Accredited Certification Services on Cloud Environment. SungEun Moon KOSCOM mse@koscom.co.kr. 17 September, 2012

Similar documents
French Justice Portal. Authentication methods and technologies. Page n 1

An Innovative Two Factor Authentication Method: The QRLogin System

Authentication Methods for USIM-based Mobile Banking Service

Comodo Mobile Security for Android Software Version 3.0

The Key to Secure Online Financial Transactions

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Security in an Increasingly Threatened World. SMS: A better way of doing Two Factor Authentication (2FA)

Bitrix Software Security. Powerful content management with advanced security features

Mobile Security Framework; Advances in Mobile Governance in Korea. TaeKyung Kim

Studying Security Weaknesses of Android System

High Speed Internet - User Guide. Welcome to. your world.

SysAid MDM User Guide for Android

GlobalSign Malware Monitoring

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

Security Measures of Personal Information of Smart Home PC

How Secure is Authentication?

STRONGER AUTHENTICATION for CA SiteMinder

Secure USB Flash Drive. Biometric & Professional Drives

Learning Management System (LMS) Quick Tips. Contents LMS REFERENCE GUIDE

Secure Your Mobile Workplace

Contents. The Genesis of i-pin. The Concept of i-pin & Integrated IDM. The Trust Foundation of i-pin. The Function of i-pin. The Future of i-pin

Guideline on Safe BYOD Management

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

The concept of biometric digital signatures based on Hitachi activities in Japan

SysAid MDM User Guide for ios

A Study on User Access Control Method using Multi-Factor Authentication for EDMS

The Convergence of IT Security and Physical Access Control

SHORT MESSAGE SERVICE SECURITY

2012 NCSA / Symantec. National Small Business Study

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Clickfree frequently asked questions

HomeNet. Gateway User Guide

The Convergence of IT Security and Physical Access Control

Design and Implementation of Automatic Attendance Check System Using BLE Beacon

Data Transfer Technology to Enable Communication between Displays and Smart Devices

Hard vs. Soft Tokens Making the Right Choice for Security

Upgrading a computer to Windows 10 with PetLinx

AVG AntiVirus. How does this benefit you?

Internet threats: steps to security for your small business

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data

Trend Micro OfficeScan Best Practice Guide for Malware

Feature List for Kaspersky Security for Mobile

White Paper Preventing Man in the Middle Phishing Attacks with Multi-Factor Authentication

Imaging Computing Server User Guide

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

esign Online Digital Signature Service

Bellevue University Cybersecurity Programs & Courses

Introduction to Cyber Security / Information Security

Endpoint protection for physical and virtual desktops

This is our best... YOUR best... Online Banking yet!

Research Article. Research of network payment system based on multi-factor authentication

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

Remote Working Service Remote Access - VDI User Instructions

Windows Operating Systems. Basic Security

Secure Authentication for the Development of Mobile Internet Services Critical Considerations

Device-Centric Authentication and WebCrypto

OKPAY guides. Security Guide

ADDING STRONGER AUTHENTICATION for VPN Access Control

Public Key Applications & Usage A Brief Insight

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

2X SecureRemoteDesktop. Version 1.1

KCC announces 'Comprehensive Plans for Smart Mobile Security'

Lync SHIELD Product Suite

Research on Situation and Key Issues of Smart Mobile Terminal Security

Getting Started with VMware Horizon View (Remote Desktop Access)

Cyber Security Presentation Cyber Security Month Curtis McNay, Director of IT Security

GoToMyPC Corporate Advanced Firewall Support Features

White Paper. The Principles of Tokenless Two-Factor Authentication

Security aspects of e-tailing. Chapter 7

UNCLASSIFIED. UK Archiving powered by Mimecast Service Description

How To Protect Your Information From Being Hacked By A Hacker

How Secure is Authentication?

Norton 360. Benefits. Our ultimate protection, now even more so. Introducing the new Norton 360.

Securing mobile devices in the business environment

ACER ProShield. Table of Contents

Kaspersky Security for Mobile Administrator's Guide

2. In the Search programs and files field, enter mmc and hit the enter key

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Transcription:

Accredited Certification Services on Cloud Environment SungEun Moon KOSCOM mse@koscom.co.kr 17 September, 2012

Index Existing Accredited Certificate Use and Enhanced Security Measure Accredited Certificate Issues on Mobile and Cloud Environment Accredited Certificate Service Model on Cloud Environment 2

Existing AC Use(1) Existing AC Use and Enhanced Security Measure AC : Accredited Certificate As you know that accredited certificate(below AC) has been established very important authentication mean on internet trading such as Banking, Stock trading, and Government for Citizen in Korea Existing AC Issuance A Number of Issuance : 2,441M ( 11.2) - Individual : 2,214M - Corporation/Business Operator : 227M Internet Banking use(per day) : 3,370M/29.6T AC Awareness Internet users are almost recognized AC 98.9%(former, 99.8%) Origin from : 2011.12. Fact Finding Survey for Nation(KISA) - It represents the rate used digital certificate or AC as using internet banking, online stock trading, and credit card payment on internet 98.9 96.9 (Unit : %) - Non-users are recognized 88.5% about AC AC Awareness AC Necessity 3

Existing AC Use(2) Internet Users have been used the most AC for identification Existing Authentication Means Use (Unit : %) Internet users are used the most accredited 97.4 91.1 89.7 certificate(97.4%, Multiple-reply) for identification - 20 ~ 50 age : They are used the most AC(95% over) - 10 age : Name + National ID(89.7%), Mobile Identification(91.1%) 67.6 62.0 30.1 27.4 7.4 6.7 3.3 AC has used the most on Website for registering and modifying information AC Mobile Name + IdentificationNational ID Security Card Credit Card Identification I-PIN PC Phone Private Image OTP Designation Authentication for Service Service preventing phishing Mainly used ID/PW(44.0%, Multiple-reply) and AC (33.9%) for identification to sign on Website 44.0 (AC Users, n=2,992,unit : %) 33.9 AC Security Awareness - AC Users think that AC is very securely (78.6%) 15.0 5.7 1.4 - Leaked accredited certificate by hacked PC on public reporting(80.9%) that s why is not securely to use AC to Non-users ID/PWD AC Name + National ID Email/PWD I-PIN 4

Existing AC Use(3) AC has spreading to use on mobile devices, but it should improve for convenience Existing Mobile Banking Use Total 66.2% of repliers have experienced mobile banking - Males are higher than females, 20 ages are used the most - Reasons why non-users are not used : No needs(39.0%), Fee(8.1%) The response that AC to be used on mobile banking help to improve security : 65.4% 20.1 Excellent Improvement on Mobile Banking 45.3 good 27.4 Common Use 66.8% No Use 33.8% Not Bad (Total, n=3,300,unit : %) (Mobile Banking Users, n=1,428,unit : %) 5.8 1.4 Bad (33.3%) Not issued a AC directly to mobile devices (27.2%) Not easy transmitted a AC between PC s and Mobile devices (22.9%) Retransmitted inconvenience as updating AC (16.6%) Inconvenience for transmitting AC per banks 5

Enhanced Security Measures for AC(1) MOPAS has prepared enhanced security measures, which prevent for leaked AC and strengthen storage media and password system to avoid stolen and loss, for using and managing AC on April in 2011 Enhanced Security Measures MOPAS = Ministry of Public Administration and Security To use AC securely, printing out warning message as saving AC on PC - Gradually AC constrains to save on PC among storages Expanding system for using IC card, HSM(Hardware Security Module) with function that prevent for leaked AC - Establishing environment to use secure elements Enhanced guideline and system for setting AC password - Printing out guide message to be included special characters as setting password Origin from MOPAS 6

Enhanced Security Measures for AC(2) Expanding Restoration System Establishing and Operating 24 hours response system to prevent a leak - The report of loss(subscriber) Accepting application thru 118(KISA) AC revocation(ca) Conducting to prevent illegal action on real-time by receiving the current status(dead, missing) of subscriber from public agencies - Based on digital signature act Noticing usages as using accredited certificate to subscriber thru SMS, Email - Recommending subscriber notice service - Conducting notice service to banks as to update, reissuance status of AC Limited reissuance on internet gradually 7

Security Measures for Mobile Electronic Finance Service Financial supervisory administration has prepared security measures to resolve latent security threats by spreading mobile devices Electronic Financial Service Security Measures for Mobile(Summary) (Basic Concept) To provide secure electronic financial service from latent security threats, keeping reasonable security level (similar to PC environment) Using AC as sign on website or adding OTP(including security card) except ID/PW Financial transaction data have to send/receive between communication channels Not leaked and modified critical data such as password, applying input information security measure Not permitted critical data to save on mobile Preventing malicious code such as virus Using digital signature for preventing non- repudiation Establishing monitoring system to cope with new threats 8

AC Issues on Mobile AC Issues on Mobile and Cloud Environment We will prepare to prevent AC leak, and resolve inconvenience such as transmitting AC between mobile and PC like AC leak prevention measure on PC Categories Contents Remarks Preparing to prevent AC leak latently Preparing to prevent AC leak on mobile devices Similar to PC Enhanced security Improving Functions Not easy to transmit AC to mobile device Transmitting AC per financial agencies Retransmitting AC as updating AC Happened inconvenience issues Improving compatibility for Web Activating for mobile web Similar to PC 9

AC Issues on Cloud(1) Way to manage AC in focused on mobile device has increased inconvenience according to spread mobile devices 2009 AC on PC in house and PC in office. OK~ 2010 - Purchased Smartphone. OK 2011 - Purchased Tablet PC. Inconvenience? Where located AC? Leak threat? 2012 - Removing HDD/USB on PC in office? 10

AC Issues on Cloud(2) In case of using AC on a variety of cloud devices and services, happened remarkable issues additionally Categories Preparing to prevent AC leak latently Improving Functions Contents Resolving leak possibility by hacker on smart device, cloud storage, and virtual desktop Resolving leak possibility of plural AC on a variety of smart devices Not easy to transmit AC in a variety of smart devices Transmitting AC per financial agencies Retransmitting AC as updating Preparing measure if no HDD/USB or not permitted them Improving compatibility for Web Activating for mobile web Applying diversity smart devices such as chrome book 11

AC Service Model on Cloud Environment AC Service Model on Cloud To resolve AC issues on cloud service environment, managing AC by using secure server instead of devices can be leaked highly and studying suitable service model to use AC conveniently on cloud environment Using mobile phone anytime, anyplace Sharing multimedia anytime, anyplace Using AC anytime, anyplace 12

Basic Conditions for Cloud Authentication Service Showing basic conditions for trustworthy authentication service implementation, which can be used more comfortable AC and can be relieved leak possibility on a variety of devices, as below Categories Trustworthy Service Provider Secure storage and management on Server Secure storage and management on device Managing life cycle in focused on server Supporting a variety of devices and platforms Secure identification CA Contents Saving key information to be divided to plural servers. Even though someone gets key information, no gain private key without owner Not saved private key on non-volatile(hdd, USB) memory but saved on volatile Only saved accredited certificate on server as updating(not saved AC per devices) Supporting PC, Smart phone, Tablet, and Multi OS Identification using secure security means(two- Factor, Two-Channel) 13

Cloud Auth Service Flow Saved AC on auth-server as issued it on device, downloading it from auth-server by identification on device to be needed it (saved it on volatile memory, and removed it from volatile memory after finished) 1 AC to be issued has saved on auth- server with identification information 2 Downloading AC from auth-server after performing identification process in the instant that AC is necessary 3 Using AC 4 Removing AC after using it(auto) 14

Expected Effect of Cloud Auth Service Cloud auth service in future might be deal with AC and electronic documents effectively Unlike individual, Not easy to manage import and export for employee in case of corporation purpose AC In case of using auth-service, setting to control that specific staff can works specific task in specific times AC Management for individual and corporation It is possible to implement function for managing key thru identification of persons in charge(plural) As doing digital signature anywhere and anytime, generating electronic document to be attached digital signature Electronic Document Activation Reducing documents by digital signature, attributing to establish paperless environment 15

Considerations The Continuous Correspondence for Security Threats on Cloud Service Requested monitoring and updating as to a variety of security threats to be issued newly In case of not confirmed security by vulnerability of desktop virtual solution, applying additional security solution for resolving security vulnerability to reflect secure cloud auth service(in case of leaked key input information of subscribers, applying input information security solution) Studying continuous identification means such as biometric for secure identification, and reflecting them on field Studying Identification means Choose Service Happened repulsion about saving critical information to outer server 16

17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information