Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution


Published on

Aradiom Presentation on "How to Choose 2FA Solution" at Mobey Forum in Oslo, September 2008, that highlights SolidPass, mobile soft-token 2FA solution, and its ability to protect against various cyber threats such as Phishing, Man-in-the-Middle and DNS Cache Poisoning.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Mobey Forum Oslo Aradiom Presentation - How to Choose 2FA Security Solution

    1. 1. Mobile Trust Services: How to Choose a 2FA Solution? Mobey Forum Oslo 23 September 2008
    2. 2. Financial Services Market Today <ul><li>Loss from cyber fraud in the U.S. in 2007: $239.09M , an all time high </li></ul>Sources: Internet Crime Complaint Center (IC3), 2007 Internet Crime report and independent research from InfoSecurity Media Group Password phishing sites increased by 559% in 2007, 80% targeted at banking and financial services institutions <ul><ul><li>Ever evolving cyber threats : </li></ul></ul><ul><ul><li>Phishing attacks </li></ul></ul><ul><ul><li>Man-in-the-Middle attacks </li></ul></ul><ul><ul><li>Brute Force attacks on PIN </li></ul></ul><ul><ul><li>Cloning </li></ul></ul><ul><ul><li>Reverse Engineering </li></ul></ul><ul><ul><li>Email spoofing </li></ul></ul><ul><ul><li>Trojans </li></ul></ul><ul><ul><li>and many more… </li></ul></ul><ul><li>Regulatory Pressure : </li></ul><ul><li>FFIEC Guidance on 2FA </li></ul><ul><li>PCI Data Security Standards </li></ul><ul><li>FACTA Identity Theft Red Flags </li></ul>
    3. 3. Effectiveness of Existing 2FA Solutions <ul><li>Example: “Silent Banker” Trojan </li></ul><ul><li>A malware enters a user’s system without being detected. </li></ul><ul><li>When the user logs into the bank’s Website, it can: </li></ul><ul><li>inject itself into the middle of ongoing banking transactions redirect users to an attack-controlled server </li></ul><ul><li>perform man-in-the-middle attacks on valid transactions </li></ul><ul><li>silently change the user-entered destination bank account details to the attacker's account details in the middle of a transaction </li></ul>
    4. 4. Effectiveness of Existing 2FA Solutions <ul><li>Example: “Silent Banker” Trojan </li></ul><ul><li>Minimum 2FA requirement for prevention against this type of attack: </li></ul><ul><li>Timed OTP </li></ul><ul><li>2-way signing - transaction details authenticated to the users </li></ul><ul><li>Conventional 2FA is not enough! </li></ul>
    5. 5. Effectiveness of Existing 2FA Solutions <ul><li>Example: “Silent Banker” Trojan </li></ul><ul><li>How SolidPass TM protects customers from these types of attacks: </li></ul><ul><li>1. Security Question </li></ul><ul><li>2. Transaction Signing (Bank verifies transaction via encrypted challenge code) </li></ul><ul><li>3. Secure code generation: software works offline </li></ul>
    6. 6. Effectiveness of Existing 2FA Solutions Types of Cyber fraud Brute force attack DNS cache poisoning Pharming Phishing Man in the Middle Trojan Reverse Engineering Existing Solutions Mobile software tokens Hardware tokens Mobile SMS OTPs Mobile TAN/OTP TAN/OTP Lists Mobile Signature Biometrics Call based (mobile or landline) ARE WE REALLY SECURE?
    7. 7. Factors to Consider When Choosing an Appropriate 2FA Solution <ul><li>Customizable levels of security </li></ul><ul><li>Not just 2factor, also 2-way authentication </li></ul><ul><li>Ease of use / Convenience </li></ul><ul><li>Flexibility </li></ul><ul><li>Cost </li></ul><ul><li>Interoperability </li></ul><ul><li>Maintenance </li></ul>
    8. 8. 2FA embedded - SolidPass <ul><li>Aradiom SolidPass is a multi-purpose software token , residing on your customers mobile phone, for generating One Time Password (OTP) to authanticate transactions /logins </li></ul><ul><li>Two-way (2WA) , two-factor (2FA) intelligent authentication solution consisting of a robust mechanism : </li></ul><ul><ul><li>Combination of </li></ul></ul><ul><ul><ul><li>time, challenge - response , operation info, optional security question </li></ul></ul></ul><ul><ul><li>Mobile operator independent </li></ul></ul><ul><ul><li>Option to add security questions </li></ul></ul>
    9. 9. About Aradiom <ul><li>An international leader in mobile application and platform development technology </li></ul><ul><li>Provides best-in-class mobile enterprise solutions </li></ul><ul><li>Key products include: </li></ul><ul><ul><li>Aradiom Mobile Framework™, easy to use Java application development platform </li></ul></ul><ul><ul><li>SolidPass™ , embedded security solution </li></ul></ul><ul><ul><li>QuickBank™, mobile banking solution </li></ul></ul><ul><ul><li>QuickCity™, portal for cities and municipal agencies </li></ul></ul><ul><li>Founded i n 2002 </li></ul><ul><li>Headquartered in Austin with offices in New York, Zurich and Istanbul. </li></ul><ul><li> </li></ul>