Tuesday, May 05, 2015

security: Microsoft Passport and Windows Hello

Microsoft Passport and Windows Hello: Moving Beyond Passwords and Credential Theft | Build 2015 | Channel 9
"Microsoft Passport in Windows 10... is easy to deploy, always multi-factor, theft- and phish-proof, interoperable on premise and on the web, and so inexpensive that there is almost no excuse to not take advantage of it...Windows Hello: biometric authentication which can provide instant access to your Microsoft Passport"

Another Microsoft attempt to provide end-to-end security solution, this time  included in Windows 10. Windows "Hello" is a biometric authentication  platform, with
  • face-recognition, 
  • fingeprint and 
  • iris-scan
Microsoft "Passport" is a PKI based authentication system that replaces passwords. For each application (or site), "Passport" creates a (RSA) pair of keys, publishes public key to the other side, and saves private key in a local secured storage. Where available on a computer, hardware protection is used to store private keys. Access to authentication system is protested by a PIN (4-digit number, like on iOS or Android), with progressive slowing down on retries. "Hello" authentication can be used instead of PIN... A similar solution was in Vista/7 but was not popular... will this be better accepted?

Microsoft Passport is based on FIDO Alliance standard.


Azure IoT Security @ Build 2015

A nice overview of IoT challenges and Azure-based solutions
by Clemens Vasters, Architect on the Azure IoT team.
Stories about safety vs. security, telemetry, monitoring large number of "things", handling protocols,
using protocol (field, service) gateways and in/out message boxes for effective communication with devices, such large fleets of moving  vehicles etc.

A few quotes:
  • "IoT is currently at the top of hype, most about IoT is written in magazines and brochures,
    not as code in programs" Soon this will change when people start making production systems, and will need tools. 
  • "There is no 'S' in VPN"
    VPN is "fusing" networks, and making protecting security harder. 
Azure IoT Security | Build 2015 | Channel 9

Azure IoT Hub

Event Hubs - Cloud big data solutions | Microsoft Azure

Getting Started with Azure IoT services: Event Hubs | Rob Tiffany

Microsoft Security Development Lifecycle
"The Security Development Lifecycle (SDL) is a software development process that helps developers build more secure software and address security compliance requirements while reducing development cost"