Gen AI in Business - Global Trends Report 2024.pdf
SBC 2012 - Modern Trends in Authentication (Văn Hải Sơn)
1. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
1
2
The trend of modern Authentication
Văn Hải Sơn | Email: sonvh@misoft-hcm.com
2. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
2
Contents
1.
Authenticators
2
2. Fraud Threats
3.
Man in The Browser
4.
Mobile Authentication
3. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
3
Authenticators
Something you know? (Password, thông tin cá nhân…)
Something you have?
SmartCard, USB… 2
OTP: SMS, Token…
Voice: Phone Factor
Something you is? (Biometric…)
4. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
The Evolution of Fraud Threats
4
man-in-the-middle
key loggers man-in-the-browser
2 DNS poisoning
phishing SMS bypass
spear-phishing
mobile
1995 2005 2012
“script kiddies” & hackers
organized crime
5. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
What happened in the RSA breach?
5
Finance person Opens to see 2012 RAT program installed
receives Recruitment plan with utilizing
a junk email .xls file 2 Adobe Flash vulnerability
NMAP scan of network to
Poison Ivy malware
collect sensitive
is initiated
information
Split file, encrypt, ftp RSA is in the
Collect data over a
to headlines
period of time
good.mincesur.com
6. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
Man In The Browser
6
2 Intended communication
Malware
Tampered Communications
Spear
Phishing
Fraudster
Malicious Site
7. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
How does MITB work?
1 User logs into 7
account
Malware ‘wakes up’ 3
2
User initiates ACH
2 or Wire Transfer
7
User views
transaction
(which look
In the background, fine) and
4
Malware intercepts & enters OTP
modifies the user’s token
request and sends it to
the bank
6
Malware intercepts site’s 5 Bank receives malware’s request,
transaction detail sends transaction details for review
confirmation, modifies and requests one-time-passcode
them to correspond to (OTP)
user’s initial request 8 Malware passes the bank the OTP, and
the malware-modified transaction is
completed
8. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
Mobile Authentication
8
Voice Authentication
Special Token 2
Customised
Logo on Lens
Customised
Button Colour
Customised
Casing Colour
9. SECURITY BOOTCAMP 2012 | Make yourself to be an expert!
Mobile Authentication
Out of Band 9
2