• Web Identity

• VPN, Web, SaaS, Mobile

5. Log the event

• Text, Syslog

28


Passwords Solved: SecureAuth/Google Integration

SecureAuth

SecureAuth

protected site

Browser redirects

to enterprisehosted

SecureAuth URL

SecureAuth

2-Factor

authenticates

user

SecureAuth

creates SAML

token

SecureAuth

returns

encoded SAML

response to

browser

Enterprise

Directory

(AD, LDAP, etc)

http://code.google.com/apis/apps/sso/saml_reference_implementation.html


Secure IdP Construction

Item Home Grown SecureAuth

Build WebServer (IdP)

(Hardened Server, WebServer, Forms)

Manual

Automated

Identity Authentication (AD SSO) Manual Automated

SAML Assertion Manual Automated

SAML Attributes Manual Automated

X.509 Storage/Signed with Cert Manual Automated

SSO Portal (SaaS, Web) Manual Automated

Federate ID Mapping Manual Automated

2-Factor Integration Manual Automated

IdM tools (PWD reset, Help Desk, etc) Manual Automated

Log Authentication Manual Automated

30


Current Environment

© 31 2012 SecureAuth. All rights reserved.


SecureAuth IdP – Authentication “Volume Control”

32

© 2012 SecureAuth. All rights reserved.


SecureAuth IdP –

2F/SSO for Cloud/Enterprise/Mobile

SecureAuth Delivers:

1. Multi-Factor

Authentication

2. IdP (SSO to cloud,

web, gateways, mobile)

3. IdM (Identity

Management)

KBA

P


Solve You Cloud SSO w/ SecureAuth

IdP

Your Current Environment

With SecureAuth IdP

34

More magazines by this user
Similar magazines