Multi Factor Authentication

Similar documents

Internet Banking Two-Factor Authentication using Smartphones

Enhancing Totp Protocol By Embedding Current Gps Location

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Research Article. Research of network payment system based on multi-factor authentication

One Time Password Generation for Multifactor Authentication using Graphical Password

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Strong Authentication Protocol using PIV Card with Mobile Devices

Multi-Factor Authentication (FMA) A new security feature for Home Banking. Frequently Asked Questions 8/17/2006

Improving Online Security with Strong, Personalized User Authentication

WHITE PAPER Usher Mobile Identity Platform

Biometric For Authentication, Do we need it? Christophe Rosenberger GREYC Research Lab - France

Multi-Factor Authentication

A SECURE COMMUNICATION IN SMART PHONES USING TWO FACTOR AUTHENTICATIONS

Glossary of Key Terms

Multi-Factor Authentication of Online Transactions

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

User Authentication Guidance for IT Systems

International Journal of Software and Web Sciences (IJSWS)

A Feasible and Cost Effective Two-Factor Authentication for Online Transactions

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Application-Specific Biometric Templates

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

A Method of Risk Assessment for Multi-Factor Authentication

DigitalPersona, Inc. Creating the authentication infrastructure for a digital world.

Two Factor Authentication for VPN Access

Public Key Applications & Usage A Brief Insight

Security Levels for Web Authentication using Mobile Phones

End User Encryption Key Protection Policy

Multi-factor authentication

AUTHENTICATION FOR ONLINE TRANSACTIONS USING TOKENS VIA MOBILE PHONES 1

Enhanced User Authentication Techniques using the Fourth Factor Some Body the User Knows

Advanced Authentication

Moving to Multi-factor Authentication. Kevin Unthank

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

SECUDROID - A Secured Authentication in Android Phones Using 3D Password

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Protected Cash Withdrawal in Atm Using Mobile Phone

CA ArcotOTP Versatile Authentication Solution for Mobile Phones

Framework for Biometric Enabled Unified Core Banking

Location-based Authentication and Authorization Using Smart Phones

Securing Cloud Applications with Two-Factor Authentication

solutions Biometrics integration

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

A Generic Framework for Three-Factor Authentication

How Secure is your Authentication Technology?

2-FACTOR AUTHENTICATION WITH OPENLDAP, OATH-HOTP AND YUBIKEY. Axel Hoffmann

International Conference on Web Services Computing (ICWSC) 2011 Proceedings published by International Journal of Computer Applications (IJCA)

Mathematical Model Based Total Security System with Qualitative and Quantitative Data of Human

Integration of Sound Signature in 3D Password Authentication System

May For other information please contact:

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Role of Multi-biometrics in Usable Multi- Factor Authentication

Copyright: WhosOnLocation Limited

Contributions to Web Authentication for Untrusted Computers

Biometrics and National Strategy for Trusted Identities in Cyberspace Improving the Security of the Identity Ecosystem September 19

NetIQ Advanced Authentication Framework

Monalisa P. Kini, Kavita V. Sonawane, Shamsuddin S. Khan

Strengthen RFID Tags Security Using New Data Structure

Review Paper on Two Factor Authentication Using Mobile Phone (Android) ISSN

Enhanced Security for Online Banking

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Guide to Evaluating Multi-Factor Authentication Solutions

MCU Online and MFA (Multi Factor Authentication)

ARCHIVED PUBLICATION

OpenID & Strong Authentication

AUTHENTIFIERS. Authentify Authentication Factors for Constructing Flexible Multi-Factor Authentication Processes

Guide for Setting Up Your Multi-Factor Authentication Account and Using Multi-Factor Authentication. Mobile App Activation

Authentication Tokens

A Generic Framework to Enhance Two- Factor Authentication in Cryptographic Smart-card Applications

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology

Remote Access Securing Your Employees Out of the Office

& INTERNET FRAUD

ViSolve Open Source Solutions

Digital identity: Toward more convenient, more secure online authentication

NFC & Biometrics. Christophe Rosenberger

Multi Factor Authentication Using Mobile Phones

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

Innovative Location Based Scheme for Internet Security Protocol

MANAGING OF AUTHENTICATING PASSWORD BY MEANS OF NUMEROUS SERVERS

Two-Factor Authentication or How to Potentially Counterfeit Experimental Results in Biometric Systems

White Paper: Multi-Factor Authentication Platform

Entrust IdentityGuard

A Students Attendance System Using QR Code

Modern Multi-factor and Remote Access Technologies

Cyber Security Workshop Encryption Reference Manual

How To Encrypt Data With Encryption

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

Transcription:

Seminar Web Engineering Multi Factor Authentication Matr. 233181 stefan.meier@s2009.tu-chemnitz.de

Outline 1. Idea 2. Security Issues 3. Key Success Factors 4. Technologies 4.1 Knowledge 4.2 Property 4.3 Personal Characteristic 4.4 Social Authentication 2

Relevance of MFA Imperva Study on 32M stolen passwords: 3

Idea Prevention of unauthorized access Combination of different, independent components to verify identity of a user National Institute of Standards and Technology 2011: Electronic Authentication Guideline 4

Security Issues Eavesdropping Replay Attacks Guessing Attacks Man-in-the-middle Attack Hijacking Social Engineering 5

Key Success Factors Security independence of factors Future forward scalability Multi platform Costs User acceptance 6

Security vs Convenience Symantec Corporation 7

Knowledge Most used: password / PIN More secure approach: + Confident Technologies 8

Property Public-Private Key Pair, TAN, Smartcard, etc. One Time Passwords: 9

One Time Passwords Standard for bank transactions, e.g. mtan Implemented by Amazon, Dropbox, Google,... Google Authenticator: Form of HOTP algorithm Software based token Depending on shared secret + counter 10

Google Authenticator 11

One Time Passwords A.P. Sabzevar, A.Stavrou 12

Personal Characteristics Face Recognition, Fingerprint, Iris Scan expensive, not changable Location-based Authentication e.g. generated key from Wifi infrastructure, GPS location 13

Personal Characteristics Telfor 2010: LocBiometrics 14

Social Authentication 15

Conclusion Many different approaches Strong trends: Authentication via non-text informations Authentication via social networks Authentication via mobile phones 16

Thank you for your attention. 17

Bibliography http://www.imperva.com/docs/wp_consumer_password_worst_practice s.pdf [6.12.2012, 11:00] Lami, I. A., Kuseler, T., Al-assam, H., & Jassim, S. (2010). LocBiometrics : Mobile phone based multifactor biometric authentication with time and location assurance. Zhang, F., Kondoro, A., & Muftic, S. (2012). Location-Based Authentication and Authorization Using Smart Phones https://devcentral.f5.com/tech-tips/articles/two-factor-authentication-withgoogle-authenticator-and-apm [5.12.2012, 16:30] Sabzevar, A. P., & Stavrou, A. (2008). Universal Multi-Factor Authentication Using Graphical Passwords. 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems. Zhan, J., & Fang, X. (2011). Authentication Using Multi-level Social Networks. 18

Image Sources Slide 7: http://images.wisegeek.com/small/login-usernamepassword.jpg [5.12.12,20:20] Slide 8: http://www.confidenttechnologies.com/files/mobile_au thentication_0.jpg [5.12.12,19:30] Slide 12: Sabzevar, A. P., & Stavrou, A. (2008). Universal Multi- Factor Authentication Using Graphical Passwords. 2008 IEEE International Conference on Signal Image Technology and Internet Based Systems 19

Image Sources Slide 14: Lami, I. A., Kuseler, T., Al-assam, H., & Jassim, S. (2010). LocBiometrics : Mobile phone based multifactor biometric authentication with time and location assurance Slide 15: Brainard, J., Juels, A., Rivest, R. L., & Szydlo, M. (n.d.). Fourth-Factor Authentication: Somebody You Know. 20

Google Authenticator calculated by generating an HMAC-SHA1 token, which uses a 10-byte base32-encoded shared secret as a key and Unix time (epoch) divided into a 30 second interval as inputs. The resulting 80-byte token is converted to a 40- character hexadecimal string, the least significant (last) hex digit is then used to calculate a 0-15 offset. The offset is then used to read the next 8 hex digits from the offset. The resulting 8 hex digits are then AND d with 0x7FFFFFFF (2,147,483,647), then the modulo of the resultant integer and 1,000,000 is calculated, which produces the correct code for that 30 seconds period. 21