Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa.

Published byAlivia Chivington Modified over 9 years ago

Similar presentations

Presentation on theme: "User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa."— Presentation transcript:

1 User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa

2 2 What is the process of securing a web application?

3 3

4 4 What is the most common method of end user security?

5 5 Password! (user name and password combination)

6 6 What is the weakest method for end user security?

7 7 Password!!

8 8 Why do we keep using the weakest form of security as the most widely used form of security?

9 9 Many reasons … Historical reasons Ease of use reasons Ease of deployment reasons

10 10 What are the alternatives for strengthening the security of end users?

11 11 Change from the paradigm of “something you know” to a “something you have” or “something you are”

12 12 What is practical for end users of web applications?

13 13 Something you have? A physical token Mag strip card Smart card with chip

14 14 A physical token based end user security scheme could be impractical At present, need specialized hardware This could change in the future

15 15 Something you are? A biometric Fingerprint scan Iris scan Retina scan

16 16 A biometric based end user security scheme could be impractical At present, need specialized hardware This could change in the future

17 17 What are the other alternatives?

18 18 Direct Two Factor Security Schemes

19 19 Combine “Something you know” with “Something you have” ATM card with PIN

20 20 Combine “Something you know” with “Something you are” Thumb print with Employee ID

21 21 The practical problems making direct two factor security schemes impractical still persists...

22 22 Are there any more alternatives?

23 23 Indirect Two Factor Security Schemes

24 24 The key idea is to use Two Channels of Communication

25 25 The First Channel Web Application Accessed through the computing device and Internet

26 26 The Second Channel Indirect Communication Email, SMS, Post

27 27 How does it work?

28 28 e-Post user enters the User ID Receives a randomly generated number in a SMS

29 29 Prerequisites Register the mobile phone number with e-Post Service Can be done at the time of registering for service

30 30 e-Post user enters the User ID Enters random number From a list of numbers received through Post

31 31 Prerequisites Receive the list of numbers periodically Users registered for services receive through post

32 32 Important Lesson #1 No secret password that a user needs to remember

33 33 Important Lesson #2 No special hardware or software required

34 34 Important Lesson #3 Must be usable Anytime Anywhere

35 35 Important Lesson #4 No single solution fits all users!

36 36 Important Lesson #5 Must be intuitive to use No learning curve No training

37 37 Important Lesson #6 Must be difficult for users to make mistakes

38 38 Important Lesson #7 Must be secure against hacking No stored secrets to steal!

39 39 Important Lesson #8 Must be secure against phishing No easy way to trick the user!

40 40 Important Lesson #9 Must be fast No complicated processing at the user (front end) or at the service (back end)

41 41 Important Lesson #10 Important Lesson #11 Important Lesson #12...

42 42 Thank You chandag@cse.mrt.ac.lk

Download ppt "User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa."

Similar presentations

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.

Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
AP STUDY SESSION 2.

AP STUDY SESSION 2.
1

1
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.

© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley

Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.

Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Objectives: Generate and describe sequences. Vocabulary:

Objectives: Generate and describe sequences. Vocabulary:
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
RXQ.11.4.1 Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment (11.3.2.1)

RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
David Burdett May 11, 2004 Package Binding for WS CDL.

David Burdett May 11, 2004 Package Binding for WS CDL.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination. Introduction to the Business.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
We need a common denominator to add these fractions.

We need a common denominator to add these fractions.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.

1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×

Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.

Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.

1 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt 10 pt 15 pt 20 pt 25 pt 5 pt BlendsDigraphsShort.

Similar presentations

Ads by Google