User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa.

Slides:

Advertisements

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Advertisements

AP STUDY SESSION 2.

© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Author: Julia Richards and R. Scott Hawley

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Objectives: Generate and describe sequences. Vocabulary:

UNITED NATIONS Shipment Details Report – January 2006.

RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )

David Burdett May 11, 2004 Package Binding for WS CDL.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.

We need a common denominator to add these fractions.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.

1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.

FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.

1 Click here to End Presentation Software: Installation and Updates Internet Download CD release NACIS Updates.

Vocabulaire 3.3 Français II. 2 Do you have a gift idea for ___?

Solve Multi-step Equations

REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.

Break Time Remaining 10:00.

Table 12.1: Cash Flows to a Cash and Carry Trading Strategy.

Advance Nano Device Lab. Fundamentals of Modern VLSI Devices 2 nd Edition Yuan Taur and Tak H.Ning 0 Ch9. Memory Devices.

PP Test Review Sections 6-1 to 6-6

1 The Blue Café by Chris Rea My world is miles of endless roads.

EU market situation for eggs and poultry Management Committee 20 October 2011.

Bright Futures Guidelines Priorities and Screening Tables

EIS Bridge Tool and Staging Tables September 1, 2009 Instructor: Way Poteat Slide: 1.

Bellwork Do the following problem on a ½ sheet of paper and turn in.

CS 6143 COMPUTER ARCHITECTURE II SPRING 2014 ACM Principles and Practice of Parallel Programming, PPoPP, 2006 Panel Presentations Parallel Processing is.

2 |SharePoint Saturday New York City

Exarte Bezoek aan de Mediacampus Bachelor in de grafische en digitale media April 2014.

Copyright © 2012, Elsevier Inc. All rights Reserved. 1 Chapter 7 Modeling Structure with Blocks.

1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.

Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)

Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.

CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.

© 2012 National Heart Foundation of Australia. Slide 2.

Adding Up In Chunks.

Understanding Generalist Practice, 5e, Kirst-Ashman/Hull

1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt Synthetic.

Note to the teacher: Was 28. A. to B. you C. said D. on Note to the teacher: Make this slide correct answer be C and sound to be “said”. to said you on.

Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M

25 seconds left…...

Subtraction: Adding UP

1 hi at no doifpi me be go we of at be do go hi if me no of pi we Inorder Traversal Inorder traversal. n Visit the left subtree. n Visit the node. n Visit.

Analyzing Genes and Genomes

Speak Up for Safety Dr. Susan Strauss Harassment & Bullying Consultant November 9, 2012.

©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.

Essential Cell Biology

Converting a Fraction to %

Clock will move after 1 minute

Intracellular Compartments and Transport

PSSA Preparation.

Essential Cell Biology

Immunobiology: The Immune System in Health & Disease Sixth Edition

Physics for Scientists & Engineers, 3rd Edition

Energy Generation in Mitochondria and Chlorplasts

Select a time to count down from the clock above

Murach’s OS/390 and z/OS JCLChapter 16, Slide 1 © 2002, Mike Murach & Associates, Inc.

Presentation transcript:

User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa

2 What is the process of securing a web application?

3

4 What is the most common method of end user security?

5 Password! (user name and password combination)

6 What is the weakest method for end user security?

7 Password!!

8 Why do we keep using the weakest form of security as the most widely used form of security?

9 Many reasons … Historical reasons Ease of use reasons Ease of deployment reasons

10 What are the alternatives for strengthening the security of end users?

11 Change from the paradigm of “something you know” to a “something you have” or “something you are”

12 What is practical for end users of web applications?

13 Something you have? A physical token Mag strip card Smart card with chip

14 A physical token based end user security scheme could be impractical At present, need specialized hardware This could change in the future

15 Something you are? A biometric Fingerprint scan Iris scan Retina scan

16 A biometric based end user security scheme could be impractical At present, need specialized hardware This could change in the future

17 What are the other alternatives?

18 Direct Two Factor Security Schemes

19 Combine “Something you know” with “Something you have” ATM card with PIN

20 Combine “Something you know” with “Something you are” Thumb print with Employee ID

21 The practical problems making direct two factor security schemes impractical still persists...

22 Are there any more alternatives?

23 Indirect Two Factor Security Schemes

24 The key idea is to use Two Channels of Communication

25 The First Channel Web Application Accessed through the computing device and Internet

26 The Second Channel Indirect Communication , SMS, Post

27 How does it work?

28 e-Post user enters the User ID Receives a randomly generated number in a SMS

29 Prerequisites Register the mobile phone number with e-Post Service Can be done at the time of registering for service

30 e-Post user enters the User ID Enters random number From a list of numbers received through Post

31 Prerequisites Receive the list of numbers periodically Users registered for services receive through post

32 Important Lesson #1 No secret password that a user needs to remember

33 Important Lesson #2 No special hardware or software required

34 Important Lesson #3 Must be usable Anytime Anywhere

35 Important Lesson #4 No single solution fits all users!

36 Important Lesson #5 Must be intuitive to use No learning curve No training

37 Important Lesson #6 Must be difficult for users to make mistakes

38 Important Lesson #7 Must be secure against hacking No stored secrets to steal!

39 Important Lesson #8 Must be secure against phishing No easy way to trick the user!

40 Important Lesson #9 Must be fast No complicated processing at the user (front end) or at the service (back end)

41 Important Lesson #10 Important Lesson #11 Important Lesson #12...

42 Thank You