The document presents two solutions for secure internet banking authentication - one based on short-time passwords using a hardware security module, and the other based on certificates. It discusses current authentication threats like offline credential stealing and online channel breaking attacks. Both proposed solutions offer strong protection against these common attacks, with the certificate-based solution being highly attractive for the future as electronic IDs become more widely used among customers.
Security Analysis of Mobile Authentication Using QR-Codes csandit
The QR-Code authentication system using mobile application is easily implemented in a mobile
device with high recognition rate without short distance wireless communication support such
as NFC. This system has been widely used for physical authentication system does not require a
strong level of security. The system also can be implemented at a low cost. However, the system
has a vulnerability of tampering or counterfeiting, because of the nature of the mobile
application that should be installed on the user’s smart device. In this paper we analyze the
vulnerabilities about each type of architectures of the system and discuss the concerns about the
implementation aspect to reduce these vulnerabilities.
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
Login security breaches have become commonplace in recent years. We hear about phishing attacks, stolen passwords and malware that collects all of our keystrokes. Once these data breaches would have instigated a call to use stronger and more complex passwords, however research has shown that two-thirds of all breaches are specifically the result of weak or stolen passwords. The one-time reliable password has become the weakest link.
This is where two-factor authentication (2FA) steps in.
Two-factor authentication is a simple yet an extremely powerful way of increasing security via the user logon sequence by simply adding a second factor of authentication to the standard username and password.
Security Analysis of Mobile Authentication Using QR-Codes csandit
The QR-Code authentication system using mobile application is easily implemented in a mobile
device with high recognition rate without short distance wireless communication support such
as NFC. This system has been widely used for physical authentication system does not require a
strong level of security. The system also can be implemented at a low cost. However, the system
has a vulnerability of tampering or counterfeiting, because of the nature of the mobile
application that should be installed on the user’s smart device. In this paper we analyze the
vulnerabilities about each type of architectures of the system and discuss the concerns about the
implementation aspect to reduce these vulnerabilities.
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
Login security breaches have become commonplace in recent years. We hear about phishing attacks, stolen passwords and malware that collects all of our keystrokes. Once these data breaches would have instigated a call to use stronger and more complex passwords, however research has shown that two-thirds of all breaches are specifically the result of weak or stolen passwords. The one-time reliable password has become the weakest link.
This is where two-factor authentication (2FA) steps in.
Two-factor authentication is a simple yet an extremely powerful way of increasing security via the user logon sequence by simply adding a second factor of authentication to the standard username and password.
Abstract. The internet revolution has brought significant benefits to humanity. Undeniably, most businesses in both the public and private sectors now provide their services online through the internet. One of the businesses that have embraced the use of the internet to provide services to their customers is the banking sector. Banks obtain competitive advantage and increased productivity through the adoption of online banking. Bank customers enjoy online banking as it provides them with anytime, anywhere banking experience. Away from the benefits is the issue of security of customer transaction data and customer privacy. Many authors have proposed various solutions to address the online banking security problem but while some focus solely on client authentication, others dwell only on security of the data transfer channels. In this paper, we propose a cancellable biometric based authentication protocol which guarantees secure mutual authentication, customer privacy and offer a secure end-to-end transmission of customer transaction data. The protocol in this paper is designed using Biohashing, a biometric template protection technique and dual cryptographic algorithm that combines Advanced Encryption Standard (AES) and Data Encryption Standard algorithms. With these, we realized strong authentication and secure transaction information exchange protocol for online banking.
Keywords: Biohashing, Biocode, online banking, cancelable biometric, strong authentication, transaction data, multifactor authentication.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
4. 4
The authors present two challenge response Internet
banking authentication solutions
one based on short-time passwords
and one on certificates
attacks on authentication
transaction-signing option
ABSTRACTABSTRACT
5. 5
INTRODUCTIONINTRODUCTION
The Internet is an integral part of our
daily lives, and the proportion of people
who expect to be able to manage their
bank accounts anywhere, anytime is
constantly growing
This article describes current
Authentication threats and two proposed
solutions as well as how these solutions
can be extended in the face of more
complex future attacks
6. 6
ATTACKS ON AUTHENTICATION
Internet banking systems must
authenticate users before granting
them access to particular services.
successful authentication
eventually enables users to access
their private information. We can
classify all Internet banking
authentication methods according
to their resistance to two types of
common attacks
offline credential-stealing
attacks
online channel-breaking
attacks
7. Offline credential-stealing attacks
Security precautions can
help users protect
themselves from
malicious software.
For example-- installing
and maintaining a
firewall and up-to date
antivirus software,
regularly applying
operating system and
browser patches
7
8. Online channel-breaking attack
The intruder noticeably
intercepts messages between
the client PC and the
banking server by
masquerading as the server
to the client and vice versa
Online channel-breaking
attacks don’t necessarily
compromise the user’s
credentials but the
session’s credentials and
therefore typically require
the user-initiated banking
session to work properly.
8
9. AN ATTACK TAXONOMY
Taxonomy of Internet banking authentication methods. Methods
are classified according to their resistance against offline
credential-stealing and online channel-breaking attacks.
9
10. SHORT-TIME PASSWORD
SOLUTION
It uses symmetric cryptography in combination with a hardware
security module .
User authentication works as follows:
1. The user connects to the Internet banking
2. The user claims his or her identity by entering an account number
in the bank’s login form
3. The user opens his or her smart card by entering the corresponding
PIN in the reader before entering the given challenge.
4. The user manually copies the shown response to the bank’s login
form to be checked by the bank’s authentication server.
10
12. CERTIFICATE-BASED SOLUTION
User authentication works as
follows.
First, the user establishes an
SSL/TLS channel between
the user PC and
the bank’s Web server by
setting up an SSL/TLS
session without client
authentication.
Once the card is available,
its certificates become visible
in the Web browser.
12
13. 13
Conclusion
Internet banking has turned into
an arms race between financial
institutions and public network
attackers.
Both solutions offer high
security against common attacks.
However, changing legislation
and the eventually spread of e-IDs
among customers makes this
solution a highly attractive and
valuable alternative for the future.
This sub-section addresses why Internet security is a problem and how it came to be that we are depending on an infrastructure with fundamental vulnerabilities. updated 2000-08-07
Confidentiality Integrity Authentication Ensures that the origin of a message is correctly identified, with an assurance that the identity is not false Nonrepudiation Neither the sender nor the receiver of a message is able to deny the transmission Access Control Availability