Presentation is loading. Please wait.

Presentation is loading. Please wait.

CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007.

Published byShannon Chambers Modified over 9 years ago

Similar presentations

Presentation on theme: "CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007."— Presentation transcript:

1 CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007

2 Our Team 3/1/2007 Red Group 2

3 Threatening News 1/5/2007: In an Instant, Retirement Savings Vanish 2/15/2007: Online Identity Stolen 2/20/2007: Phishers Targeting MySpace 2/23/2007: Free Wi-Fi scam hitting airports 2/26/2007: Trojan Horse Designed to Steal Usernames and Passwords 3/1/2007 Red Group 3

4 How About You? How many online accounts do you have? How many passwords do you have to remember? How do you manage them? 3/1/2007 Red Group 4

5 The Problem Single-factor password authentication is easily compromised and endangers the security of online accounts. –Username/Password paradigm is insecure 1 –Management of multiple strong passwords is difficult for individuals –Fraudulent online account access is increasing 3/1/2007 Red Group 5 1. http://www.schneier.com/crypto-gram-0503.html#2

6 The Endangered Password More online accounts = more passwords Complexity of passwords is limited by the human factor 2 Vulnerability is enhanced by the technology factor Dissemination is too easy Once compromised, a password is no longer effective for authentication 3/1/2007 Red Group 6 2. http://www.schneier.com/blog/archives/2006/12/realworld_passw.html

7 Going Phishing Phishing sites are on the rise 3 Over 7 million phishing attempts per day 3/1/2007 Red Group 7 3. Anti-Phishing Working Group - http://www.antiphishing.org/

8 CertAnon - A New Proposal Anonymous WAN authentication service –Used for any and all online accounts –Strong two-factor authentication –Limited information sharing Partner with online businesses Initial customers are Internet users 3/1/2007 Red Group 8

9 Goal and Objectives Build a WAN authentication service that permits customers to securely access all of their online accounts using a single access method –Build our website –Write software modules for partner sites –Develop testing portal –Install authentication servers –Distribute tokens –Beta-testing, then go live! 3/1/2007 Red Group 9

10 What Would It Look Like? 3/1/2007 Red Group 10

11 Two-factor Authentication 4 Something you know –A single PIN Plus something you have –Hardware token generating pseudo- random numbers Effectively changes your password every 60 seconds 3/1/2007 Red Group 11 4. RSA - http://www.rsasecurity.com/node.asp?id=1156

12 3/1/2007 Red Group 12

13 3/1/2007 Red Group 13 Token Setup Process

14 3/1/2007 Red Group 14 Account Setup Process

15 Who is Our Customer? Individual Internet User –Purchases CertAnon token for one-time fee of $50 Obtaining a critical mass of customers makes CertAnon a must have for online vendors –Could give leverage to charge vendors in the future 3/1/2007 Red Group 15

16 About the Customer 3/1/2007 Red Group 16 % 5. Internet World Stats - http://www.internetworldstats.com/stats2.htm 6. Clickz.com - http://www.clickz.com/showPage.html?page=3481976#table 7. Clickz.com - http://www.clickz.com/showPage.html?page=3587781#table2 8. RSA Security Password Management Survey - http://www.rsa.com/products/SOM/whitepapers/PASSW_WP_0906.pdf

17 Why Will The Customer Care? Reduce/eliminate need for multiple passwords Avoid password theft and unauthorized account access No information stored on a card that can be lost No password database to be hacked 3/1/2007 Red Group 17

18 What’s in it for a business? 3/1/2007 Red Group 18 It’s free No need to implement a costly proprietary solution Improves security of customer base by moving more people away from passwords Snaps into existing infrastructure with minimal development Customers who don't switch will be unaffected

19 Competition Matrix 3/1/2007 Red Group 19

20 Cons Still not perfectly secure Token trouble –Forgotten –Broken –Lost or stolen Inadequate for sight-impaired users 3/1/2007 Red Group 20

21 Risks & Mitigation 3/1/2007 Red Group 21 ImpactImpact 5 521 4 3 63 2 74 1 12345 Probability (1-Low to 5-High) #RiskMitigation 1TrustBeta-testing 2Customer understanding Tutorials on website 3Reliance on token sales revenue Encourage early partner site adoption 4Viable alternativesSingle source two-factor 5 Token lossProvide temporary password access 6Token availabilityOffer online and through retail outlets 7Government vs. Anonymity Follow the lead of encryption products

22 Costs & Revenue 3/1/2007 Red Group 22 Servers$16,000 RSA training$1,600 1.5 developers (3yr)$600,000 Server/application admin (3yr)$414,000 Co-location and access costs (3yr)$144,000 RSA Authentication Manager (3yr)*$3,600,000 Tokens* and packaging @$30$30,000,000 Total * $34,775,600 Revenue*$50,000,000 *Based on sales of one million tokens

23 Conclusion Available, affordable, and proven technology Targets a large and growing market Benefits consumers and online businesses Manageable project scope, scaleable product 3/1/2007 Red Group 23

24 References “Failure of Two-Factor Authentication.” Schneier on Security. 12 Jul. 2006. Bruce Schneier. 28 Jan. 2007. “Internet Penetration and Impact.” Pew/Internet. April 2006. Pew Internet & American Life Project. 28 Jan. 2007. “Internet Statistics Compendium - Sample.” E-consultancy.com. 9 Jan. 2007. E-consultancy.com LTD. 28 Jan. 2007. “Internet World Stats.” Internet World Stats. 11 Jan. 2007. Internet World Stats. 15 Feb. 2007. “Online Banking Increased 47% since 2002.” ClickZ Stats. 9 Feb. 2007. The ClickZ Network. 15 Feb. 2007. 3/1/2007 Red Group 24

25 References (cont.) “Phishing Activity Trends: Report for the Month of November, 2006.” Anti-Phishing Working Group. Nov. 2006. Anti-Phishing Working Group. 28 Jan. 2007. “Real-World Passwords.” Schneier on Security. 14 Dec. 2006. Bruce Schneier. 28 Jan. 2007. “RSA SecurID Authentication.” RSA Security. 2007. RSA Security, Inc. 28 Jan. 2007. “RSA Security Password Management Survey.” RSA Security. Sep. 2006. Wikipedia. 15 Feb. 2007. “Rural America Slow to Adopt Broadband.” ClickZ Stats. 27 Feb. 2007. The ClickZ Network. 28 Feb. 2007. 3/1/2007 Red Group 25

Download ppt "CertAnon The feasibility of an anonymous WAN authentication service Red Group CS410 March 1, 2007."

Similar presentations

McAfee One Time Password

McAfee One Time Password
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
Challenges of Identity Fraud Chris Voice, VP Technology.

Challenges of Identity Fraud Chris Voice, VP Technology.
The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.

The Third International Forum on Financial Consumer Protection & Education “Fostering Greater Consumer Protection & Education” Preventing Identity Theft.
7 Effective Habits when using the Internet Philip O’Kane 1.

7 Effective Habits when using the Internet Philip O’Kane 1.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
IDENTITY THEFT By Beaudan S and Tazwaar A. Identity Theft Identity theft is hard to protect against because hackers are getting better and better and.

IDENTITY THEFT By Beaudan S and Tazwaar A. Identity Theft Identity theft is hard to protect against because hackers are getting better and better and.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.

1 No Silver Bullet : Inherent Limitations of Computer Security Technologies Jeffrey W. Humphries Texas A&M University.
By Ashlee Parton, Kimmy McCoy, & Labdhi Shah

By Ashlee Parton, Kimmy McCoy, & Labdhi Shah
An Investigation into E-Commerce Frauds and their Security Implications By Kevin Boardman Supervisor: John Ebden 1 November 2004.

An Investigation into E-Commerce Frauds and their Security Implications By Kevin Boardman Supervisor: John Ebden 1 November 2004.
Company Three By: Jeffery T. Pelletier 12/03/2004.

Company Three By: Jeffery T. Pelletier 12/03/2004.
RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004.

RSA SecurID ® Authentication Ellen Stuart CS265 Cryptography and Computer Security Fall 2004.
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.

1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
RSA SecurID November 10, 2005.

RSA SecurID November 10, 2005.
Digital Payment Systems

Digital Payment Systems

Similar presentations

Ads by Google