SBC 2012 - Modern Trends in Authentication (Văn Hải Sơn)

1,095 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,095
On SlideShare
0
From Embeds
0
Number of Embeds
504
Actions
Shares
0
Downloads
2
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

SBC 2012 - Modern Trends in Authentication (Văn Hải Sơn)

  1. 1. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 1 2The trend of modern Authentication Văn Hải Sơn | Email: sonvh@misoft-hcm.com
  2. 2. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 2 Contents 1. Authenticators 2 2. Fraud Threats 3. Man in The Browser 4. Mobile Authentication
  3. 3. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 3 Authenticators Something you know? (Password, thông tin cá nhân…) Something you have?  SmartCard, USB… 2  OTP: SMS, Token…  Voice: Phone Factor Something you is? (Biometric…)
  4. 4. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!The Evolution of Fraud Threats 4 man-in-the-middlekey loggers man-in-the-browser 2 DNS poisoning phishing SMS bypass spear-phishing mobile1995 2005 2012“script kiddies” & hackers organized crime
  5. 5. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!What happened in the RSA breach? 5 Finance person Opens to see 2012 RAT program installed receives Recruitment plan with utilizing a junk email .xls file 2 Adobe Flash vulnerability NMAP scan of network to Poison Ivy malware collect sensitive is initiated information Split file, encrypt, ftp RSA is in the Collect data over a to headlines period of time good.mincesur.com
  6. 6. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Man In The Browser 6 2 Intended communication Malware Tampered Communications Spear Phishing Fraudster Malicious Site
  7. 7. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! How does MITB work?1 User logs into 7 account Malware ‘wakes up’ 3 2 User initiates ACH2 or Wire Transfer 7 User views transaction (which look In the background, fine) and4 Malware intercepts & enters OTP modifies the user’s token request and sends it to the bank6 Malware intercepts site’s 5 Bank receives malware’s request, transaction detail sends transaction details for review confirmation, modifies and requests one-time-passcode them to correspond to (OTP) user’s initial request 8 Malware passes the bank the OTP, and the malware-modified transaction is completed
  8. 8. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Mobile Authentication 8 Voice Authentication Special Token 2 Customised Logo on Lens Customised Button Colour Customised Casing Colour
  9. 9. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! Mobile Authentication Out of Band 9 2
  10. 10. SECURITY BOOTCAMP 2012 | Make yourself to be an expert! 10 2

×