AUTHENTICATION FOR STRATEGISTS AND POLICY MAKERS ! "# & $ & * +$(#, * - . / * * 0) $' & $ & Lockstep IQPC E-Govt Evo Workshop Mar06 HANDOUTS.

Size: px

Start display at page:

Download "AUTHENTICATION FOR STRATEGISTS AND POLICY MAKERS ! "# & $ & * +$(#, * - *. * / * * 0) $' & $ & Lockstep IQPC E-Govt Evo Workshop Mar06 HANDOUTS."

Silvia Ward
5 years ago
Views:

1 ! "# $% & $ & () * +$(#, * - *. * / * * 0) $' & $ &

2 % 2 3#)$ ) $, 4 3 $566! / 7 * 3 * * 839 $' & $ & 1 3 $ * 3 3 * 3;< *. 89 * =$(5!!66 * > & $' & $ & :

3 3 * 0 # ;A03B&< * ))+$ * / C#$ D # D # )$ * ;@$ $< $) $' & $ &? 3 $' & $ &

4 30 * 3 * * A ;E< * 0 > * 3 0 7B 8@9 =5666 $7FF)))44 F$ F$#FG $' & $ &! %) C)$ $ ) )#) 4() 4 $' & $ & H

5 . $' & $ & 6 #, EOI Verify Authenticator Presentation Service Process Who is it? Credentials? Entitlements? Currency? $' & $ & 5

6 3$ #, Contract? Presentation Process Process Entitlements? Arrangements? Trust? Interoperability? Lifecycle? Service $' & $ & 55 $ * * D 30 * = * (3) * >B$ * - * $' & $ & 5

7 89 #, Pass-phrase Service Compare Fido Fido9 nehpets Jackson password <null> $' & $ & 51 D 30 #, Identifier Next number Compare Service $' & $ & 5:

8 = #, Measure Filter Digitise Algorithm Compare Service Template storage Template availability Accuracy Processing time $' & $ & 5? (3) #, 3 Identifier Pseudo random number Compare Service $' & $ & 5

9 8B$ 9 #, B0 Identifier Challenge Encrypt Response Compare Service $' & $ & 5! - #, B0 Identifier Transform Challenge Response Compare Service $' & $ & 5H

10 B$ #, B0 SMS Repeat Compare Service $' & $ & 56 #, & B) - Audit - Dispute Resolution - Re-wind Presentation $' & $ & Service Service Who did what to whom? - Transaction logs - Audit logs - Credentials d/b - Forensic investigation

11 #, / > Presentation Service Persistence over: - Time and - Distance $' & $ & 5 * * A03B&7 Electronic signature means data in electronic form in, affixed to or logically associated with, a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory s approval of the information contained in the data message $' & $ &

12 (3 > 10 Signature Requirement for signature (1) If, under a law of the Commonwealth, the signature of a person is required, that requirement is taken to have been met in relation to an electronic communication if: (a) in all cases a method is used to identify the person and to indicate the person s approval of the information communicated; and (b) in all cases having regard to all the relevant circumstances at the time the method was used, the method was as reliable as was appropriate for the purposes for which the information was communicated; and $' & $ & 1 > A03B&7 Enhanced electronic signature means an electronic signature in respect of which it can be shown, through the use of a security procedure, that the signature: (i) is unique to the signature holder for the purpose for which it is used; (ii) was created and affixed to the data message by the signature holder or using a means under the sole control of the signature holder; (iii) was created and is linked to the data message to which it relates in a manner which provides reliable assurance as to the integrity of the message $' & $ & :

13 / * # $ $#$ $ * * I # $ D 44$ $' & $ &? # * $ * * B$ $' & $ &

14 = $ *.$B;.B< D. D. D 3$ *.B,B;.BB< D.0 D 3$5 *. B2 D #J D J # $ $' & $ &! MEASURE FILTER DIGITISE ANALYSE DATABASE LOOK-UP Yes/No Dirt, sensor damage Angle / pressure / volume Injury, ageing Environmental noise Sensor error Sensor-to-sensor variation Filtering Modeling assumptions $' & $ & H

15 .B>.BB K$ MEASURE FILTER DIGITISE ANALYSE LOOK-UP No K MEASURE FILTER DIGITISE ANALYSE LOOK-UP Yes $' & $ & 6 = * $ * ) $ * 55$$#!>5L! Matsumoto et al Imact of Artificial Gummy Fingers on Fingerprint Systems Proceedings of SPIE Vol $' & $ & 1

16 = $ 3.BB.B.$.M: L L..MB3 5>L 5L M 03 5>L >?L.MN.$M $ B.B3N.B M 3 03N0 3 $' & $ & 15 /% Reference: Biometric Authentication Technologies: Hype Meets the Test Results Jim Wayman San Jose State University, 2002 $' & $ & 1

AI$ (3 O5"#,;4!?#< 3 3 ;#< ;#<. 16 1 6L?H!H 6 L.!1 H H5L?

17 AI$ (3 O5"#,;4!?#< 3 3 ;#< ;#< L?H!H 6 L.!1 H H5L? $' & $ & 11 = + * $ 2 *. * * -$ >$ * $7FF)))44FFFF55F55:F * $7FF)))4)#44FF * $7FF$ 4 F4 $' & $ & 1:

18 / $' & $ & 1? K ) 2 * &2 D & )>>K D >=>= D = P>> $' & $ & 1

19 K ) 2 * / )# 2 * 44K $ ) D ( D ( D (#J * =J D ## D D D K) $' & $ & 1! B 54 D # $2 D $ 2 4 $ D $ 2 D #2 14 & D # 2 D K ) 2 $' & $ & 1H

20 4B;5< > D 3 ; " "$< D D + D 8 39 $' & $ & 16 4B;< >$ D ;(< 5$ ;2< D ;/M< D 0 ;# 2< D I )Q 44 $' & $ & :

21 4B;1< D * 3). * * = #8 9 ;2< D * ) ;# < D # D K$ $' & $ & :5 # 54 3). D ) " 4 D $ "$ D :4 B #?4 B# 4 ;$ $$< $' & $ & :

22 $$# B #2 2.;?< B#;?< 5 RRRRR RRRR = R RR - 5 R RRRRR RRRRR RRR (34 R RRRRR I RRRRR RRRRR $' & $ & :1 $' & $ & ::

23 # PUBLIC READ_MAG1 EXTERN MD1_SEF (XDATA) ;buffer EXTERN XP (BIT) ;present EXTERN M1_CLK (BIT) ;clk bit M1_SS EQU 5 ;start sentinel M1_ES EQU 1FH ;end sentinel SEG CODE READ_1 PROC CALL MAG_ JZ L?RM1 CALL L?RM1: RET MAG_SAMP PROC MOV DPTR,#MS1_BUF MOV R1, ;sample ctr L?MS1: MOV R0,#8 ;bit start L?MS2: JB CP,L?MS4 JB M1_CLK,L?MS2 MOV C,M1_DQ L?MS3: JNB M1_CLK,L?MS3 INC DP INC R1 sample counter CJNE R1,IM,L?MS1 L?MS4: MOV A,R1 ;final counter $' & $ & :? # $' & $ & :

24 ) :7 ;<?! A 1L$ $ S56L $:7 Non-lending losses increased [through 2004] with higher levels of phishing and cheque fraud =. #".B.Q:?7 =$ $$ L T?7 ASIC issues alert as phishing reports double $7FF)4 4 F5>!1:6G1>?1:5??4 $7FF#P4 4 F#)F? 1F1?65424L1/5 $7FF)))4$4 F%GGGB$ G$G?4$ $' & $ & :! 3)#2 $' & $ & :H

25 3$ # E 3& M ) $7FF)))44 4 F F:F 6:4 $7FF)))44 4 F F:F 4F $' & $ & :6 The Failure of Two-Factor Authentication [Regular] Two-factor authentication won t work for remote authentication over the Internet =$ >? )))44 F$ >>?14U $' & $ &?

26 A # NIST Special Publication v1.0.1 Level 4 remote authentication 2 factors: hard token Must resist eavesdroppers Must resist man-in-the-middle attacks Only practical solution today uses PKI ==" "03.#? $7FF>$ 4 F#G F03G=4$ $' & $ &?5 M # Inquiry into Fraud and E-Commerce, Drugs and Crime Prevention Committee, 2004 The Victorian government should support the early roll-out of EMV standard computer-chip plastic cards for use in electronic transactions B 5H"$5!6 )))4$44 4F$FB$ F/G. G?>5>:4$ $' & $ &?

27 54K&&0 4B(0 %# $' & $ &?1 ; 4< K $' & $ &?:

Digital certificate authentication is generally considered one of the stronger authentication technologies,

28 0 3). E One reason phishing attacks are successful is that unsuspecting customers cannot determine they are being directed to spoofed Web sites during the collection stage of an attack. Digital certificate authentication is generally considered one of the stronger authentication technologies, and mutual authentication provides a defence against phishing and similar attacks. A.. - S)))44 F$F$55?4 $' & $ &?? 54K&&0 4B(0 K $' & $ &?

29 . $' & $ &?! &#.7 8 ) #) ) $ 9 8$"# # $ )# # P$ ) >" ) $$) 9 )))4$,#4 $' & $ &?H

30 * &# * ## * & D $& * " "/" $' & $ &?6 * / D = $$4 * K )> 2 D%C 2 * ) $ 2 D( ) $2 $' & $ &

31 I $' & $ & 5 IC * D = $ * D $ * D I * 80 >$ 9 D $' & $ &

32 IC# 54 3$" 8) ) ) 9 4 /# ); < 44"" 14 I8 $ V $$+,W 9 ==;03<I. "3 ".#? $7FF>$ 4 F#G F03G=4$ $' & $ & 1 A ;5< (I 8$$ 9 0)I # $> B $$ > (7$# >P> > > > /$ $==$$ ; " $ "J< $" #< - ## $' & $ & :

33 A ;< /4$I; >3.IX%< 8. #"$$ $$ ") -$49 I. "3$"$#? $' & $ &? 7 $ Security Printer Distribute bar codes Listing Rules Listings Satisfy Listing Rules & $ - Announcements Announcement Fax $' & $ &

34 7 $;< Distribute certificate Listing Rules Listings Satisfy Listing Rules & $ - Announcements Announcement Eform $' & $ &! I#$ * A+3( 5L XYNY $4 * * K * &M (#F * AI$+0M * #&##I> $# - * A.>5$ $' & $ & H

Bill Gates January 2003: Over time we expect most businesses will go to smart card ID 77M 65M 48M 100M Bill Gates February 2006: The password is dead New Queensland Driver Licence 2003 15 weeks Dell

35 Bill Gates January 2003: Over time we expect most businesses will go to smart card ID 77M 65M 48M 100M Bill Gates February 2006: The password is dead New Queensland Driver Licence weeks Dell Latitude with built-in smartcard reader 04 26M UK Chip and PIN rollout $' & $ & 6 05 Smart Medicare card 06? Human Services smartcard?? =B5:FF 8 ) 43 " )C$) "$) $) CJ ) 4 )#>> $$$ J C ## V% )W49 )))4 4 F#F$F F>5:B 4$ $' & $ &!

36 # 7 Z 0[. T$7 5 K I 7 : B3; < A7 : / / ;5:MQ < 5H M+- 3)7 AI7 55 $+0 M #716;$?L T?< $' & $ &!5 ( ;5</ $$ Prescription EVENT SUMMARY Sig (Dr) ;<( Test EVENT SUMMARY Sig (Dr) Sig (Pt Card) Medicare $' & $ &!

37 = * * # * $ ) ;$$$ $ < * # " ) $ $ * $ 8 $ V $$,W 9 * 4 $' & $ &!1 J 2203 $' & $ &!:

38 J E $' & $ &!?. * )))4 $4 4F# * )))4$ 4 F * $44 * )))4$4 $' & $ &!

$) \ $4 4$ :5::HHH?

39 / $% & $ ) \ $4 4 :5::HHH?5 $' & $ &!!

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013 MAESON MAHERRY 3 Factor Authentication and what it means to business. Date: 21/10/2013 Concept of identity Access Control User Self-Service Identity and Access Management Authoritive Identity Source User