SlideShare a Scribd company logo

Security Tokens

Download as PPT, PDF
T
tkisason
1 of 37
Secure communications and tokens Tonimir Ki šasondi, dipl.inf , EUCIP DORS/CLUC 2010
$ finger tkisason ,[object Object],[object Object],[object Object],[object Object],[object Object]
Summary ,[object Object],[object Object]
Authentication goals : ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Authentication goals : ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Authentication problem : ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Pyrit (http://code.google.com/p/pyrit/)
Authentication problem : ,[object Object],[object Object],[object Object]
Passwords : ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Passwords : ,[object Object],[object Object],[object Object],[object Object],[object Object]
Passwords : ,[object Object],[object Object],[object Object],[object Object]
Biometrics : ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Machete: Biometric password sniffer
Biometrics: ,[object Object],[object Object],[object Object],[object Object]
Smart Cards: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Smart Cards: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Smart Cards: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Smart Cards: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tokens : ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OPIE ,[object Object],[object Object],[object Object],[object Object],[object Object]
OPIE ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OPIE ,[object Object],[object Object],[object Object],[object Object]
OPIE
OPIE ,[object Object],[object Object],[object Object]
OPIE OTP’s can be generated with opiekey or another token generator (java,android,iphone app) tony@enigma:~$ opiekey 498 en1234 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: NUDE JAN ATE BOGY FIEF NAP tony@enigma:~$
OPIE You can precompute OTP’s and carry them with you or hand them out (single use method?) tony@enigma:~$ opiekey -n 5 498 en1234 … Enter secret pass phrase: 494: MOD SOIL DUMB OLDY ROOF RISE 495: LIMA HIT BUSS DIVE OUR SPY 496: CORK CORK MAN HOLM TURF MET 497: MUSH SAGE SO WEIR EVEN AMRA 498: NUDE JAN ATE BOGY FIEF NAP
OPIE ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Configuring PAM to work with OTP-s ,[object Object],[object Object],[object Object],[object Object],[object Object]
PAM configuration ,[object Object],[object Object],[object Object],[object Object],[object Object]
OATH – Initiative for open authentication ,[object Object],[object Object],[object Object]
OATH-HOTP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
OATH-HOTP ,[object Object],[object Object],[object Object],[object Object]
Yubikey ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
E nd rant… ,[object Object],[object Object]
E nd rant … ,[object Object]

Recommended

Troopers Diffray v1.1
Troopers Diffray v1.1Troopers Diffray v1.1
Troopers Diffray v1.1pinkflawd
 
Otp
OtpOtp
Otpdraihl
 
One-Time Password
One-Time PasswordOne-Time Password
One-Time PasswordAta Ebrahimi
 
Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free softwareGiuseppe Paterno'
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturesaurav5884
 
Old Linux Security Talk
Old Linux Security TalkOld Linux Security Talk
Old Linux Security TalkTanner Lovelace
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Passwords & security
Passwords & securityPasswords & security
Passwords & securityPer Thorsheim
 

Recommended

Troopers Diffray v1.1
Troopers Diffray v1.1Troopers Diffray v1.1
Troopers Diffray v1.1pinkflawd
 
Otp
OtpOtp
Otpdraihl
 
One-Time Password
One-Time PasswordOne-Time Password
One-Time PasswordAta Ebrahimi
 
Creating OTP with free software
Creating OTP with free softwareCreating OTP with free software
Creating OTP with free softwareGiuseppe Paterno'
 
Digital Signature
Digital SignatureDigital Signature
Digital Signaturesaurav5884
 
Old Linux Security Talk
Old Linux Security TalkOld Linux Security Talk
Old Linux Security TalkTanner Lovelace
 
Strong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIIStrong Authentication in Web Application #SCS III
Strong Authentication in Web Application #SCS IIISylvain Maret
 
Passwords & security
Passwords & securityPasswords & security
Passwords & securityPer Thorsheim
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.pptUskuMusku1
 
C0210014017
C0210014017C0210014017
C0210014017researchinventy
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
lamacchia-palladium
lamacchia-palladiumlamacchia-palladium
lamacchia-palladiumNed Hayes
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
Perl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingPerl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingVlatko Kosturjak
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 

More Related Content

Similar to Security Tokens

Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsqqlan
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...EC-Council
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)Avansa Mid- en Zuidwest
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.pptUskuMusku1
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testersE D Williams
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itZoltan Balazs
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Cyber Security Alliance
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Password hacking
Password hackingPassword hacking
Password hackingMr. FM
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key loggerPatel Mit
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
lamacchia-palladium
lamacchia-palladiumlamacchia-palladium
lamacchia-palladiumNed Hayes
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-daysZoltan Balazs
 
Perl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingPerl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingVlatko Kosturjak
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Password hacking
Password hackingPassword hacking
Password hackingAbhay pal
 

Similar to Security Tokens (20)

Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via smsD1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
 
Password Attack
Password Attack Password Attack
Password Attack
 
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
Hacker Halted 2014 - RDP Fuzzing And Why the Microsoft Open Protocol Specific...
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
BCS_PKI_part1.ppt
BCS_PKI_part1.pptBCS_PKI_part1.ppt
BCS_PKI_part1.ppt
 
C0210014017
C0210014017C0210014017
C0210014017
 
SSH for pen-testers
SSH for pen-testersSSH for pen-testers
SSH for pen-testers
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
Ransomware - what is it, how to protect against it
Ransomware - what is it, how to protect against itRansomware - what is it, how to protect against it
Ransomware - what is it, how to protect against it
 
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100Create a-strong-two-factors-authentication-device-for-less-than-chf-100
Create a-strong-two-factors-authentication-device-for-less-than-chf-100
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2
 
Password hacking
Password hackingPassword hacking
Password hacking
 
password cracking and Key logger
password cracking and Key loggerpassword cracking and Key logger
password cracking and Key logger
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
lamacchia-palladium
lamacchia-palladiumlamacchia-palladium
lamacchia-palladium
 
How to hide your browser 0-days
How to hide your browser 0-daysHow to hide your browser 0-days
How to hide your browser 0-days
 
Perl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingPerl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testing
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Password hacking
Password hackingPassword hacking
Password hacking
 

Security Tokens

  • 1. Secure communications and tokens Tonimir Ki šasondi, dipl.inf , EUCIP DORS/CLUC 2010
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23. OPIE
  • 24.
  • 25. OPIE OTP’s can be generated with opiekey or another token generator (java,android,iphone app) tony@enigma:~$ opiekey 498 en1234 Using the MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: NUDE JAN ATE BOGY FIEF NAP tony@enigma:~$
  • 26. OPIE You can precompute OTP’s and carry them with you or hand them out (single use method?) tony@enigma:~$ opiekey -n 5 498 en1234 … Enter secret pass phrase: 494: MOD SOIL DUMB OLDY ROOF RISE 495: LIMA HIT BUSS DIVE OUR SPY 496: CORK CORK MAN HOLM TURF MET 497: MUSH SAGE SO WEIR EVEN AMRA 498: NUDE JAN ATE BOGY FIEF NAP
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.