Presentation is loading. Please wait.

Presentation is loading. Please wait.

CertAnon Anonymous WAN Authentication Service Approval Presentation Red Group CS410 May 1, 2007.

Published byTyrone Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "CertAnon Anonymous WAN Authentication Service Approval Presentation Red Group CS410 May 1, 2007."— Presentation transcript:

1 CertAnon Anonymous WAN Authentication Service Approval Presentation Red Group CS410 May 1, 2007

2 Red Group2 Our Team

3 May 1, 2007Red Group3 Presentation Outline Problem Description Solution Description Process Description Solution Characteristics Marketing Plan, ROI Management Plan Milestones, Deliverables, Budgets Risk Management Conclusion

4 May 1, 2007Red Group4 Who is Chockalingam Ramanathan? Part of a group using stolen passwords to empty investors’ accounts 1 Hit prominent brokers such as TD Ameritrade, E*Trade, and Charles Schwab Resulted in more than $2 million in losses, which were absorbed by the brokers Fourth tech-intrusion case filed by the SEC since December 2006 1. http://www.washingtonpost.com/wp-dyn/content/article/2007/03/12/AR2007031201558.html

5 May 1, 2007Red Group5 Fraud Stats From 2005 – 2006 2 –8.9 million victims of online fraud or identity theft –Total losses to identity theft and online fraud jumped from $54.4 billion to $56.6 billion –Mean resolution time per incident skyrocketed from 28 to 40 hours per victim 2. http://www.verisignsecured.com/content/Default.aspx?edu_stats_body.html

6 May 1, 2007Red Group6 Phishing sites are on the rise 3 Over 7 million phishing attempts per day 3. Anti-Phishing Working Group - http://www.antiphishing.org/ Going Phishing

7 May 1, 2007Red Group7 Consumers’ Online Activities % 4. Clickz.com - http://www.clickz.com/showPage.html?page=3481976#table 5. Clickz.com - http://www.clickz.com/img/Share_of_Time.html

8 May 1, 2007Red Group8 % 6. RSA Security Password Management Survey - http://www.rsa.com/products/SOM/whitepapers/PASSW_WP_0906.pdf Password Overload

9 May 1, 2007Red Group9 Single-factor password authentication is easily compromised and endangers the security of online accounts. –Username/Password paradigm is insecure 7 –Management of multiple strong passwords is difficult for individuals –Fraudulent online account access and associated costs are increasing 7. http://www.schneier.com/crypto-gram-0503.html#2 The Problem

10 May 1, 2007Red Group10 More online accounts = more passwords Complexity of passwords is limited by the human factor 8 Vulnerability is enhanced by the technology factor Dissemination is too easy Once compromised, a password is no longer effective for authentication 8. http://www.schneier.com/blog/archives/2006/12/realworld_passw.html The Endangered Password

11 May 1, 2007Red Group11 Anonymous WAN authentication service –Used for any and all online accounts –Strong two-factor authentication –Limited information sharing Partner with online businesses Initial customers are Internet users CertAnon – A New Proposal

12 May 1, 2007Red Group12 Something you know –A single PIN Plus something you have –Hardware token generating pseudo- random numbers Effectively changes your password every 60 seconds 9. RSA - http://www.rsasecurity.com/node.asp?id=1156 Two-Factor Authentication 9

13 May 1, 2007Red Group13 RSA SecurID Users

14 May 1, 2007Red Group14 Rolls Royce & Bentley Motor Cars –Uses RSA SecurID authentication –Enables them to use the Internet securely as a cost-effective and efficient extension to their corporate network E*Trade Financial –Provides retail customers the option to add Digital Security ID to their Internet security solution –Helps guard against unauthorized account access Two-Factor Acceptance

15 May 1, 2007Red Group15 Reaching the Goal Build a WAN authentication service that permits customers to securely access all of their online accounts using a single access method –Build our website –Write software modules for partner sites –Develop testing portal –Install authentication servers –Distribute tokens –Beta-testing, then go live!

16 May 1, 2007Red Group16 What Would It Look Like?

17 May 1, 2007Red Group17

18 May 1, 2007Red Group18 Two sales channels Individual Internet user (211 million of them!) 10 –Purchases CertAnon token for one-time fee of $50 –Obtaining a critical mass of customers makes CertAnon a must have for online vendors –Could provide leverage to charge vendors on a transaction basis in the future Security-conscious businesses –Purchase batches of tokens for redistribution to their customers –Focus on those without proprietary solutions Who is Our Customer? 10. Internet World Stats - http://www.internetworldstats.com/stats2.htm

19 May 1, 2007Red Group19 Marketing Strategy Offer software modules for customer integration –Freely available to encourage adoption of the service Approach financial companies not already using a two-factor authentication method –Bulk token sales –Enable them to offer the same customer security as larger competitors without the infrastructure expense –Token reusability will encourage faster customer adoption Advertising strategies –Internet advertising –Computer shows/trade shows –Promotional token giveaways

20 May 1, 2007Red Group20 Reduce/eliminate need for multiple passwords Avoid password theft, unauthorized account access, and fraud Information isn’t stored on a card or device that can be lost Full passcodes not stored in a hackable database that is a single point of failure TBD RU Marketing StrategyROI for Consumers

21 May 1, 2007Red Group21 Very low cost Avoid implementing a costly proprietary solution Improves security of customer base by moving more people away from passwords Reduces losses from fraud reimbursement Snaps into existing infrastructure with minimal development Customers who don't use CertAnon will be unaffected ROI for Businesses

22 May 1, 2007Red Group22 Reliance on a physical token –Forgotten –Broken –Lost or stolen Inadequate for sight-impaired users Customer service coordination will need to be handled carefully Cons

23 May 1, 2007Red Group23 Competition Matrix

24 May 1, 2007Red Group24 Management Plan

25 May 1, 2007Red Group25 Team Communications Team meetings (via AOL AIM): –Sunday/Tuesday 8:00 P.M. –Additional meetings as needed –Meetings with Professor Brunelle as needed –Meetings with Technical Advisors as needed Google Group for document management and messaging

26 May 1, 2007Red Group26 Phase 0 Gantt Chart

27 May 1, 2007Red Group27 Phase 1 Gantt Chart

28 May 1, 2007Red Group28 Phase 1 Major Components

29 May 1, 2007Red Group29 Phase 1 Development WBS

30 May 1, 2007Red Group30 Phase 1 Organizational Chart

31 May 1, 2007Red Group31 Phase 1 Staffing Budget

32 May 1, 2007Red Group32 Phase 1 Resource Budget Description QuantityCost Dell Servers -Web site & DB hosting 4$11,632 Dell Workstations -Dedicated PC’s for team use 5$6,990 MySQL -Web site back end database --$0 PHP -Web sites and plug-in modules --$0 Website -Hosting by ODU 1$0 Total Cost: $18,622 40% Overhead: $7,449 Total Phase 1 Resource Cost: $26,071

33 May 1, 2007Red Group33 Phase 2 Gantt Chart

34 May 1, 2007Red Group34 Phase 2 Organizational Chart

35 May 1, 2007Red Group35 Phase 2 Staffing Budget

36 May 1, 2007Red Group36 Phase 2 Resource Budget Description QuantityCost RSA Authentication Manager Server License 4$12,000 Dell Servers -Running RSA Authentication Mgr software 4$11,632 Dell Workstations -PC’s for additional staff 4$5,592 RSA Training--$1,600 Visual Studio Professional 2005 -Used for additional plug-in development2$1,338 RSA Tokens 10$500 Total Cost: $32,622 40 % Overhead: $13,065 Total Phase 2 Resource Cost: $45,687

37 May 1, 2007Red Group37 Phase 3 Gantt Chart

38 May 1, 2007Red Group38 Phase 3 Organizational Chart

39 May 1, 2007Red Group39 Phase 3 Staffing Budget

40 May 1, 2007Red Group40 Phase 3 Resource Budget Description QuantityCost Secure Server Hosting -Hosting authentication servers remotely --$48,000 Dell Workstations -PC’s for additional staff 9$12,582 Dell Servers -Web site database servers with RAID arrays 2$5,816 Total Cost: $66,398 40% Overhead $26,560 Total Phase 3 Resource Cost: $92,958

41 May 1, 2007Red Group41 Total Project Cost

42 May 1, 2007Red Group42 Break Even Analysis

43 May 1, 2007Red Group43 Funding Plan SBIR Funding Agency: National Science Foundation –Phase 1: $100,000 max, $52k planned –Phase 2: $750,000 or two years, $183k planned Phase 3 –Venture capital investment –Small business loan –Revenue from token sales

44 May 1, 2007Red Group44 Risk Management Plan Identify project risks Determine the phase that the risk is in Categorize risks according to probability and impact Reduce risks before or as they happen with mitigation actions Continue to reevaluate risks during all phases Watch for new risks

45 May 1, 2007Red Group45 ImpactImpact 5 521 4 3 63 2 74 1 12345 Probability #RiskMitigation 1TrustBeta-testing 2Customer understanding Tutorials on website 3Reliance on token sales revenue Encourage early partner site adoption 4Viable alternativesSingle source two-factor 5 Token lossProvide temporary password access 6Token availabilityOffer online and through retail outlets 7Government vs. Anonymity Follow the lead of encryption products (1-Low to 5-High) Risks and Mitigation

46 May 1, 2007Red Group46 Evaluation Plan Time –Measured against baseline project plan Cost –Measured against budget plan by phase Scope –Measured against requirement document Quality –Measured by customer adoption rate and satisfaction

47 May 1, 2007Red Group47 Evaluation Phases Phase 0 –Idea developed –Project website developed –Funding secured Phase 2 –Product design –Software module development –Software module testing –Integration testing –Finished product Phase 1 –Prototype design –Working prototype –Initial customer demonstration Phase 3 –First sale completed –Product released –Marketing plan developed –Successful marketing –New contracts acquired

48 May 1, 2007Red Group48 Available, affordable, and proven technology Targets a large and growing market Benefits consumers and online businesses Scaleable service Manageable project scope, achievable milestones Conclusion

49 May 1, 2007Red Group49 “3 Indicted in Online Brokerage Hacking Scheme.” Washington Post. 13 Mar. 2007. Carrie Johnson. 2 Apr. 2007. “Internet Penetration and Impact.” Pew/Internet. April 2006. Pew Internet & American Life Project. 28 Jan. 2007. “Internet Statistics Compendium - Sample.” E-consultancy.com. 9 Jan. 2007. E-consultancy.com LTD. 28 Jan. 2007. “Internet World Stats.” Internet World Stats. 10 Mar. 2007. Internet World Stats. 22 Apr. 2007. “Online Banking Increased 47% since 2002.” ClickZ Stats. 9 Feb. 2007. The ClickZ Network. 15 Feb. 2007. References

50 May 1, 2007Red Group50 References (cont.) “Phishing Activity Trends: Report for the Month of November, 2006.” Anti-Phishing Working Group. Nov. 2006. Anti-Phishing Working Group. 28 Jan. 2007. “Real-World Passwords.” Schneier on Security. 14 Dec. 2006. Bruce Schneier. 28 Jan. 2007. “RSA SecurID Authentication.” RSA Security. 2007. RSA Security, Inc. 28 Jan. 2007. “RSA Security Password Management Survey.” RSA Security. Sep. 2006. Wikipedia. 15 Feb. 2007. “Share of Time Spent Online.” ClickZ Stats. 27 Feb. 2007. The ClickZ Network. 28 Feb. 2007.

51 May 1, 2007Red Group51 Appendix Abstract SBIR Document Management Plan Evaluation Plan Resource Plan Marketing Plan Funding Plan Staffing Plan Risk Management Plan Hardware Specifications Work Breakdown Structure Additional Diagrams

Download ppt "CertAnon Anonymous WAN Authentication Service Approval Presentation Red Group CS410 May 1, 2007."

Similar presentations

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?
Future Marketing Strategy Beth Evarts. What is Marketing? ( Wikipedia ) Marketing is the process which creates communicates delivers the value to the.

Future Marketing Strategy Beth Evarts. What is Marketing? ( Wikipedia ) Marketing is the process which creates communicates delivers the value to the.
Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.

Zenith Visa Web Acquiring A quick over view. Web Acquiring Allows merchants to receive payments for goods and services through the Internet Allows customers.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
Norman Wiseman JISC Head of Programmes Presentation to CNI Seattle, December 1998 ATHENS ATHENS One Year On Joint Information Systems Committee.

Norman Wiseman JISC Head of Programmes Presentation to CNI Seattle, December 1998 ATHENS ATHENS One Year On Joint Information Systems Committee.
E-banking.

E-banking.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Global Procurement Solutions (GPS) Manager of Business Development Final Project, Fall semester December 16, 2000.

Global Procurement Solutions (GPS) Manager of Business Development Final Project, Fall semester December 16, 2000.
Well, Sort-of.

Well, Sort-of.
1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.

1 IS371 WEEK 8 Last and Final Assignment Application Development Alternatives to Application Development Instructor Online Evaluations.
Paul Naismith CEO PCA NU SYSTEMS September 2005 “Just Make it Work – The Importance of IT Infrastructure” Pharmacy 2005 Couran Cove - Queensland.

Paul Naismith CEO PCA NU SYSTEMS September 2005 “Just Make it Work – The Importance of IT Infrastructure” Pharmacy 2005 Couran Cove - Queensland.
1 Chapter 5 Electronic Commerce, Intranets, and Extranets Information Systems Today Leonard Jessup and Joseph Valacich.

1 Chapter 5 Electronic Commerce, Intranets, and Extranets Information Systems Today Leonard Jessup and Joseph Valacich.
Project Plan The Development Plan The project plan is one of the first formal documents produced by the project team. It describes  How the project will.

Project Plan The Development Plan The project plan is one of the first formal documents produced by the project team. It describes  How the project will.
CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.
Management Information Systems, 4 th Edition 1 Chapter 16 Alternative Avenues for Systems Acquisitions.

Management Information Systems, 4 th Edition 1 Chapter 16 Alternative Avenues for Systems Acquisitions.
Wireless Solution Training for the (Enterprise) Carpeted Office February 2004 Tina Herrera

Wireless Solution Training for the (Enterprise) Carpeted Office February 2004 Tina Herrera
CS 410 Green Group Milestone Presentation.  Introduction  Software Breakdown  Staffing and Work Breakdown Structure  Budget and Break Even Analysis.

CS 410 Green Group Milestone Presentation.  Introduction  Software Breakdown  Staffing and Work Breakdown Structure  Budget and Break Even Analysis.
SD1230 Unit 8 The Mobile Landscape. Course Objectives During this unit, we will cover the following course objectives: – Identify the characteristics.

SD1230 Unit 8 The Mobile Landscape. Course Objectives During this unit, we will cover the following course objectives: – Identify the characteristics.
Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.

Large-Scale, Cost-Effective, Progressive Authentication and Identify Management Solutions Enabling Security, Efficiency and Collaboration through Technology.
Welcome to iDOC Corp. DocHost Solution Online Document Management DocHost 14 Day Free Trial www.iDocHost.com.

Welcome to iDOC Corp. DocHost Solution Online Document Management DocHost 14 Day Free Trial

Similar presentations

Ads by Google