CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007.

Slides:

Advertisements

Similar presentations

McAfee One Time Password

Advertisements

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

Challenges of Identity Fraud Chris Voice, VP Technology.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

7 Effective Habits when using the Internet Philip O’Kane 1.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

IDENTITY THEFT By Beaudan S and Tazwaar A. Identity Theft Identity theft is hard to protect against because hackers are getting better and better and.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

An Investigation into E-Commerce Frauds and their Security Implications By Kevin Boardman Supervisor: John Ebden 1 November 2004.

Company Three By: Jeffery T. Pelletier 12/03/2004.

RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004.

1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

RSA SecurID November 10, 2005.

Digital Payment Systems

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

How It Applies In A Virtual World

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Internet safety By Lydia Snowden.

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

CertAnon Anonymous WAN Authentication Service Milestone Presentation Red Group CS410 April 5, 2007.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

PART THREE E-commerce in Action Norton University E-commerce in Action.

Information Systems Today, 2/C/e ©2008 Pearson Education Canada Lecture Outline eCommerce Highlights of Electronic Business 2-1.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Virtual Private Network (VPN). ©2001 Check Point Software Technologies Ltd. - Proprietary & Confidential “ If saving money is wrong, I don’t want.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education

© NeoAccel, Inc. TWO FACTOR AUTHENTICATION Corporate Presentation.

Threat to I.T Security By Otis Powers. Hacking Hacking is a big threat to society because it could expose secrets of the I.T industry that perhaps should.

Mobile Technology and Cyber Threats Deon Woods Bell Office of International Affairs The Fifth Annual African Consumer Protection Dialogue Conference Livingstone,

Anderson School of Management University of New Mexico.

© 2014 CustomerXPs Software Pvt Ltd | | Confidential 1 Tentacles of Fraud #StarfishBanks CustomerXPs Software Private Limited.

Dan Johnson. What is a hashing function? Fingerprint for a given piece of data Typically generated by a mathematical algorithm Produces a fixed length.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Presented for: Local Businesses. About Fargo Local Wi-Fi Why is free Wi-Fi important? What is Social HotSpot™ marketing? How does it work ? What are the.

Making Managed Services Easier Presenter: Greg Henderson Director, International.

CertAnon Anonymous WAN Authentication Service Approval Presentation Red Group CS410 May 1, 2007.

IT Banking Advantages and Disadvantages. Advantages IT banking is faster and more convenient for the user as they no longer are required to be at the.

CCT355H5 F Presentation: Phishing November Jennifer Li.

Mail-Filters The Global Leader in OEM Anti-Spam Solutions.

INTERNET SAFETY FOR KIDS

Copyright ©2005 CNET Networks, Inc. All rights reserved. Practice safety Learn how to protect yourself against common attacks.

TransArmorSM A Secure Transaction ManagementSM Solution

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

Problems With Centralized Passwords Dartmouth College PKI Lab.

Adxstudio Portals Training

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.

1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.

Protecting Yourself from Fraud including Identity Theft Advanced Level.

HOTP IETF Draft David M’Raihi IETF Meeting - March 10, 2005.

5.6- Demonstrate how to be a responsible consumer in the 21 st century Roll Call Question: Something that you learned in this unit.

Online Banking. Learning Objectives To learn how society has been affected by online banking.

The Best Ecommerce Platforms & Shopping Carts for Multi-vendor Ecommerce Marketplaces

TECHNOLOGY TRANSFORMATION SEMINAR ‘ ACCESS1513 PREPAID INTERNET CARD- IT’S IMPACT ON ICT DEVELOPMENT’ Resource Person : Chris Quartey 23 RD MARCH, 2006.

KASPERSKY INTERNET SECURITY FOR ANDROID. YOUR MOBILE DEVICES NEED PROTECTION More online communications and transaction are happening on tablets and phones.

Warm Up: Identity Theft: Quick Write 1. What is Identity Theft? 2. What is Fraud?

Chapter One: Mastering the Basics of Security

Common Methods Used to Commit Computer Crimes

Online Banking Security

Cybersecurity Awareness

Use of Biometric Technology in Payments to avoid Frauds

Presentation transcript:

CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007

Our Team 3/1/2007 Red Group 2

Threatening News 1/5/2007: In an Instant, Retirement Savings Vanish 2/15/2007: Online Identity Stolen 2/20/2007: Phishers Targeting MySpace 2/23/2007: Free Wi-Fi scam hitting airports 2/26/2007: Trojan Horse Designed to Steal Usernames and Passwords 3/1/2007 Red Group 3

How About You? How many online accounts do you have? How many passwords do you have to remember? How do you manage them? 3/1/2007 Red Group 4

The Problem Single-factor password authentication is easily compromised and endangers the security of online accounts. –Username/Password paradigm is insecure 1 –Management of multiple strong passwords is difficult for individuals –Fraudulent online account access is increasing 3/1/2007 Red Group

The Endangered Password More online accounts = more passwords Complexity of passwords is limited by the human factor 2 Vulnerability is enhanced by the technology factor Dissemination is too easy Once compromised, a password is no longer effective for authentication 3/1/2007 Red Group

Going Phishing Phishing sites are on the rise 3 Over 7 million phishing attempts per day 3/1/2007 Red Group 7 3. Anti-Phishing Working Group -

CertAnon - A New Proposal Anonymous WAN authentication service –Used for any and all online accounts –Strong two-factor authentication –Limited information sharing Partner with online businesses Initial customers are Internet users 3/1/2007 Red Group 8

Goal and Objectives Build a WAN authentication service that permits customers to securely access all of their online accounts using a single access method –Build our website –Write software modules for partner sites –Develop testing portal –Install authentication servers –Distribute tokens –Beta-testing, then go live! 3/1/2007 Red Group 9

What Would It Look Like? 3/1/2007 Red Group 10

Two-factor Authentication 4 Something you know –A single PIN Plus something you have –Hardware token generating pseudo- random numbers Effectively changes your password every 60 seconds 3/1/2007 Red Group RSA -

3/1/2007 Red Group 12

3/1/2007 Red Group 13 Token Setup Process

3/1/2007 Red Group 14 Account Setup Process

Who is Our Customer? Individual Internet User –Purchases CertAnon token for one-time fee of $50 Obtaining a critical mass of customers makes CertAnon a must have for online vendors –Could give leverage to charge vendors in the future 3/1/2007 Red Group 15

About the Customer 3/1/2007 Red Group 16 % 5. Internet World Stats Clickz.com Clickz.com RSA Security Password Management Survey -

Why Will The Customer Care? Reduce/eliminate need for multiple passwords Avoid password theft and unauthorized account access No information stored on a card that can be lost No password database to be hacked 3/1/2007 Red Group 17

What’s in it for a business? 3/1/2007 Red Group 18 It’s free No need to implement a costly proprietary solution Improves security of customer base by moving more people away from passwords Snaps into existing infrastructure with minimal development Customers who don't switch will be unaffected

Competition Matrix 3/1/2007 Red Group 19

Cons Still not perfectly secure Token trouble –Forgotten –Broken –Lost or stolen Inadequate for sight-impaired users 3/1/2007 Red Group 20

Risks & Mitigation 3/1/2007 Red Group 21 ImpactImpact Probability (1-Low to 5-High) #RiskMitigation 1TrustBeta-testing 2Customer understanding Tutorials on website 3Reliance on token sales revenue Encourage early partner site adoption 4Viable alternativesSingle source two-factor 5 Token lossProvide temporary password access 6Token availabilityOffer online and through retail outlets 7Government vs. Anonymity Follow the lead of encryption products

Costs & Revenue 3/1/2007 Red Group 22 Servers$16,000 RSA training$1, developers (3yr)$600,000 Server/application admin (3yr)$414,000 Co-location and access costs (3yr)$144,000 RSA Authentication Manager (3yr)*$3,600,000 Tokens* and Total * $34,775,600 Revenue*$50,000,000 *Based on sales of one million tokens

Conclusion Available, affordable, and proven technology Targets a large and growing market Benefits consumers and online businesses Manageable project scope, scaleable product 3/1/2007 Red Group 23

References “Failure of Two-Factor Authentication.” Schneier on Security. 12 Jul Bruce Schneier. 28 Jan “Internet Penetration and Impact.” Pew/Internet. April Pew Internet & American Life Project. 28 Jan “Internet Statistics Compendium - Sample.” E-consultancy.com. 9 Jan E-consultancy.com LTD. 28 Jan “Internet World Stats.” Internet World Stats. 11 Jan Internet World Stats. 15 Feb “Online Banking Increased 47% since 2002.” ClickZ Stats. 9 Feb The ClickZ Network. 15 Feb /1/2007 Red Group 24

References (cont.) “Phishing Activity Trends: Report for the Month of November, 2006.” Anti-Phishing Working Group. Nov Anti-Phishing Working Group. 28 Jan “Real-World Passwords.” Schneier on Security. 14 Dec Bruce Schneier. 28 Jan “RSA SecurID Authentication.” RSA Security RSA Security, Inc. 28 Jan “RSA Security Password Management Survey.” RSA Security. Sep Wikipedia. 15 Feb “Rural America Slow to Adopt Broadband.” ClickZ Stats. 27 Feb The ClickZ Network. 28 Feb /1/2007 Red Group 25