CertAnon Anonymous WAN Authentication Service Approval Presentation Red Group CS410 May 1, 2007
Red Group2 Our Team
May 1, 2007Red Group3 Presentation Outline Problem Description Solution Description Process Description Solution Characteristics Marketing Plan, ROI Management Plan Milestones, Deliverables, Budgets Risk Management Conclusion
May 1, 2007Red Group4 Who is Chockalingam Ramanathan? Part of a group using stolen passwords to empty investors’ accounts 1 Hit prominent brokers such as TD Ameritrade, E*Trade, and Charles Schwab Resulted in more than $2 million in losses, which were absorbed by the brokers Fourth tech-intrusion case filed by the SEC since December
May 1, 2007Red Group5 Fraud Stats From 2005 – –8.9 million victims of online fraud or identity theft –Total losses to identity theft and online fraud jumped from $54.4 billion to $56.6 billion –Mean resolution time per incident skyrocketed from 28 to 40 hours per victim 2.
May 1, 2007Red Group6 Phishing sites are on the rise 3 Over 7 million phishing attempts per day 3. Anti-Phishing Working Group - Going Phishing
May 1, 2007Red Group7 Consumers’ Online Activities % 4. Clickz.com Clickz.com -
May 1, 2007Red Group8 % 6. RSA Security Password Management Survey - Password Overload
May 1, 2007Red Group9 Single-factor password authentication is easily compromised and endangers the security of online accounts. –Username/Password paradigm is insecure 7 –Management of multiple strong passwords is difficult for individuals –Fraudulent online account access and associated costs are increasing 7. The Problem
May 1, 2007Red Group10 More online accounts = more passwords Complexity of passwords is limited by the human factor 8 Vulnerability is enhanced by the technology factor Dissemination is too easy Once compromised, a password is no longer effective for authentication 8. The Endangered Password
May 1, 2007Red Group11 Anonymous WAN authentication service –Used for any and all online accounts –Strong two-factor authentication –Limited information sharing Partner with online businesses Initial customers are Internet users CertAnon – A New Proposal
May 1, 2007Red Group12 Something you know –A single PIN Plus something you have –Hardware token generating pseudo- random numbers Effectively changes your password every 60 seconds 9. RSA - Two-Factor Authentication 9
May 1, 2007Red Group13 RSA SecurID Users
May 1, 2007Red Group14 Rolls Royce & Bentley Motor Cars –Uses RSA SecurID authentication –Enables them to use the Internet securely as a cost-effective and efficient extension to their corporate network E*Trade Financial –Provides retail customers the option to add Digital Security ID to their Internet security solution –Helps guard against unauthorized account access Two-Factor Acceptance
May 1, 2007Red Group15 Reaching the Goal Build a WAN authentication service that permits customers to securely access all of their online accounts using a single access method –Build our website –Write software modules for partner sites –Develop testing portal –Install authentication servers –Distribute tokens –Beta-testing, then go live!
May 1, 2007Red Group16 What Would It Look Like?
May 1, 2007Red Group17
May 1, 2007Red Group18 Two sales channels Individual Internet user (211 million of them!) 10 –Purchases CertAnon token for one-time fee of $50 –Obtaining a critical mass of customers makes CertAnon a must have for online vendors –Could provide leverage to charge vendors on a transaction basis in the future Security-conscious businesses –Purchase batches of tokens for redistribution to their customers –Focus on those without proprietary solutions Who is Our Customer? 10. Internet World Stats -
May 1, 2007Red Group19 Marketing Strategy Offer software modules for customer integration –Freely available to encourage adoption of the service Approach financial companies not already using a two-factor authentication method –Bulk token sales –Enable them to offer the same customer security as larger competitors without the infrastructure expense –Token reusability will encourage faster customer adoption Advertising strategies –Internet advertising –Computer shows/trade shows –Promotional token giveaways
May 1, 2007Red Group20 Reduce/eliminate need for multiple passwords Avoid password theft, unauthorized account access, and fraud Information isn’t stored on a card or device that can be lost Full passcodes not stored in a hackable database that is a single point of failure TBD RU Marketing StrategyROI for Consumers
May 1, 2007Red Group21 Very low cost Avoid implementing a costly proprietary solution Improves security of customer base by moving more people away from passwords Reduces losses from fraud reimbursement Snaps into existing infrastructure with minimal development Customers who don't use CertAnon will be unaffected ROI for Businesses
May 1, 2007Red Group22 Reliance on a physical token –Forgotten –Broken –Lost or stolen Inadequate for sight-impaired users Customer service coordination will need to be handled carefully Cons
May 1, 2007Red Group23 Competition Matrix
May 1, 2007Red Group24 Management Plan
May 1, 2007Red Group25 Team Communications Team meetings (via AOL AIM): –Sunday/Tuesday 8:00 P.M. –Additional meetings as needed –Meetings with Professor Brunelle as needed –Meetings with Technical Advisors as needed Google Group for document management and messaging
May 1, 2007Red Group26 Phase 0 Gantt Chart
May 1, 2007Red Group27 Phase 1 Gantt Chart
May 1, 2007Red Group28 Phase 1 Major Components
May 1, 2007Red Group29 Phase 1 Development WBS
May 1, 2007Red Group30 Phase 1 Organizational Chart
May 1, 2007Red Group31 Phase 1 Staffing Budget
May 1, 2007Red Group32 Phase 1 Resource Budget Description QuantityCost Dell Servers -Web site & DB hosting 4$11,632 Dell Workstations -Dedicated PC’s for team use 5$6,990 MySQL -Web site back end database --$0 PHP -Web sites and plug-in modules --$0 Website -Hosting by ODU 1$0 Total Cost: $18,622 40% Overhead: $7,449 Total Phase 1 Resource Cost: $26,071
May 1, 2007Red Group33 Phase 2 Gantt Chart
May 1, 2007Red Group34 Phase 2 Organizational Chart
May 1, 2007Red Group35 Phase 2 Staffing Budget
May 1, 2007Red Group36 Phase 2 Resource Budget Description QuantityCost RSA Authentication Manager Server License 4$12,000 Dell Servers -Running RSA Authentication Mgr software 4$11,632 Dell Workstations -PC’s for additional staff 4$5,592 RSA Training--$1,600 Visual Studio Professional Used for additional plug-in development2$1,338 RSA Tokens 10$500 Total Cost: $32, % Overhead: $13,065 Total Phase 2 Resource Cost: $45,687
May 1, 2007Red Group37 Phase 3 Gantt Chart
May 1, 2007Red Group38 Phase 3 Organizational Chart
May 1, 2007Red Group39 Phase 3 Staffing Budget
May 1, 2007Red Group40 Phase 3 Resource Budget Description QuantityCost Secure Server Hosting -Hosting authentication servers remotely --$48,000 Dell Workstations -PC’s for additional staff 9$12,582 Dell Servers -Web site database servers with RAID arrays 2$5,816 Total Cost: $66,398 40% Overhead $26,560 Total Phase 3 Resource Cost: $92,958
May 1, 2007Red Group41 Total Project Cost
May 1, 2007Red Group42 Break Even Analysis
May 1, 2007Red Group43 Funding Plan SBIR Funding Agency: National Science Foundation –Phase 1: $100,000 max, $52k planned –Phase 2: $750,000 or two years, $183k planned Phase 3 –Venture capital investment –Small business loan –Revenue from token sales
May 1, 2007Red Group44 Risk Management Plan Identify project risks Determine the phase that the risk is in Categorize risks according to probability and impact Reduce risks before or as they happen with mitigation actions Continue to reevaluate risks during all phases Watch for new risks
May 1, 2007Red Group45 ImpactImpact Probability #RiskMitigation 1TrustBeta-testing 2Customer understanding Tutorials on website 3Reliance on token sales revenue Encourage early partner site adoption 4Viable alternativesSingle source two-factor 5 Token lossProvide temporary password access 6Token availabilityOffer online and through retail outlets 7Government vs. Anonymity Follow the lead of encryption products (1-Low to 5-High) Risks and Mitigation
May 1, 2007Red Group46 Evaluation Plan Time –Measured against baseline project plan Cost –Measured against budget plan by phase Scope –Measured against requirement document Quality –Measured by customer adoption rate and satisfaction
May 1, 2007Red Group47 Evaluation Phases Phase 0 –Idea developed –Project website developed –Funding secured Phase 2 –Product design –Software module development –Software module testing –Integration testing –Finished product Phase 1 –Prototype design –Working prototype –Initial customer demonstration Phase 3 –First sale completed –Product released –Marketing plan developed –Successful marketing –New contracts acquired
May 1, 2007Red Group48 Available, affordable, and proven technology Targets a large and growing market Benefits consumers and online businesses Scaleable service Manageable project scope, achievable milestones Conclusion
May 1, 2007Red Group49 “3 Indicted in Online Brokerage Hacking Scheme.” Washington Post. 13 Mar Carrie Johnson. 2 Apr “Internet Penetration and Impact.” Pew/Internet. April Pew Internet & American Life Project. 28 Jan “Internet Statistics Compendium - Sample.” E-consultancy.com. 9 Jan E-consultancy.com LTD. 28 Jan “Internet World Stats.” Internet World Stats. 10 Mar Internet World Stats. 22 Apr “Online Banking Increased 47% since 2002.” ClickZ Stats. 9 Feb The ClickZ Network. 15 Feb References
May 1, 2007Red Group50 References (cont.) “Phishing Activity Trends: Report for the Month of November, 2006.” Anti-Phishing Working Group. Nov Anti-Phishing Working Group. 28 Jan “Real-World Passwords.” Schneier on Security. 14 Dec Bruce Schneier. 28 Jan “RSA SecurID Authentication.” RSA Security RSA Security, Inc. 28 Jan “RSA Security Password Management Survey.” RSA Security. Sep Wikipedia. 15 Feb “Share of Time Spent Online.” ClickZ Stats. 27 Feb The ClickZ Network. 28 Feb
May 1, 2007Red Group51 Appendix Abstract SBIR Document Management Plan Evaluation Plan Resource Plan Marketing Plan Funding Plan Staffing Plan Risk Management Plan Hardware Specifications Work Breakdown Structure Additional Diagrams