Presentation is loading. Please wait.

Presentation is loading. Please wait.

User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa.

Similar presentations


Presentation on theme: "User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa."— Presentation transcript:

1 User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa

2 2 What is the process of securing a web application?

3 3

4 4 What is the most common method of end user security?

5 5 Password! (user name and password combination)

6 6 What is the weakest method for end user security?

7 7 Password!!

8 8 Why do we keep using the weakest form of security as the most widely used form of security?

9 9 Many reasons … Historical reasons Ease of use reasons Ease of deployment reasons

10 10 What are the alternatives for strengthening the security of end users?

11 11 Change from the paradigm of “something you know” to a “something you have” or “something you are”

12 12 What is practical for end users of web applications?

13 13 Something you have? A physical token Mag strip card Smart card with chip

14 14 A physical token based end user security scheme could be impractical At present, need specialized hardware This could change in the future

15 15 Something you are? A biometric Fingerprint scan Iris scan Retina scan

16 16 A biometric based end user security scheme could be impractical At present, need specialized hardware This could change in the future

17 17 What are the other alternatives?

18 18 Direct Two Factor Security Schemes

19 19 Combine “Something you know” with “Something you have” ATM card with PIN

20 20 Combine “Something you know” with “Something you are” Thumb print with Employee ID

21 21 The practical problems making direct two factor security schemes impractical still persists...

22 22 Are there any more alternatives?

23 23 Indirect Two Factor Security Schemes

24 24 The key idea is to use Two Channels of Communication

25 25 The First Channel Web Application Accessed through the computing device and Internet

26 26 The Second Channel Indirect Communication , SMS, Post

27 27 How does it work?

28 28 e-Post user enters the User ID Receives a randomly generated number in a SMS

29 29 Prerequisites Register the mobile phone number with e-Post Service Can be done at the time of registering for service

30 30 e-Post user enters the User ID Enters random number From a list of numbers received through Post

31 31 Prerequisites Receive the list of numbers periodically Users registered for services receive through post

32 32 Important Lesson #1 No secret password that a user needs to remember

33 33 Important Lesson #2 No special hardware or software required

34 34 Important Lesson #3 Must be usable Anytime Anywhere

35 35 Important Lesson #4 No single solution fits all users!

36 36 Important Lesson #5 Must be intuitive to use No learning curve No training

37 37 Important Lesson #6 Must be difficult for users to make mistakes

38 38 Important Lesson #7 Must be secure against hacking No stored secrets to steal!

39 39 Important Lesson #8 Must be secure against phishing No easy way to trick the user!

40 40 Important Lesson #9 Must be fast No complicated processing at the user (front end) or at the service (back end)

41 41 Important Lesson #10 Important Lesson #11 Important Lesson #12...

42 42 Thank You


Download ppt "User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa."

Similar presentations


Ads by Google