Presentation is loading. Please wait.

Presentation is loading. Please wait.

CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007."— Presentation transcript:

1 CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007

2 A Wired World Who is online? 1 –73% of American adults –88% of 18-29 year-olds –91% of college-educated adults What are they doing? 2 –Communicating –Shopping –Banking 1.US users, April 2006 - http://www.pewinternet.org/pdfs/PIP_Internet_Impact.pdf 2.UK users, Q1 2005 - http://www.e-consultancy.com/publications/internet-stats- compendium/

3 The Identity Issue Strong authentication needed for online accounts –Permit remote access for authorized users –Allow the good guys in –Keep the bad guys out Typically done via username/password mechanism

4 The Problem with Passwords More online accounts = more passwords Complexity of passwords is limited by the human factor 3 Vulnerability is enhanced by the technology factor Password control is difficult 4 –Dissemination is too easy Once compromised, a password is no longer effective for authentication 3. http://www.schneier.com/blog/archives/2006/12/realworld_passw.htmlhttp://www.schneier.com/blog/archives/2006/12/realworld_passw.html 4. http://www.schneier.com/crypto-gram-0503.html#2http://www.schneier.com/crypto-gram-0503.html#2

5 The Risk of Theft Phishing attempts are on the rise 5 –Social engineering tricks users into divulging info –Crimeware steals account credentials directly 5. Anti-Phishing Working Group - http://www.antiphishing.org/

6 What’s Been Tried? Microsoft.NET Passport 6 and Sun Liberty Alliance 7 –Single sign-on services for web commerce –Privacy concerns –Relied on username/password paradigm Company-specific token authentication –A token for every site 6. Wikipedia - http://en.wikipedia.org/wiki/Microsoft_Passporthttp://en.wikipedia.org/wiki/Microsoft_Passport 7. Wikipedia - http://en.wikipedia.org/wiki/Liberty_Alliancehttp://en.wikipedia.org/wiki/Liberty_Alliance

7 A New Proposal Anonymous WAN authentication service –Used for any and all online accounts –Strong two-factor authentication –Limited information sharing Initial customers are Internet users Ultimate customers are online businesses

8 Two-factor Authentication 8 Something you know –A single PIN Plus something you have –Hardware token generating pseudo-random numbers Effectively changes your password every 60 seconds 8. RSA - http://www.rsasecurity.com/node.asp?id=1156

9 CertAnon Hardware Four global servers running RSA Authentication Manager RSA SecurID tokens available for retail purchase

10 CertAnon Software Public web service –Encrypted authentication request/response Free software modules for download by web site operators –Encourages adoption of CertAnon authentication

11 How Does It Work for Me? Buy a token –Anonymous purchase Register it with CertAnon –Anonymous registration Create a web account anywhere –Check the box “I use CertAnon” Link that account to your token –And off you go!

12 How About the Web Sites? Register servers with CertAnon Receive key to encrypt requests Make CertAnon authentication available to customers Authentication requests are sent to all CertAnon servers –First to respond is accepted

13 Benefits Consumers –Only one pin to remember –Authenticate without sharing identity –Increased security –Pay once, protect forever Businesses –Free for early adopters –No more password management –Close the “trust gap”

14 Pitfalls Requires adoption by consumers and businesses –Establish trust –Make it easy to get and easy to use Not a silver bullet –Part of defense-in-depth strategy Governmental resistance to anonymity –Similar hurdles faced by encryption products

15 It Can Be Done Available, affordable, and proven technology Targets a large and growing market Benefits consumers and online businesses Manageable project scope, scaleable product Build it and they will come!

16 Works Cited “Failure of Two-Factor Authentication.” Schneier on Security. 12 Jul. 2006. Bruce Schneier. 28 Jan. 2007. “Internet Penetration and Impact.” Pew/Internet. April 2006. Pew Internet & American Life Project. 28 Jan. 2007. “Internet Statistics Compendium - Sample.” E-consultancy.com. 9 Jan. 2007. E-consultancy.com LTD. 28 Jan. 2007. “Liberty Alliance.” Wikipedia. 25 Jan. 2007. Wikipedia. 28 Jan. 2007.

17 Works Cited (cont.) “Phishing Activity Trends: Report for the Month of November, 2006.” Anti-Phishing Working Group. Nov. 2006. Anti- Phishing Working Group. 28 Jan. 2007. “Real-World Passwords.” Schneier on Security. 14 Dec. 2006. Bruce Schneier. 28 Jan. 2007. “RSA SecurID Authentication.” RSA Security. 2007. RSA Security, Inc. 28 Jan. 2007. “Windows Live ID.” Wikipedia. 23 Jan. 2007. Wikipedia. 28 Jan. 2007.

Download ppt "CertAnon A Proposal for an Anonymous WAN Authentication Service David Mirra CS410 January 30, 2007."

Similar presentations

High Validation SSL Certificates Mike Davies Marketing Director VeriSign Security Services EMEA.

High Validation SSL Certificates Mike Davies Marketing Director VeriSign Security Services EMEA.
George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.

George Tubin Senior Analyst Consumer Banking © 2005 The Tower Group, Inc. May not be reproduced by any means without express permission. All rights reserved.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.

© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Identity Security Time to Share Nicolas Popp VeriSign MM/DD/YY - Session Code: 22 pt Arial.

Identity Security Time to Share Nicolas Popp VeriSign MM/DD/YY - Session Code: 22 pt Arial.
Lesson 11 Using Online Banking. Key Terms Account Transfer – online transfer of money; ex. Savings to checking acct. Fraud – using trickery to convince.

Lesson 11 Using Online Banking. Key Terms Account Transfer – online transfer of money; ex. Savings to checking acct. Fraud – using trickery to convince.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.

Mashing Up with User-Centric Identity America Online LLC John Panzer, Praveen Alavilli.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
Phishing – Read Behind The Lines Veljko Pejović

Phishing – Read Behind The Lines Veljko Pejović
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Understand the effects of e-commerce on society

Understand the effects of e-commerce on society
RSA SecurID November 10, 2005.

RSA SecurID November 10, 2005.
PayPal as an Additional Payment Option How Merchants Can Benefit When They Accept PayPal on Their Site.

PayPal as an Additional Payment Option How Merchants Can Benefit When They Accept PayPal on Their Site.
Digital Payment Systems

Digital Payment Systems
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 

Similar presentations

Ads by Google