advertisement

Todos Dynamic Signatures Next Generation Security Solution

50 %
50 %
advertisement
Information about Todos Dynamic Signatures Next Generation Security Solution

Published on December 9, 2008

Author: peter_gullberg

Source: slideshare.net

Description

A short presentation on Todos innovative concept of "Todos Dynamic Signatures", which is a risk based authentication solution
advertisement

Next generation innovative security solution Todos Dynamic Signatures www.todos.se

Next generation innovative security solution

Existing OTP and C/R solutions Challenge/Response is vulnerable to Man-in-the-Middle (MitM) attacks Transaction Data Signing does not add context; is “1133200” = “$ 11,332.00” or “1133-200” (account number)? Transaction Data Signing is sensitive to certain kind of cross channels attack we might see in the future One-time-password for transaction authorization is reaching end-of-life (both Event AND Time)

Challenge/Response is vulnerable to Man-in-the-Middle (MitM) attacks

Transaction Data Signing does not add context; is “1133200” = “$ 11,332.00” or “1133-200” (account number)?

Transaction Data Signing is sensitive to certain kind of cross channels attack we might see in the future

One-time-password for transaction authorization is reaching end-of-life

BANK Weakness with Challenge / Response MAN-IN-THE-MIDDLE (MitM) ATTACK INTERNET BANKING Man-in-the-Middle! SIGN MitM’S TRANSACTION TRANSACTION CHALLENGE RESPONSE CR MitM’s Perspective Internet Bank’s Perspective Response 123 456 Challenge 653 265 MitM’s transaction approved !! MitM

BANK Weakness with Challenge / Response MAN-IN-THE-MIDDLE (MitM) ATTACK INTERNET BANKING Man-in-the-Middle! SIGN MitM’S TRANSACTION TRANSACTION CHALLENGE RESPONSE CR MitM’s transaction approved !! MitM’s Perspective Internet Bank’s Perspective Response 123 456 Challenge 653 265 123 456 123 456 MitM Ordinary C/R device End-User’s Perspective LOGIN From : Private Savings 0458-55326 James A.A 0459-9658,326 Amount : $ 125,00 Transfer To : OK Cancel End-User’s Perspective LOGIN From : Private Savings 0458-55326 Mr Evil 9544-6663,002 Amount : $ 50 000,00 Transfer To : OK Cancel 653 265 Challenge: Response: 653 265 Challenge: Response:

What are other banks doing?

Case #1 Nordea Nordeas own words

Case #1 Nordea Nordea e-kod Nordea acted strong to re-establish trust Nordea replaced their existing one-time-password solution Nordea implemented stronger than CAP security solutions with ”Advanced Signing” The new security solution have effectively stopped all attacks on the internet bank

Nordea e-kod

Nordea acted strong to re-establish trust

Nordea replaced their existing one-time-password solution

Nordea implemented stronger than CAP security solutions with ”Advanced Signing”

The new security solution have effectively stopped all attacks on the internet bank

Case #2 ABN AMRO Source: Finextra 2/4-07

ABN AMRO e.dentifer2 ABN Amro had to act strongly One year later, in June-08 ABN Amro started deploying third generation security solution ”e.dentifier2” Protects banking customers over the next 5-7 years. True mitigation against Man-in-the-Middle attacks, with improved Transaction Data Signing with ”Sign-What-You-See” (SWYS) ” The most secure end-user device today” (ABN Amro’s own statement) Case #2 ABN AMRO

ABN AMRO e.dentifer2

ABN Amro had to act strongly

One year later, in June-08 ABN Amro started deploying third generation security solution ”e.dentifier2”

Protects banking customers over the next 5-7 years.

True mitigation against Man-in-the-Middle attacks, with improved Transaction Data Signing with ”Sign-What-You-See” (SWYS)

” The most secure end-user device today” (ABN Amro’s own statement)

A solution needs to handle many different services! Banking, Shopping, Government etc. It must be portable, trustworthy & attractive! Used everywhere It must host different security options! Security when needed, virus free environment, configurable; high risk, low risk, legal demands etc. Low total cost of ownership! Easy to use, Simple logistic Requirements FOR A SECURITY SOLUTION The authentication solution must be flexible , a simple one function device is no more…

A solution needs to handle many different services!

Banking, Shopping, Government etc.

It must be portable, trustworthy & attractive!

Used everywhere

It must host different security options!

Security when needed, virus free environment, configurable; high risk, low risk, legal demands etc.

Low total cost of ownership!

Easy to use, Simple logistic

Todos Dynamic Signatures The future of eBanking & eCommerce

Todos Dynamic Signatures (business rule agility) Mitigates Man-in-the-middle: The risk in the current transaction is analysed, and the user process flow is remotely controlled, based on the challenge value, to dynamically control which data fields that need to be signed in the transaction by the end-user Prevents cross channel attacks: The reader protects against cross channel attacks, by having separated buttons for; Login, Sign and e-commerce, where one response cannot be re-used in a different channel Future proof: The solution will secure the online bank over the next 5-7 years Risk based process flow: The reader supports the banks business processes, where the bank can make agile business decisions, which affects the business rules in the reader, decided by the bank in real-time

Mitigates Man-in-the-middle: The risk in the current transaction is analysed, and the user process flow is remotely controlled, based on the challenge value, to dynamically control which data fields that need to be signed in the transaction by the end-user

Prevents cross channel attacks: The reader protects against cross channel attacks, by having separated buttons for; Login, Sign and e-commerce, where one response cannot be re-used in a different channel

Future proof: The solution will secure the online bank over the next 5-7 years

Risk based process flow: The reader supports the banks business processes, where the bank can make agile business decisions, which affects the business rules in the reader, decided by the bank in real-time

Todos Dynamic Signatures, cont. (business rule agility) Informed consent: Dynamic Signatures allows customer to review and approve vital information in the transaction, to strengthen the act-of-will User convenience: 99.4% of all transactions are low risk, make sure these are user-friendly Connect and unconnected mode : The solution works both in connected and unconnected mode, enables a bank to use this for all channels

Informed consent: Dynamic Signatures allows customer to review and approve vital information in the transaction, to strengthen the act-of-will

User convenience: 99.4% of all transactions are low risk, make sure these are user-friendly

Connect and unconnected mode : The solution works both in connected and unconnected mode, enables a bank to use this for all channels

Todos Dynamic Signatures adds functionality to the process/device that forces the user to actively make decisions in the process , increasing customer awareness in the transaction process. The challenge decides which combination of questions to be asked. Todos Dynamic Signatures, act of will

Todos Dynamic Signatures LOW RISK Sign Cancel From Account Transaction data Privat acc 0458-3865,986 Privat acc 0458-6532,659 Amount 100,00 To Account 986 523 Challenge Response 567 890 Transaction Successful Sign Challenge? 986 523 Enter PIN? **** Response: 567 890 S IGN C ODE B UY L OGIN OK

Todos Dynamic Signatures HIGH RISK Sign Cancel From Account Transaction data Privat acc 0458-3865,986 James A.A 0459-9658,326 To Account 653 265 Challenge Response 723 905 Transaction Successful Sign Challenge? 635 265 Amount: 5 000,00 Enter PIN? **** Response: 723 905 Account Number 0459 9658 326 S IGN Acount 0459 9658 326 Amount 5 000,00 (EUR) C ODE B UY L OGIN OK

The solution is designed to meet changes in authentication demands due to; Handle new type of risks, emergency change of security levels and new and improved methods of managing risk in the future . You can at any time change the set of “chosen” questions! Todos Dynamic Signatures, risk based Function Low risk Medium risk High risk National transfer <1000€ OTP >1000€ C/R >10000€ C/R+DS International credit transfer N/A >100€ C/R+DS C/R+DS Recurring transfer Account to account transfer Online shopping transaction

Solves the problem of missing context for a particular transaction, supporting Act-of-Will (end-user awareness) Risk based system enabling the bank to control the risk in each and every transaction Allows low risk transactions to be carried out more easily and straight forward, i.e. C/R Only high-risk transactions will be handled in a more complex manor, i.e. SWYS Put more intelligence in the end-user’s device by pre-loading it with several action lists, i.e. templates Changing at one point (back-end) changes the behavior for all end user devices Leverages on MasterCard CAP / VISA dpa Todos Dynamic Signatures SUMMARY

Solves the problem of missing context for a particular transaction, supporting Act-of-Will (end-user awareness)

Risk based system enabling the bank to control the risk in each and every transaction

Allows low risk transactions to be carried out more easily and straight forward, i.e. C/R

Only high-risk transactions will be handled in a more complex manor, i.e. SWYS

Put more intelligence in the end-user’s device by pre-loading it with several action lists, i.e. templates

Changing at one point (back-end) changes the behavior for all end user devices

Leverages on MasterCard CAP / VISA dpa

- Do it whenever it is needed! With the tools you already have rolled out ” In 1996 we knew where our security level was at and the capability of the fraudster. Today we do not know when our solution will be hacked, we do however know that it will be” - Internet Bank Director Security Levels ” HOW MUCH DO WE NEED TO RAISE OUR SECURITY LEVEL AND WHEN?” DYNAMIC SIGNATURES SECURITY LEVEL 2008 1996 FRAUDSTER CAPABILITY

One step up is not enough… OTP Challenge Response SWYS Static Passwords Secure Domain Separation Dynamic Signatures ID THEFT KEY LOGGING PHISHING SPYWARE MAN-IN-MIDDLE MAN-IN-BROWSER Frauds are becoming more and more Sophisticated … and so is Fraud Mitigation ... Make sure you take a dynamic leap

Solution by Todos AUTHENTICATOR 300 217U 417U EZTOKEN SIGNATURE READER EZTOKEN PIN AUTHENTICATOR 214 ARGOS MINI TALK EZSIGN ECODE SERVER

Todos’ Promise A UNIQUE POSITION Todos holds a unique position by offering… … One system for all Solutions All devices can be used simultaneously One end-user can have multiple devices Multi issuer service Cost efficient with low total cost of ownership … a Wide range of Devices From Printed Cards, tokens to connectable Readers Enables true segmentation of users … High technical knowledge Secure Domain Separation Todos Dynamic Signatures – True agility Sign-What-You-See Customization: tailor made look and feel

Todos holds a unique position by offering…

… One system for all Solutions

All devices can be used simultaneously

One end-user can have multiple devices

Multi issuer service

Cost efficient with low total cost of ownership

… a Wide range of Devices

From Printed Cards, tokens to connectable Readers

Enables true segmentation of users

… High technical knowledge

Secure Domain Separation

Todos Dynamic Signatures – True agility

Sign-What-You-See

Customization: tailor made look and feel

Thank You Peter Gullberg VP Product Strategy [email_address]

Add a comment

Related pages

Next Generation Security with VMware NSX and Palo Alto ...

By leveraging the dynamic signature ... deployment of next-generation security services ... Networks next-generation firewall security policies ...
Read more

Intrusion Prevention System – Network Security Platform ...

McAfee Network Security Platform is a next ... Unlike traditional IPS solutions, it extends beyond signature ... Next-Generation Network Security;
Read more

Next-Generation Firewall (NGFW) | WatchGuard Technologies

WatchGuard Technologies' next-generation ... > Council Turns to WatchGuard Next-Generation Security for ... with our signature-based antivirus to detect ...
Read more

Next Generation Encryption - Cisco Systems

... Acceptable algorithms provide adequate security. Next generation ... adequate security levels, and next generation ... Solutions Group (GGSG) ...
Read more

Comprehensive Threat Protection in a Next-Generation ...

Comprehensive Threat Protection in a Next ... today’s security solutions need to ... AppSecure is a next-generation application security suite for ...
Read more

Next-Generation Firewall - Wikipedia, the free encyclopedia

Next-Generation Firewall vs. Traditional Firewall ... • Integrated signature based IPS engine ... Bolt-on security solutions ineffective ...
Read more

Next-generation network security - Security & Applications ...

... giving rise to a new generation of network security solutions like Next ... of network security solutions like Next Generation ...
Read more

Gemalto protects banks and card issuers against Card-Not ...

... Present fraud with next generation payment security ... Dynamic Code Verification solution provides banks ... complete CNP security solution, ...
Read more

App-ID: Identifying Any Application on Any Port

We provide enterprise-level network security solutions. ... Signatures are then applied to allowed ... Palo Alto Networks next-generation firewalls ...
Read more