Your SlideShare is downloading. ×
0
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Digital latches for your digital Life
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Digital latches for your digital Life

10,217

Published on

Presentación impartida por Chema Alonso en las Universidades de Málaga, Almería, UEM y la Semana de la Informática de Valencia. https://latch.elevenpaths.com …

Presentación impartida por Chema Alonso en las Universidades de Málaga, Almería, UEM y la Semana de la Informática de Valencia. https://latch.elevenpaths.com

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
10,217
On Slideshare
0
From Embeds
0
Number of Embeds
41
Actions
Shares
0
Downloads
19
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Chema Alonso @chemaalonso chema@11paths.com http://www.elladodelmal.com
  • 2. Incidentes de Seguridad
  • 3. Dumps de identidades
  • 4. BYOM (Bring Your Own Malware)
  • 5. El enemigo a las puertas
  • 6. Superficie de exposición • Los servicios están activos 24 x 7 x 365 • Solo usamos nuestras identidades un breve espacio de tiempo • Las cuentas deberían poder apagarse
  • 7. Passwords+OTP SMS TOKEN 8762134
  • 8. 2FA “classics” • Usuario necesita introducir un código • Despliege de SMS • Matriz de coordenadas es estática • Hardware tokens son caros • Usuario necesita introducir un código • Usuario no le gusta introducir un código
  • 9. A la gente le gusta dormir la siesta (con el mando de la tele)
  • 10. KISS (Keep It Spanish, Stupid)
  • 11. Taking a cab To make her trip easier she decides to pay everything using a service, on her way to the office at the destination point she switches service on, so she can pay the taxi fare. Once done she switches her account off, minimizing the exposure to improper usage.
  • 12. An alert of the service used! Fortunately her account was blocked by Latch, as Anna easily requested using the app. Alas, in the stopover someone tried to hack her service account. The attack was under control and no misuse was ever fulfilled.
  • 13. ¿Cómo proteger una identidad?
  • 14. “Latch” de una cuenta Latch Server 1.- Generate pairing code 2.- Temporary Pariring token My Site User Settings: Login: XXXX Pass: YYYY Latch: 4.-AppID+Temp pairing Token 5.- OK+Unique Latch 6.-ID Latch appears in app U L a t c h
  • 15. Login en una Web Latch Server Latch app Latch1: OFF Latch2:ON Latch3:OTP Latch4:OFF …. My Bank Users DB: Login: XXXX Pass: YYYY Latch: Latch1 Login Page: Login:AAAA Pass:BBBB 1.- Client sends Login/password 2.- Web checks Credentials with Its users DB 3.- asks about Latch1 status 4.- Latch 1 is OFF 5.- Login Error 6.- Someone try to get Access to Latch 1 id. 2.- Check user/pass
  • 16. Vamos a “Latchear”…
  • 17. Hacer login con OTP Latch Server Latch app Latch1: OFF Latch2:ON Latch3:OTP Latch4:OFF …. My Bank Users DB: Login: XXXX Pass: YYYY Latch: Latch1 Login Page: Login:AAAA Pass:BBBB 1.- Client sends Login/password 2.- Web checks Credentials with Its users DB 3.- asks about Latch1 status 5.- Latch 1 is ON(OTP) 6.- OTP? 7.- Use this (OTP). 4.- Latch Server Generates OTP 2.- Check user/pass
  • 18. Control Parental User Pass Login: User Pass: Pass Latch: Latch
  • 19. User1 Pass1 User2 Pass2 Login: User2 Pass: Pass2 Latch: Latch2 Login: User1 Pass: Pass1 Latch: Latch1 Verificación de 4 ojos
  • 20. 2 keys activation User1 Pass1 User2 Pass2 Asset Latch: Latch1 Latch: Latch 2
  • 21. Operaciones latcheadas Latch Server Latch app Latch1: ON Op1:OFF Op2:ON OP3:OTP Latch 2: OFF …. My Bank Login: XXXX Pass: YYYY Latch: Latch1 Int_Trnas: Op1 Online Banking Send Money: 1231124343 1.- Client orders International Transactions 3.- asks Latch1:Op1 status 4.- Latch 1:Op1 is OFF 5.- Denied 6.- Someone try to do a Latch 1:Op1 Operation
  • 22. User Pass Login: User Pass: Pass Latch: Latch Op1:Unlock Op2: OTP Supervision Why? Answer OTP
  • 23. Monitoring Switch • With one latch – As many granularity as needed – Two status – OTP – User confs • Schedulle • AutoLock • Possible to re-act at status If Lock then {} Else {} Goto fail; Goto fail:
  • 24. Sobre Latch • Privacidad: – AppIDs conoce los UniqueLatches pero no los UserLatches. – Latch Server conoce Latchets y AppID, pero no los usuarios/passwords • Robustez: – Si el servidor de Latch es comprometido la seguridad del sitio protegido sigue intacta. – No se guarda ningún dato sensible en Latch Server.
  • 25. ¿Preguntas? • Chema Alonso • @chemaalonso • chema@11paths.com • http://www.elladodelmal.com • http://www.elevenpaths.com • https://latch.elevenpahts.com

×