Presentation is loading. Please wait.

Presentation is loading. Please wait.

CertAnon Anonymous WAN Authentication Service Milestone Presentation Red Group CS410 April 5, 2007.

Published byAvice Thomas Modified over 9 years ago

Similar presentations

Presentation on theme: "CertAnon Anonymous WAN Authentication Service Milestone Presentation Red Group CS410 April 5, 2007."— Presentation transcript:

1 CertAnon Anonymous WAN Authentication Service Milestone Presentation Red Group CS410 April 5, 2007

2 Red Group2 Presentation Outline Problem Description Solution Description Process Description Solution Characteristics Marketing Plan, ROI Management Plan Milestones, Deliverables, Budgets Risk Management Conclusion

3 April 5, 2007Red Group3 Who is Chockalingam Ramanathan? Part of a group using stolen passwords to empty investors’ accounts 1 Hit prominent brokers such as TD Ameritrade, E*Trade, and Charles Schwab Resulted in more than $2 million in losses, which were absorbed by the brokers Fourth tech-intrusion case filed by the SEC since December 2006 1. http://www.washingtonpost.com/wp-dyn/content/article/2007/03/12/AR2007031201558.html

4 April 5, 2007Red Group4 Fraud Stats From 2005 – 2006 2 –8.9 million victims of online fraud or identity theft –Total losses to identity theft and online fraud jumped from $54.4 billion to $56.6 billion –Mean resolution time per incident skyrocketed from 28 to 40 hours per victim 2. http://www.verisignsecured.com/content/Default.aspx?edu_stats_body.html

5 April 5, 2007Red Group5 Phishing sites are on the rise 3 Over 7 million phishing attempts per day 3. Anti-Phishing Working Group - http://www.antiphishing.org/ Going Phishing

6 April 5, 2007Red Group6 Consumers’ Online Activities % 4. Clickz.com - http://www.clickz.com/showPage.html?page=3481976#table 5. Clickz.com - http://www.clickz.com/img/Share_of_Time.html

7 April 5, 2007Red Group7 % 6. RSA Security Password Management Survey - http://www.rsa.com/products/SOM/whitepapers/PASSW_WP_0906.pdf Password Overload

8 April 5, 2007Red Group8 Single-factor password authentication is easily compromised and endangers the security of online accounts. –Username/Password paradigm is insecure 7 –Management of multiple strong passwords is difficult for individuals –Fraudulent online account access and associated costs are increasing 7. http://www.schneier.com/crypto-gram-0503.html#2 The Problem

9 April 5, 2007Red Group9 More online accounts = more passwords Complexity of passwords is limited by the human factor 8 Vulnerability is enhanced by the technology factor Dissemination is too easy Once compromised, a password is no longer effective for authentication 8. http://www.schneier.com/blog/archives/2006/12/realworld_passw.html The Endangered Password

10 April 5, 2007Red Group10 Anonymous WAN authentication service –Used for any and all online accounts –Strong two-factor authentication –Limited information sharing Partner with online businesses Initial customers are Internet users CertAnon – A New Proposal

11 April 5, 2007Red Group11 Something you know –A single PIN Plus something you have –Hardware token generating pseudo- random numbers Effectively changes your password every 60 seconds 9. RSA - http://www.rsasecurity.com/node.asp?id=1156 Two-Factor Authentication 9

12 April 5, 2007Red Group12 RSA SecurID Users

13 April 5, 2007Red Group13 Rolls Royce & Bentley Motor Cars –Uses RSA SecurID authentication –Enables them to use the Internet securely as a cost-effective and efficient extension to their corporate network E*Trade Financial –Provides retail customers the option to add Digital Security ID to their Internet security solution –Helps guard against unauthorized account access Two-Factor Acceptance

14 April 5, 2007Red Group14 Goals and Objectives Build a WAN authentication service that permits customers to securely access all of their online accounts using a single access method –Build our website –Write software modules for partner sites –Develop testing portal –Install authentication servers –Distribute tokens –Beta-testing, then go live!

15 April 5, 2007Red Group15 What Would It Look Like?

16 April 5, 2007Red Group16

17 April 5, 2007Red Group17 Two sales channels Individual Internet user (210 million of them!) –Purchases CertAnon token for one-time fee of $50 –Obtaining a critical mass of customers makes CertAnon a must have for online vendors –Could provide leverage to charge vendors on a transaction basis in the future Security-conscious businesses –Purchase batches of tokens for redistribution to their customers –Focus on those without proprietary solutions Who is Our Customer?

18 April 5, 2007Red Group18 Marketing Strategy Offer software modules for customer integration –Freely available to encourage adoption of the service Approach financial companies not already using a two-factor authentication method –Bulk token sales –Enable them to offer the same customer security as larger competitors without the infrastructure expense –Token reusability will encourage faster customer adoption Advertising strategies –Internet advertising –Computer shows/trade shows –Promotional token giveaways

19 April 5, 2007Red Group19 Reduce/eliminate need for multiple passwords Avoid password theft, unauthorized account access, and fraud Information isn’t stored on a card or device that can be lost Passwords are not stored in a hackable database that is a single point of failure ROI for Consumers

20 April 5, 2007Red Group20 Very low cost Avoid implementing a costly proprietary solution Improves security of customer base by moving more people away from passwords Reduces losses from fraud reimbursement Snaps into existing infrastructure with minimal development Customers who don't use CertAnon will be unaffected ROI for Businesses

21 April 5, 2007Red Group21 Reliance on a physical token –Forgotten –Broken –Lost or stolen Inadequate for sight-impaired users Customer service coordination will need to be handled carefully Cons

22 April 5, 2007Red Group22 Competition Matrix

23 April 5, 2007Red Group23 Management Plan

24 April 5, 2007Red Group24 Team Communications Team meetings (via AOL AIM): –Sunday/Tuesday 8:00 P.M. –Additional meetings as needed –Meetings with Professor Brunelle as needed –Meetings with Technical Advisors as needed Google Group for document management and messaging

25 April 5, 2007Red Group25 Phase 0 Gantt Chart

26 April 5, 2007Red Group26 Phase 1 Gantt Chart

27 April 5, 2007Red Group27 Phase 1 Organizational Chart

28 April 5, 2007Red Group28 Phase 1 Staffing Budget

29 April 5, 2007Red Group29 Phase 1 Resource Budget

30 April 5, 2007Red Group30 Phase 2 Gantt Chart

31 April 5, 2007Red Group31 Phase 2 Organizational Chart

32 April 5, 2007Red Group32 Phase 2 Staffing Budget

33 April 5, 2007Red Group33 Phase 2 Resource Budget

34 April 5, 2007Red Group34 Phase 3 Gantt Chart

35 April 5, 2007Red Group35 Phase 3 Organizational Chart

36 April 5, 2007Red Group36 Phase 3 Staffing Budget

37 April 5, 2007Red Group37 Phase 3 Resource Budget

38 April 5, 2007Red Group38 Total Project Cost

39 April 5, 2007Red Group39 Break Even Analysis

40 April 5, 2007Red Group40 Funding Plan SBIR Funding Agency: National Science Foundation –Phase 1: $100,000 –Phase 2: $750,000 or two years Phase 3 –Small business loan –Venture capital investment –Revenue from token sales

41 April 5, 2007Red Group41 Risk Management Plan Identify project risks Determine the phase that the risk is in Categorize risks according to probability and impact Reduce risks before or as they happen with mitigation actions Continue to reevaluate risks during all phases Watch for new risks

42 April 5, 2007Red Group42 ImpactImpact 5 521 4 3 63 2 74 1 12345 Probability #RiskMitigation 1TrustBeta-testing 2Customer understanding Tutorials on website 3Reliance on token sales revenue Encourage early partner site adoption 4Viable alternativesSingle source two-factor 5 Token lossProvide temporary password access 6Token availabilityOffer online and through retail outlets 7Government vs. Anonymity Follow the lead of encryption products (1-Low to 5-High) Risks and Mitigation

43 April 5, 2007Red Group43 Evaluation Plan Time –Measured against baseline project plan Cost –Measured against budget plan by phase Scope –Measured against requirement document Quality –Measured by customer adoption rate and satisfaction

44 April 5, 2007Red Group44 Evaluation Phases Phase 0 –Idea developed –Project website developed –Funding secured Phase 2 –Product design –Software module development –Software module testing –Integration testing –Finished product Phase 1 –Prototype design –Working prototype –Initial customer demonstration Phase 3 –First sale completed –Product released –Marketing plan developed –Successful marketing –New contracts acquired

45 April 5, 2007Red Group45 Available, affordable, and proven technology Targets a large and growing market Benefits consumers and online businesses Scaleable service Manageable project scope, achievable milestones Conclusion

46 April 5, 2007Red Group46 “3 Indicted in Online Brokerage Hacking Scheme.” Washington Post. 13 Mar. 2007. Carrie Johnson. 2 Apr. 2007. “Failure of Two-Factor Authentication.” Schneier on Security. 12 Jul. 2006. Bruce Schneier. 28 Jan. 2007. “Internet Penetration and Impact.” Pew/Internet. April 2006. Pew Internet & American Life Project. 28 Jan. 2007. “Internet Statistics Compendium - Sample.” E-consultancy.com. 9 Jan. 2007. E-consultancy.com LTD. 28 Jan. 2007. “Internet World Stats.” Internet World Stats. 11 Jan. 2007. Internet World Stats. 15 Feb. 2007. “Online Banking Increased 47% since 2002.” ClickZ Stats. 9 Feb. 2007. The ClickZ Network. 15 Feb. 2007. References

47 April 5, 2007Red Group47 References (cont.) “Phishing Activity Trends: Report for the Month of November, 2006.” Anti-Phishing Working Group. Nov. 2006. Anti-Phishing Working Group. 28 Jan. 2007. “Real-World Passwords.” Schneier on Security. 14 Dec. 2006. Bruce Schneier. 28 Jan. 2007. “RSA SecurID Authentication.” RSA Security. 2007. RSA Security, Inc. 28 Jan. 2007. “RSA Security Password Management Survey.” RSA Security. Sep. 2006. Wikipedia. 15 Feb. 2007. “Share of Time Spent Online.” ClickZ Stats. 27 Feb. 2007. The ClickZ Network. 28 Feb. 2007.

48 April 5, 2007Red Group48 Appendix Abstract Management Plan Staffing Plan Risk Management Plan Evaluation Plan Marketing Plan Resource Plan Funding Plan Hardware Specifications SBIR Document Additional Diagrams

Download ppt "CertAnon Anonymous WAN Authentication Service Milestone Presentation Red Group CS410 April 5, 2007."

Similar presentations

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Future Marketing Strategy Beth Evarts. What is Marketing? ( Wikipedia ) Marketing is the process which creates communicates delivers the value to the.

Future Marketing Strategy Beth Evarts. What is Marketing? ( Wikipedia ) Marketing is the process which creates communicates delivers the value to the.
My Name is Todd Davis My Social Security # is 457-55-5462 www.jsmokey.com/wsb 337-794-4893.

My Name is Todd Davis My Social Security # is
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.

Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.

DEPARTMENT OBJECTIVES 1. To Identify and deploy information technology to meet business objective at CKPL. 2.To Provide support to users for systems usage.
An Investigation into E-Commerce Frauds and their Security Implications By Kevin Boardman Supervisor: John Ebden 1 November 2004.

An Investigation into E-Commerce Frauds and their Security Implications By Kevin Boardman Supervisor: John Ebden 1 November 2004.
E-banking.

E-banking.
Global Procurement Solutions (GPS) Manager of Business Development Final Project, Fall semester December 16, 2000.

Global Procurement Solutions (GPS) Manager of Business Development Final Project, Fall semester December 16, 2000.
Well, Sort-of.

Well, Sort-of.
Company Three By: Jeffery T. Pelletier 12/03/2004.

Company Three By: Jeffery T. Pelletier 12/03/2004.
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.

1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
1 Chapter 5 Electronic Commerce, Intranets, and Extranets Information Systems Today Leonard Jessup and Joseph Valacich.

1 Chapter 5 Electronic Commerce, Intranets, and Extranets Information Systems Today Leonard Jessup and Joseph Valacich.
Project Plan The Development Plan The project plan is one of the first formal documents produced by the project team. It describes  How the project will.

Project Plan The Development Plan The project plan is one of the first formal documents produced by the project team. It describes  How the project will.
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
Objectives Understand how companies find and develop new-product ideas. Learn the steps in the new-product development process. Know the stages of the.

Objectives Understand how companies find and develop new-product ideas. Learn the steps in the new-product development process. Know the stages of the.
Digital Payment Systems

Digital Payment Systems
Wireless Solution Training for the (Enterprise) Carpeted Office February 2004 Tina Herrera

Wireless Solution Training for the (Enterprise) Carpeted Office February 2004 Tina Herrera

Similar presentations

Ads by Google