How Secure is Authentication?
|
|
- Suzanna Christina Harrington
- 8 years ago
- Views:
Transcription
1 FIDO UAF Tutorial
2 How Secure is Authentication?
3 How Secure is Authentication?
4 How Secure is Authentication?
5 Cloud Authentication
6 Password Issues Password might be entered into untrusted App / Web-site ( phishing ) Password could be stolen from the server Inconvenient to type password on phone Too many passwords to remember re-use / cart abandonment
7 OTP Issues OTP vulnerable to realtime MITM and MITB attacks Inconvenient to type OTP on phone OTP HW tokens are expensive and people don t want another device SMS security questionable, especially when Device is the phone
8
9 Summary 1. Passwords are insecure and inconvenient especially on mobile devices 2. Alternative authentication methods are silos and hence don t scale to large scale user populations 3. The required security level of the authentication depends on the use 4. Risk engines need information about the explicit authentication security for good decision
10 How does FIDO work? Device
11 How does FIDO work? challenge Require user gesture before private key can be used Private key (signed) response Public key
12 How does FIDO UAF work? SE
13 How does FIDO UAF work? Same User as enrolled before? Same Authenticator as registered before? Can recognize the user (i.e. user verification), but doesn t know its identity attributes.
14 How does FIDO UAF work? Same User as enrolled before? Same Authenticator as registered before? Identity binding to be done outside FIDO: This this John Doe with customer ID X. Can recognize the user (i.e. user verification), but doesn t know its identity attributes.
15 How does FIDO UAF work? How is the key protected (TPM, SE, TEE, )? Which user verification method is used? SE
16 Attestation & Metadata Signed Attestation Object Verify using trust anchor included in Metadata Private attestation key Understand Authenticator security characteristic by looking into Metadata from mds.fidoalliance.org (or other sources) Metadata
17 Binding Keys to Apps Use google.com key Use paypal.com key Use same user gesture (e.g. same finger or PIN) for unlocking each private key.
18 FIDO Building Blocks FIDO USER DEVICE BROWSER / APP FIDO CLIENT TLS Server Key UAF Protocol Cryptographic authentication key DB RELYING PARTY WEB APPLICATION FIDO SERVER ASM FIDO AUTHENTICATOR Authentication keys Attestation key Authenticator Metadata Update METADATA SERVICE
19 Registration Overview Perform legacy authentication first, in order to bind authenticator to an electronic identity, then perform FIDO registration. Send Registration Request: - Policy - Random Challenge FIDO CLIENT FIDO SERVER FIDO AUTHENTICATOR Start registration Verify user Generate key pair Sign attestation object: Public key AAID Random Challenge Name of relying party Signed by attestation key Verify signature Check AAID against policy Store public key AAID = Authenticator Attestation ID, i.e. model ID
20 UAF Authentication FIDO Authenticator App 0 Prepare Web App FIDO Server
21 UAF Authentication FIDO Authenticator App 0 Prepare Web App FIDO Server
22 UAF Authentication FIDO Authenticator App 0 Prepare Web App FIDO Server
23 UAF Authentication FIDO Authenticator App 0 1 Prepare Initiate Authentication Web App FIDO Server
24 UAF Authentication FIDO Authenticator App 0 1 Prepare Initiate Authentication Auth. Request with Challenge Web App FIDO Server 2
25 UAF Authentication Pat Johnson FIDO Authenticator App 0 1 Prepare Initiate Authentication Auth. Request with Challenge Web App FIDO Server 2 3 Verify User & Sign Challenge (Key specific to RP Webapp)
26 UAF Authentication Pat Johnson 650 Castro Street Mountain View, CA United States FIDO Authenticator App Prepare Initiate Authentication Auth. Request with Challenge Auth. Response Web App FIDO Server 2 3 Verify User & Sign Challenge (Key specific to RP Webapp)
27 UAF Authentication Pat Johnson Payment complete! Return to the merchant s web site to continue shopping Return to the merchant FIDO Authenticator App Prepare Initiate Authentication Auth. Request with Challenge Auth. Response Success Web App FIDO Server Verify User & Sign Challenge (Key specific to RP Webapp)
28 Transaction Confirmation Device Relying Party FIDO Authenticator Browser or Native App 1 Initiate Transaction Web App FIDO Server Authentication Request + Transaction Text Display Text, Verify User & Unlock Private Key (specific to User + RP Webapp) Authentication Response + Text Hash, signed by User s private key 5 Validate Response & Text Hash using User s Public Key
29 Convenience & Security Security Password Convenience
30 Convenience & Security Security Password + OTP Password Convenience
31 Convenience & Security Security In FIDO: Same user verification method for all servers FIDO Password + OTP Password In FIDO: Arbitrary user verification methods are supported (+ they are interoperable) Convenience
32 Convenience & Security Security In FIDO: Scalable security depending on Authenticator implementation FIDO Password + OTP Password In FIDO: Only public keys on server Not phishable Convenience
33 FIDO Authenticator Concept Optional Components Injected at manufacturing, doesn t change FIDO Authenticator User Verification / Presence Transaction Confirmation Display Attestation Key Authentication Key(s) Generated at runtime (on Registration)
34 What about rubber fingers? Protection methods in FIDO 1. Attacker needs access to the Authenticator and swipe rubber finger on it. This makes it a non-scalable attack. 2. Authenticators might implement presentation attack detection methods. Remember: Creating hundreds of millions of rubber fingers + stealing the related authenticators is expensive. Stealing hundreds of millions of passwords from a server has low cost per password.
35 But I can t revoke my finger Protection methods in FIDO You don t need to revoke your finger, you can simply de-register the old (=attacked) authenticator. Then, 1. Get a new authenticator 2. Enroll your finger (or iris, ) to it 3. Register the new authenticator to the service
36 FIDO & Federation First Mile Second Mile FIDO USER DEVICE IdP Service Provider BROWSER / APP FIDO Protocol FEDERATION SERVER Federation FIDO CLIENT Id DB FIDO AUTHENTICATOR FIDO SERVER Knows details about the Authentication strength Knows details about the Identity and its verification strength.
37 FIDO & Federation in Enterprise Cloud-hosted Appl. 1 Cloud-hosted Appl. 2 Federated Login, e.g. OpenID Connect Cloud-hosted Appl. N Enterprise IT Enterprise Appl. 1 Enterprise Appl. 2 Internal User Enterprise Appl. N IdP FEDERATION SERVER External User Could be operated externally as well FIDO SERVER
38 FIDO UAF Enabled Products Samsung Sony Sharp Galaxy S6, S6 Edge, S6 Edge+ Galaxy Tab S Galaxy Note 5 Galaxy S5, S5 Mini, S5 Plus Galaxy Alpha Galaxy Note 4, Note 4 Edge Galaxy Tab S Xperia Z5, Z5 Compact, Z5 Premium OEM Enabled Smartphones & Tablets Aquos Zeta SH-03G, SH01H Fujitsu Arrows NX F-04G, Fit F-01H, NX F-02H Clients available for these operating systems: Software Authenticator Examples: Speaker/Face recognition, PIN, QR Code, etc. Aftermarket Hardware Authenticator Examples: USB fingerprint scanner, MicroSD Secure Element
39 FIDO is used Today
40 Typical RP Deployment FIDO USER DEVICE MOBILE APP Challenge: Old devices do not have a native FIDO Stack FIDO CLIENT ASM FIDO AUTHENTICATOR Native FIDO Stack (not on old devices)
41 Typical RP Deployment FIDO USER DEVICE MOBILE APP App SDK FIDO CLIENT ASM AUTHENR Challenge: Old devices do not have a native FIDO Stack Solution: embed FIDO Stack in App SDK Embedded FIDO Stack FIDO CLIENT ASM FIDO AUTHENTICATOR Native FIDO Stack (not on old devices)
42 Typical Native FIDO Stack FIDO USER DEVICE (SMARTPHONE) Fingerprint is mostly used today. Typically on high-end devices. Some devices use eye/iris as modality. No need for expensive FP Sensors. FIDO CLIENT ASM FIDO AUTHENTICATOR Rich Execution Environment, e.g. Android. Trusted Execution Environment (TEE)
43 Rolf Lindemann, Nok Nok Labs, Conclusion Different authentication use-cases lead to different authentication requirements FIDO separates user verification from authentication and hence supports all user verification methods FIDO supports scalable convenience & security User verification data is known to Authenticator only FIDO complements federation
44 How does FIDO UAF work? 6. Use site-specific keys in order to protect privacy 4. Provide cryptographic proof of authenticator model 3. Store public keys on the server (no secrets) 2. Define policy of acceptable Authenticators 8. Use channel binding to protect against MITM 7. Verify user before signing authentication response 5. Generate key pair in Authenticator to protect against phishing 1. Use Metadata to understand Authenticator security characteristic
45 Physical attacks possible on lost or stolen devices ( 3% in the US in 2013) Classifying Threats 5 Physically attacking user devices steal data for impersonation 6 Physically attacking user devices misuse them for impersonation Scalable attacks Remotely attacking lots of user devices Remotely attacking lots of user devices steal data for impersonation misuse them for impersonation Remotely attacking lots of user devices misuse authenticated sessions 1 Remotely attacking central servers steal data for impersonation
46 Registration Overview (2) Relying Party foo.com Physical Identity Know Your Customer rules WEB Application Legacy Authentication { userid=1234, jane@mail.com, known since 03/05/04, payment history=xx, } Virtual Identity FIDO AUTHENTICATOR AAID y key for foo.com: 0xfa4731 Link new Authenticator to existing userid Registration FIDO SERVER { userid=1234, pubkey=0x43246, AAID=x +pubkey=0xfa4731, AAID=y }
47 Using Secure Hardware PIN Entry User Verification / Presence SIM Card FIDO Authenticator Attestation Key PIN Verification Authentication Key(s)
48 Client Side Biometrics Trusted Execution Environment (TEE) FIDO Authenticator as Trusted Application (TA) User Verification / Presence Attestation Key Store at Enrollment Authentication Key(s) Compare at Authentication Unlock after comparison
49 Combining TEE and SE Trusted Execution Environment (TEE) Secure Element FIDO Authenticator as Trusted Application (TA) e.g. GlobalPlatform Trusted UI User Verification / Presence Transaction Confirmation Display Attestation Key Authentication Key(s)
How Secure is Authentication?
U2F & UAF Tutorial How Secure is Authentication? 2014 1.2bn? 2013 397m Dec. 2013 145m Oct. 2013 130m May 2013 22m April 2013 50m March 2013 50m Cloud Authentication Password Issues Password might be entered
More informationFIDO Modern Authentication Rolf Lindemann, Nok Nok Labs
Rolf Lindemann, Nok Nok Labs cv cryptovision GmbH T: +49 (0) 209.167-24 50 F: +49 (0) 209.167-24 61 info(at)cryptovision.com 1 Authentication in Context Single Sign-On Modern Authentication Federation
More informationScalable Authentication
Scalable Authentication Rolf Lindemann Nok Nok Labs, Inc. Session ID: ARCH R07 Session Classification: Intermediate IT Has Scaled Technological capabilities: (1971 2013) Clock speed x4700 #transistors
More informationDevice-Centric Authentication and WebCrypto
Device-Centric Authentication and WebCrypto Dirk Balfanz, Google, balfanz@google.com A Position Paper for the W3C Workshop on Web Cryptography Next Steps Device-Centric Authentication We believe that the
More informationUAF Architectural Overview
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 UAF Architectural Overview Specification Set: fido-uaf-v1.0-rd-20140209 REVIEW DRAFT Editors: Rob Philpott, RSA, the Security Division of EMC Sampath
More informationTECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION. Any device. Any application. Any authenticator.
TECHNICAL WHITE PAPER NOK NOK LABS MULTIFACTOR AUTHENTICATION Any device. Any application. Any authenticator. Table of Contents Introduction... 3 The Problem With Authentication Today... 4 New Possibilities...
More informationNOK NOK LABS AUTHENTICATION & OTT SERVICES
NOK NOK LABS AUTHENTICATION & OTT SERVICES RAJIV DHOLAKIA VP PRODUCTS & BUSINESS DEVELOPMENT 1 NOK NOK LABS The authentication challenge A DILEMMA UNTIL WE CAN TRULY RECOGNIZE PEOPLE ONLINE, IN REAL TIME...
More informationMobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard
Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands Ian Wills Country Manager, Entrust Datacard WHO IS ENTRUST DATACARD? 2 Entrust DataCard Datacard Corporation. Corporation.
More informationTwo Factor Authentication for VPN Access
Trends in cloud computing, workforce mobility, and BYOD policies have introduced serious new vulnerabilities for enterprise networks. Every few weeks, we learn about a new instance of compromised security.
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationWHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS
WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user
More informationFIDO Trust Requirements
FIDO Trust Requirements Ijlal Loutfi, Audun Jøsang University of Oslo Mathematics and Natural Sciences Faculty NordSec 2015,Stockholm, Sweden October, 20 th 2015 Working assumption: End Users Platforms
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationMobile Connect & FIDO
Mobile Connect & FIDO About the GSMA The GSMA represents the interests of mobile operators worldwide Spanning more than 220 countries, the GSMA unites nearly 800 of the world s mobile operators, as well
More informationFIDO Security Reference
FIDO Security Reference FIDO Alliance Proposed Standard 09 October 2014 This version: https://fidoalliance.org/specs/fido uaf authnr metadata service v1.0 ps 20141009.html Previous version: https://fidoalliance.org/specs/fido
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationKEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS
KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS Plurilock Security Solutions Inc. www.plurilock.com info@plurilock.com 2 H IGHLIGHTS: PluriPass is Plurilock static keystroke dynamic biometric
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationMOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION. A Goode Intelligence white paper sponsored by AGNITiO
MOBILE VOICE BIOMETRICS MEETING THE NEEDS FOR CONVENIENT USER AUTHENTICATION A Goode Intelligence white paper sponsored by AGNITiO First Edition September 2014 Goode Intelligence All Rights Reserved Sponsored
More informationReviewer Guide Core Functionality
securing your personal data Sticky Password Reviewer Guide Core Functionality Sticky Password is the password manager for the entire lifecycle of your passwords. Strong passwords the built-in password
More informationAndroid pay. Frequently asked questions
Android pay Frequently asked questions June 2015 Android Pay - FAQs In May 2015, Android Pay was announced by Google. Android Pay is Google s payments solution that allows consumers to do in-store and
More informationAUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes
AUTHENTIFIERS Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes Authentify delivers intuitive and consistent authentication technology for use with smartphones,
More informationEntrust IdentityGuard
+1-888-437-9783 sales@identisys.com IdentiSys.com Distributed by: Entrust IdentityGuard is an award-winning software-based authentication enterprises and governments. The solution serves as an organization's
More informationMOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com
MOBILITY Transforming the mobile device from a security liability into a business asset. pingidentity.com Table of Contents Introduction 3 Three Technologies That Securely Unleash Mobile and BYOD 4 Three
More informationIs Consumer-Oriented Strong Authentication Finally Here to Stay? Arshad Noor, CTO, StrongAuth, Inc. Professional Strategies S22
Is Consumer-Oriented Strong Authentication Finally Here to Stay? Arshad Noor, CTO, StrongAuth, Inc. Professional Strategies S22 Historical Perspective Password-based authentication invented at least 4-5
More informationCopyright 2013-2016 FIDO Alliance All Rights Reserved.
Response to the European Banking Authority (EBA) Discussion Paper on Future Draft Regulatory Technical Standards on Strong Customer Authentication and Secure Communication Under the Revised Payment Services
More informationTrue Identity solution
Identify yourself securely. True Identity solution True Identity authentication and authorization for groundbreaking security across multiple applications including all online transactions Biogy Inc. Copyright
More informationThe Password Problem Will Only Get Worse
The Password Problem Will Only Get Worse New technology for proving who we are Isaac Potoczny-Jones Galois & SEQRD ijones@seqrd.com @SyntaxPolice Goals & Talk outline Update the group on authentication
More informationSecure Authentication for the Development of Mobile Internet Services Critical Considerations
Secure Authentication for the Development of Mobile Internet Services Critical Considerations December 2011 V1 Mobile Internet Security Working Group, SIMalliance AGENDA SIMalliance presentation What s
More informationOut-Of-Band Authentication Using a Real-time, Multi-factor Service Model
Out-Of-Band Authentication Using a Real-time, Multi-factor Service Model Andrew Rolfe Authentify, Inc. Andy.Rolfe@Authentify.com Presentation Overview Authentication basics What is OOBA? Why is it important?
More informationImplementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.
Implementing two-factor authentication: Google s experiences Cem Paya (cemp@google.com) Information Security Team Google Inc. Google services and personalization Identity management at Google 1. Internal
More informationSecurity and Usability
Security and Usability David Hunt: DCH Technology Services A Financial Services View Active Security Passive Security Technologies Impact on Users Big Data Consumer context, do we know you? Active Security
More informationApache Milagro (incubating) An Introduction ApacheCon North America
Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro will establish a new independent security framework for the Internet A Distributed Cryptosystem Secure the Future of the
More informationFrench Justice Portal. Authentication methods and technologies. Page n 1
French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationSecurity Levels for Web Authentication using Mobile Phones
Security Levels for Web Authentication using Mobile Phones Anna Vapen and Nahid Shahmehri Department of computer and information science Linköpings universitet, SE-58183 Linköping, Sweden {annva,nahsh}@ida.liu.se
More informationSecure Your Enterprise with Usher Mobile Identity
Secure Your Enterprise with Usher Mobile Identity Yong Qiao, Vice President of Software Engineering & Chief Security Architect, MicroStrategy Agenda Introduction to Usher Unlock the enterprise Dematerialize
More informationFrom Edge to the Core. Sicurezza dati nelle infrastrutture condivise, virtualizzate e cloud.
From Edge to the Core. Sicurezza dati nelle infrastrutture condivise, virtualizzate e cloud. Claudio Olati Sales Manager - Gemalto Sergio Sironi Regional Sales Manager - Safenet We are the world leader
More informationFIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014
FIDO: Fast Identity Online Alliance Privacy Principles Whitepaper vfeb2014 The FIDO Alliance: Privacy Principles Whitepaper Page 1 of 7 FIDO Privacy Principles Introduction The FIDO Alliance is a non-profit
More informationesign Online Digital Signature Service
esign Online Digital Signature Service Government of India Ministry of Communications and Information Technology Department of Electronics and Information Technology Controller of Certifying Authorities
More informationesign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?
esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents
More informationWhite Paper: Multi-Factor Authentication Platform
White Paper: Multi-Factor Authentication Platform Version: 1.4 Updated: 29/10/13 Contents: About zero knowledge proof authentication protocols: 3 About Pairing-Based Cryptography (PBC) 4 Putting it all
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationWhite Paper. The Principles of Tokenless Two-Factor Authentication
White Paper The Principles of Tokenless Two-Factor Authentication Table of contents Instroduction... 2 What is two-factor authentification?... 2 Access by hardware token... 3 Advantages and disadvantages
More informationTHE CHANGING FACE OF MOBILE PAYMENTS SECURITY
THE CHANGING FACE OF MOBILE PAYMENTS SECURITY Past and Future of Authentication RAJIV DHOLAKIA NOK NOK LABS rajiv@noknok.com NOK NOK LABS NNL CARTES America APRIL 2013 1 CONSIDER THE HUMBLE IGNITION KEY
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationBeyond passwords: Protect the mobile enterprise with smarter security solutions
IBM Software Thought Leadership White Paper September 2013 Beyond passwords: Protect the mobile enterprise with smarter security solutions Prevent fraud and improve the user experience with an adaptive
More informationStandards for Identity & Authentication. Catherine J. Tilton 17 September 2014
Standards for Identity & Authentication Catherine J. Tilton 17 September 2014 Purpose of these standards Wide deployment of authentication technologies that may be used in a global context is heavily dependent
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationA STRONG IDENTITY IN THE ONLINE FINANCIAL WORLD OF TOMORROW
A STRONG IDENTITY IN THE ONLINE FINANCIAL WORLD OF TOMORROW July 2012 WHITEPAPER BY MARK BAAIJENS, MANAGING CONSULTANT FOR THE PAYMENT COMPETENCE CENTER Author Mark finished his Master of Science degree
More informationSecurity Levels for Web Authentication Using Mobile Phones
Security Levels for Web Authentication Using Mobile Phones Anna Vapen and Nahid Shahmehri Department of Computer and Information Science, Linköping University, SE-58183 Linköping, Sweden {anna.vapen,nahid.shahmehri}@liu.se
More informationHow TraitWare TM Can Secure and Simplify the Healthcare Industry
How TraitWare TM Can Secure and Simplify the Healthcare Industry January 2015 Secure and Simplify Your Digital Life. Overview of HIPPA Authentication Standards When Title II of the Health Insurance Portability
More informationUnderstanding the Role of Smart Cards for Strong Authentication in Network Systems. Bryan Ichikawa Deloitte Advisory
Understanding the Role of Smart Cards for Strong Authentication in Network Systems Bryan Ichikawa Deloitte Advisory Overview This session will discuss the state of authentication today, identify some of
More informationGlossary of Key Terms
and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which
More informationIntel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions
Intel Identity Protection Technology Enabling improved user-friendly strong authentication in VASCO's latest generation solutions June 2013 Dirk Roziers Market Manager PC Client Services Intel Corporation
More informationWhite Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication
White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication Page 1 of 8 Introduction As businesses and consumers grow increasingly reliant on the Internet for conducting
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationTrends in Mobile Authentication. cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36
Trends in Mobile Authentication cnlab security ag, obere bahnhofstr. 32b, CH-8640 rapperswil-jona esther.haenggi@cnlab.ch, +41 55 214 33 36 E-banking authentication mtan 2 Phishing passiv Man-in-the-Middle
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationWHITE PAPER AUGUST 2014. Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords
WHITE PAPER AUGUST 2014 Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords 2 WHITE PAPER: PREVENTING SECURITY BREACHES Table of Contents on t Become the Next Headline
More informationNetIQ Advanced Authentication Framework
NetIQ Advanced Authentication Framework Security Officer Guide Version 5.2.0 1 Table of Contents 1 Table of Contents 2 Introduction 3 About This Document 3 Authenticators Management 4 Card 8 Email OTP
More informationMobile multifactor security
Mobile multifactor security A revolution in authentication and digital signing Mobile multifactor security A revolution in authentication and digital signing Smartphones will continue to ship in high volumes,
More informationGuide to Evaluating Multi-Factor Authentication Solutions
Guide to Evaluating Multi-Factor Authentication Solutions PhoneFactor, Inc. 7301 West 129th Street Overland Park, KS 66213 1-877-No-Token / 1-877-668-6536 www.phonefactor.com Guide to Evaluating Multi-Factor
More informationAlternative authentication what does it really provide?
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies
More informationSamsung SDS. Fast IDentity Online
Samsung SDS Innovating User In the era of Digital Convergence In the coming era of digital convergence, user authentication is becoming increasingly important as a gateway to the digital world. Companies
More informationWHITE PAPER Usher Mobile Identity Platform
WHITE PAPER Usher Mobile Identity Platform Security Architecture For more information, visit Usher.com info@usher.com Toll Free (US ONLY): 1 888.656.4464 Direct Dial: 703.848.8710 Table of contents Introduction
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationSecurity Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant
Security Assessment of briidge.net TM 2-Step verification for banking customers in a multichannel delivery environment that is FFIEC compliant Prepared for: By: Wesly Delva, SSCP, Information Security
More informationMulti-Factor Authentication of Online Transactions
Multi-Factor Authentication of Online Transactions Shelli Wobken-Plagge May 7, 2009 Agenda How are economic and fraud trends evolving? What tools are available to secure online transactions? What are best
More informationWhat s wrong with SAAS login?
Patented What s wrong with SAAS login? Nikos Leoutsarakos Tiny bio Nikos has a Physics background and a M.Sc. in Computer science from McGill University in Montreal, Canada, where he lives with his wife
More informationCA ArcotOTP Versatile Authentication Solution for Mobile Phones
PRODUCT SHEET CA ArcotOTP CA ArcotOTP Versatile Authentication Solution for Mobile Phones Overview Consumers have embraced their mobile phones as more than just calling or texting devices. They are demanding
More informationWhat s wrong with FIDO?
Patented What s wrong with FIDO? Nikos Leoutsarakos Tiny bio Nikos has a Physics background and a M.Sc. in Computer science from McGill University in Montreal, Canada, where he lives with his wife and
More informationWhite Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS
White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels
More informationPosition Paper - Authentication. improve. the user experience. with a trusted authentication
Position Paper - Authentication improve the user experience with a trusted authentication Improve the user experience with a trusted authentication The Internet and mobile terminals are powerful tools
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationBrainloop Secure Dataroom Version 8.30. QR Code Scanner Apps for ios Version 1.1 and for Android
Brainloop Secure Dataroom Version 8.30 QR Code Scanner Apps for ios Version 1.1 and for Android Quick Guide Brainloop Secure Dataroom Version 8.30 Copyright Brainloop AG, 2004-2015. All rights reserved.
More informationFuture directions of the AusCERT Certificate Service
Future directions of the AusCERT Certificate Service QV Advanced Plus certificates Purpose Digital signatures non-repudiation, authenticity and integrity Encryption - confidentiality Client authentication
More informationa. StarToken controls the loss due to you losing your Internet banking username and password.
1. What is StarToken? StarToken is the next generation Internet banking security solution that is being offered by Bank of India to all its Internet Banking customers (Retail as well as Corporate). StarToken
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current
More informationTwo-factor Authentication
Enter only a Prove Identity Two-factor Authentication EXECUTIVE HANDBOOK 2FA With Fingerprint? PIN? Passcode? www.secsign.com INDEX 1 2 3 4 5 6 7 8 9 Data Security Breaches Overview 2014-15 Page 3 How
More informationIAIK. Motivation 2. Advanced Computer Networks 2015/2016. Johannes Feichtner johannes.feichtner@iaik.tugraz.at IAIK
Motivation 2 Advanced Computer Networks 2015/2016 Johannes Feichtner johannes.feichtner@iaik.tugraz.at What you have heard last time Mobile devices: Short history, features Technical evolution, major OS,
More informationContributions to Web Authentication for Untrusted Computers
Linköping Studies in Science and Technology Thesis No. 1481 Contributions to Web Authentication for Untrusted Computers by Anna Vapen Submitted to Linköping Institute of Technology at Linköping University
More informationA Security Survey of Strong Authentication Technologies
A Security Survey of Strong Authentication Technologies WHITEPAPER Contents Introduction... 1 Authentication Methods... 2 Classes of Attacks on Authentication Mechanisms... 5 Security Analysis of Authentication
More informationQR Code for Digital Signature Online/Offline Payment. James Wu www.jrsys.com.tw 1
QR Code for Digital Signature Online/Offline Payment James Wu www.jrsys.com.tw 1 Big Risk of Online Shopping You may lost Card Number + Expiration Date + CVV Card Not Present Transaction Trojan, Sniffer,
More informationModern Multi-factor and Remote Access Technologies
Modern Multi-factor and Remote Access Technologies ANDREW BRICKEY Senior IT Engineer Identity and Access Management / Core Computing Services NLIT Summit 2016 May 11, 2016 1 Agenda Problem and solution
More informationp@$5w0rd??_ 300% increase 280 MILLION 65% re-use passwords $22 per helpdesk call Passwords can no longer protect you
Freja is an innovative solution to one of the biggest problems in the Internet era: How do you securely manage identities, access and credentials for a large number of users without costs going haywire?
More informationXYPRO Technology Brief: Stronger User Security with Device-centric Authentication
Ken Scudder Senior Director Business Development & Strategic Alliances XYPRO Technology Talbot A. Harty CEO DeviceAuthority XYPRO Technology Brief: Stronger User Security with Device-centric Authentication
More informationOpinion and recommendations on challenges raised by biometric developments
Opinion and recommendations on challenges raised by biometric developments Position paper for the Science and Technology Committee (House of Commons) Participation to the inquiry on Current and future
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationTwo-Factor Authentication over Mobile: Simplifying Security and Authentication
SAP Thought Leadership Paper SAP Mobile Services Two-Factor Authentication over Mobile: Simplifying Security and Authentication Controlling Fraud and Validating End Users Easily and Cost-Effectively Table
More informationS E P T E M B E R 2 0 1 4
S E P T E M B E R 2 0 1 4 IRIS-ENABLED SMARTWATCH AND ITS APPLICATIONS INTRODUCTION Iris Recognition Enabled Smartwatch Convergence of wearables and biometrics Will bring the widespread use of iris recognition
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationWelcome Guide for MP-1 Token for Microsoft Windows
Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made
More informationSECUREAUTH IDP AND OFFICE 365
WHITEPAPER SECUREAUTH IDP AND OFFICE 365 STRONG AUTHENTICATION AND SINGLE SIGN-ON FOR THE CLOUD-BASED OFFICE SUITE EXECUTIVE OVERVIEW As more and more enterprises move to the cloud, it makes sense that
More information