We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAlivia Chivington
Modified over 4 years ago
User Security for e-Post Applications Dr Chandana Gamage University of Moratuwa
2 What is the process of securing a web application?
4 What is the most common method of end user security?
5 Password! (user name and password combination)
6 What is the weakest method for end user security?
8 Why do we keep using the weakest form of security as the most widely used form of security?
9 Many reasons … Historical reasons Ease of use reasons Ease of deployment reasons
10 What are the alternatives for strengthening the security of end users?
11 Change from the paradigm of “something you know” to a “something you have” or “something you are”
12 What is practical for end users of web applications?
13 Something you have? A physical token Mag strip card Smart card with chip
14 A physical token based end user security scheme could be impractical At present, need specialized hardware This could change in the future
15 Something you are? A biometric Fingerprint scan Iris scan Retina scan
16 A biometric based end user security scheme could be impractical At present, need specialized hardware This could change in the future
17 What are the other alternatives?
18 Direct Two Factor Security Schemes
19 Combine “Something you know” with “Something you have” ATM card with PIN
20 Combine “Something you know” with “Something you are” Thumb print with Employee ID
21 The practical problems making direct two factor security schemes impractical still persists...
22 Are there any more alternatives?
23 Indirect Two Factor Security Schemes
24 The key idea is to use Two Channels of Communication
25 The First Channel Web Application Accessed through the computing device and Internet
26 The Second Channel Indirect Communication Email, SMS, Post
27 How does it work?
28 e-Post user enters the User ID Receives a randomly generated number in a SMS
29 Prerequisites Register the mobile phone number with e-Post Service Can be done at the time of registering for service
30 e-Post user enters the User ID Enters random number From a list of numbers received through Post
31 Prerequisites Receive the list of numbers periodically Users registered for services receive through post
32 Important Lesson #1 No secret password that a user needs to remember
33 Important Lesson #2 No special hardware or software required
34 Important Lesson #3 Must be usable Anytime Anywhere
35 Important Lesson #4 No single solution fits all users!
36 Important Lesson #5 Must be intuitive to use No learning curve No training
37 Important Lesson #6 Must be difficult for users to make mistakes
38 Important Lesson #7 Must be secure against hacking No stored secrets to steal!
39 Important Lesson #8 Must be secure against phishing No easy way to trick the user!
40 Important Lesson #9 Must be fast No complicated processing at the user (front end) or at the service (back end)
41 Important Lesson #10 Important Lesson #11 Important Lesson #12...
42 Thank You firstname.lastname@example.org
Numbers Treasure Hunt Following each question, click on the answer. If correct, the next page will load with a graphic first – these can be used to check.
2011年上半年 我院团学工作活动图片展播 2011年8月28日.
AP STUDY SESSION 2.
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 3 CPUs.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
Objectives: Generate and describe sequences. Vocabulary:
UNITED NATIONS Shipment Details Report – January 2006.
RXQ Customer Enrollment Using a Registration Agent (RA) Process Flow Diagram (Move-In) Customer Supplier Customer authorizes Enrollment ( )
David Burdett May 11, 2004 Package Binding for WS CDL.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination. Introduction to the Business.
We need a common denominator to add these fractions.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Properties of Real Numbers CommutativeAssociativeDistributive Identity + × Inverse + ×
Custom Statutory Programs Chapter 3. Customary Statutory Programs and Titles 3-2 Objectives Add Local Statutory Programs Create Customer Application For.
© 2019 SlidePlayer.com Inc. All rights reserved.