Digital latches for your digital Life
Upcoming SlideShare
Loading in...5
×
 

Digital latches for your digital Life

on

  • 8,462 views

Presentación impartida por Chema Alonso en las Universidades de Málaga, Almería, UEM y la Semana de la Informática de Valencia. https://latch.elevenpaths.com

Presentación impartida por Chema Alonso en las Universidades de Málaga, Almería, UEM y la Semana de la Informática de Valencia. https://latch.elevenpaths.com

Statistics

Views

Total Views
8,462
Slideshare-icon Views on SlideShare
2,021
Embed Views
6,441

Actions

Likes
0
Downloads
11
Comments
0

28 Embeds 6,441

http://www.elladodelmal.com 5247
http://feedly.com 766
http://feeds.feedburner.com 223
http://feedreader.com 38
http://buhosec.com 36
http://www.inoreader.com 25
http://feedproxy.google.com 17
http://digg.com 16
http://www.feedspot.com 14
http://www.diariotecnologia.es 11
http://reader.aol.com 8
http://127.0.0.1 6
http://www.google.es 5
http://plus.url.google.com 3
http://www.oodesk.com 3
https://reader.aol.com 3
http://seguridadinformatica.ga 3
http://recetasnaturales.org 3
https://www.commafeed.com 2
http://www.google.com.co 2
http://www.newsblur.com 2
http://webcache.googleusercontent.com 2
http://webmail.dulcesol.es 1
http://reader.aol.es 1
http://rss.0nl1ne.at 1
http://summary 1
https://reader.aol.es 1
http://mongui.es 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Digital latches for your digital Life Digital latches for your digital Life Presentation Transcript

    • Chema Alonso @chemaalonso chema@11paths.com http://www.elladodelmal.com
    • Incidentes de Seguridad
    • Dumps de identidades
    • BYOM (Bring Your Own Malware)
    • El enemigo a las puertas
    • Superficie de exposición • Los servicios están activos 24 x 7 x 365 • Solo usamos nuestras identidades un breve espacio de tiempo • Las cuentas deberían poder apagarse
    • Passwords+OTP SMS TOKEN 8762134
    • 2FA “classics” • Usuario necesita introducir un código • Despliege de SMS • Matriz de coordenadas es estática • Hardware tokens son caros • Usuario necesita introducir un código • Usuario no le gusta introducir un código
    • A la gente le gusta dormir la siesta (con el mando de la tele)
    • KISS (Keep It Spanish, Stupid)
    • Taking a cab To make her trip easier she decides to pay everything using a service, on her way to the office at the destination point she switches service on, so she can pay the taxi fare. Once done she switches her account off, minimizing the exposure to improper usage.
    • An alert of the service used! Fortunately her account was blocked by Latch, as Anna easily requested using the app. Alas, in the stopover someone tried to hack her service account. The attack was under control and no misuse was ever fulfilled.
    • ¿Cómo proteger una identidad?
    • “Latch” de una cuenta Latch Server 1.- Generate pairing code 2.- Temporary Pariring token My Site User Settings: Login: XXXX Pass: YYYY Latch: 4.-AppID+Temp pairing Token 5.- OK+Unique Latch 6.-ID Latch appears in app U L a t c h
    • Login en una Web Latch Server Latch app Latch1: OFF Latch2:ON Latch3:OTP Latch4:OFF …. My Bank Users DB: Login: XXXX Pass: YYYY Latch: Latch1 Login Page: Login:AAAA Pass:BBBB 1.- Client sends Login/password 2.- Web checks Credentials with Its users DB 3.- asks about Latch1 status 4.- Latch 1 is OFF 5.- Login Error 6.- Someone try to get Access to Latch 1 id. 2.- Check user/pass
    • Vamos a “Latchear”…
    • Hacer login con OTP Latch Server Latch app Latch1: OFF Latch2:ON Latch3:OTP Latch4:OFF …. My Bank Users DB: Login: XXXX Pass: YYYY Latch: Latch1 Login Page: Login:AAAA Pass:BBBB 1.- Client sends Login/password 2.- Web checks Credentials with Its users DB 3.- asks about Latch1 status 5.- Latch 1 is ON(OTP) 6.- OTP? 7.- Use this (OTP). 4.- Latch Server Generates OTP 2.- Check user/pass
    • Control Parental User Pass Login: User Pass: Pass Latch: Latch
    • User1 Pass1 User2 Pass2 Login: User2 Pass: Pass2 Latch: Latch2 Login: User1 Pass: Pass1 Latch: Latch1 Verificación de 4 ojos
    • 2 keys activation User1 Pass1 User2 Pass2 Asset Latch: Latch1 Latch: Latch 2
    • Operaciones latcheadas Latch Server Latch app Latch1: ON Op1:OFF Op2:ON OP3:OTP Latch 2: OFF …. My Bank Login: XXXX Pass: YYYY Latch: Latch1 Int_Trnas: Op1 Online Banking Send Money: 1231124343 1.- Client orders International Transactions 3.- asks Latch1:Op1 status 4.- Latch 1:Op1 is OFF 5.- Denied 6.- Someone try to do a Latch 1:Op1 Operation
    • User Pass Login: User Pass: Pass Latch: Latch Op1:Unlock Op2: OTP Supervision Why? Answer OTP
    • Monitoring Switch • With one latch – As many granularity as needed – Two status – OTP – User confs • Schedulle • AutoLock • Possible to re-act at status If Lock then {} Else {} Goto fail; Goto fail:
    • Sobre Latch • Privacidad: – AppIDs conoce los UniqueLatches pero no los UserLatches. – Latch Server conoce Latchets y AppID, pero no los usuarios/passwords • Robustez: – Si el servidor de Latch es comprometido la seguridad del sitio protegido sigue intacta. – No se guarda ningún dato sensible en Latch Server.
    • ¿Preguntas? • Chema Alonso • @chemaalonso • chema@11paths.com • http://www.elladodelmal.com • http://www.elevenpaths.com • https://latch.elevenpahts.com