CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

Slides:



Advertisements
Similar presentations
High Validation SSL Certificates Mike Davies Marketing Director VeriSign Security Services EMEA.
Advertisements

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Identity Security Time to Share Nicolas Popp VeriSign MM/DD/YY - Session Code: 22 pt Arial.
Lesson 11 Using Online Banking. Key Terms Account Transfer – online transfer of money; ex. Savings to checking acct. Fraud – using trickery to convince.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
By: Ansuya Chauhan.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Understand the effects of e-commerce on society
RSA SecurID November 10, 2005.
PayPal as an Additional Payment Option How Merchants Can Benefit When They Accept PayPal on Their Site.
Digital Payment Systems
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
How To Protect Your Privacy and Avoid Identity Theft Online.
What is Commerce? “Seller” “Buyer” Transaction Basic Computer Concepts
Dr. John P. Abraham Professor UTPA.  Particularly attacks university computers  Primarily originating from Korea, China, India, Japan, Iran and Taiwan.
First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Copyright © 2002 Pearson Education, Inc. Slide 6-1.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
CertAnon Anonymous WAN Authentication Service Milestone Presentation Red Group CS410 April 5, 2007.
CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007.
© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.
Module 3: Business Information Systems Chapter 8: Electronic and Mobile Commerce.
CertAnon Anonymous WAN Authentication Service Approval Presentation Red Group CS410 May 1, 2007.
Privacy & Security Online Ivy, Kris & Neil Privacy Threat - Ivy Is Big Brother Watching You? - Kris Identity Theft - Kris Medical Privacy - Neil Children’s.
1 Protecting Consumers from Themselves Presented by the State Information Security Office & the California Office of Privacy Protection September 13, 2007.
Phishing Pharming Spam. Phishing: Definition  A method of identity theft carried out through the creation of a website that seems to represent a legitimate.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Lieberman Software Random Password Manager & Two-Factor Authentication.
Windows CardSpace Martin Parry Developer Evangelist Microsoft
McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Problems With Centralized Passwords Dartmouth College PKI Lab.
Lecture 1 Page 1 CS 236 Online What Are Our Security Goals? CIA Confidentiality –If it’s supposed to be a secret, be careful who hears it Integrity –Don’t.
PAYPAL PRESENTED TO:SIR ADNAN PRESENTED BY:SAIMA ASGHAR
INFORMATION TECHNOLOGY IN A GLOBAL SOCIETY: SECURITY Taylor Moncrief.
Adxstudio Portals Training
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
E-Commerce Systems Chapter 8 Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Introduction: Introduction: As technology advances, we have cheaper and easier ways to stay connected to the world around us. We are able to order almost.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
TAKE CHARGE OF YOUR FINANCES Submitted by- Ankita Pabale WRO ONLINE BANKING.
Online Banking. Learning Objectives To learn how society has been affected by online banking.
30 Apps for Librarians Sana Moulder & Bryson Kopf.
Mobile Money 1/37 Fiserv Mobile Money Staff Education © 2010 Beavercreek Marketing, a division of Beavercreek Inc. All rights reserved. All trademarks.
RADIUS By: Nicole Cappella. Overview  Central Authentication Services  Definition of RADIUS  “AAA Transaction”  Roaming  Security Issues and How.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
Done by… Hanoof Al-Khaldi Information Assurance
Entrepreneurship Secure Ordering Presented By Mrs. Bowden.
Data and Applications Security Developments and Directions
Information Security Session October 24, 2005
Who Uses Encryption? Module 7 Section 3.
David J. Carter, CISO Commonwealth Office of Technology
Presentation transcript:

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007

A Wired World Who is online? 1 –73% of American adults –88% of year-olds –91% of college-educated adults What are they doing? 2 –Communicating –Shopping –Banking 1.US users, April UK users, Q compendium/

The Identity Issue Strong authentication needed for online accounts –Permit remote access for authorized users –Allow the good guys in –Keep the bad guys out Typically done via username/password mechanism

The Problem with Passwords More online accounts = more passwords Complexity of passwords is limited by the human factor 3 Vulnerability is enhanced by the technology factor Password control is difficult 4 –Dissemination is too easy Once compromised, a password is no longer effective for authentication

The Risk of Theft Phishing attempts are on the rise 5 –Social engineering tricks users into divulging info –Crimeware steals account credentials directly 5. Anti-Phishing Working Group -

What’s Been Tried? Microsoft.NET Passport 6 and Sun Liberty Alliance 7 –Single sign-on services for web commerce –Privacy concerns –Relied on username/password paradigm Company-specific token authentication –A token for every site 6. Wikipedia Wikipedia -

A New Proposal Anonymous WAN authentication service –Used for any and all online accounts –Strong two-factor authentication –Limited information sharing Initial customers are Internet users Ultimate customers are online businesses

Two-factor Authentication 8 Something you know –A single PIN Plus something you have –Hardware token generating pseudo-random numbers Effectively changes your password every 60 seconds 8. RSA -

CertAnon Hardware Four global servers running RSA Authentication Manager RSA SecurID tokens available for retail purchase

CertAnon Software Public web service –Encrypted authentication request/response Free software modules for download by web site operators –Encourages adoption of CertAnon authentication

How Does It Work for Me? Buy a token –Anonymous purchase Register it with CertAnon –Anonymous registration Create a web account anywhere –Check the box “I use CertAnon” Link that account to your token –And off you go!

How About the Web Sites? Register servers with CertAnon Receive key to encrypt requests Make CertAnon authentication available to customers Authentication requests are sent to all CertAnon servers –First to respond is accepted

Benefits Consumers –Only one pin to remember –Authenticate without sharing identity –Increased security –Pay once, protect forever Businesses –Free for early adopters –No more password management –Close the “trust gap”

Pitfalls Requires adoption by consumers and businesses –Establish trust –Make it easy to get and easy to use Not a silver bullet –Part of defense-in-depth strategy Governmental resistance to anonymity –Similar hurdles faced by encryption products

It Can Be Done Available, affordable, and proven technology Targets a large and growing market Benefits consumers and online businesses Manageable project scope, scaleable product Build it and they will come!

Works Cited “Failure of Two-Factor Authentication.” Schneier on Security. 12 Jul Bruce Schneier. 28 Jan “Internet Penetration and Impact.” Pew/Internet. April Pew Internet & American Life Project. 28 Jan “Internet Statistics Compendium - Sample.” E-consultancy.com. 9 Jan E-consultancy.com LTD. 28 Jan “Liberty Alliance.” Wikipedia. 25 Jan Wikipedia. 28 Jan

Works Cited (cont.) “Phishing Activity Trends: Report for the Month of November, 2006.” Anti-Phishing Working Group. Nov Anti- Phishing Working Group. 28 Jan “Real-World Passwords.” Schneier on Security. 14 Dec Bruce Schneier. 28 Jan “RSA SecurID Authentication.” RSA Security RSA Security, Inc. 28 Jan “Windows Live ID.” Wikipedia. 23 Jan Wikipedia. 28 Jan