BANKING ON CRYPTOGRAPHY & BIOMETRICS
|
|
- Regina Perry
- 6 years ago
- Views:
Transcription
1 BANKING ON CRYPTOGRAPHY & BIOMETRICS Tony Chew, Director / Specialist Advisor MONETARY AUTHORITY OF SINGAPORE
2 WHY WE NEED CRYPTOGRAPHY The only known practical means of protecting data in a communications network. System security tool for online banking, payments e-commerce and m-commerce to achieve: a) confidentiality b) integrity c) authentication d) digital signature
3
4 LARGEST KNOWN DATA BREACH CONSPIRACY 160 million credit cards hacked ( ) Global Payment Systems Heartland Payment Systems Visa Jordan / Commidea/ DexiaBank Wet Seal / 7-Eleven / JetBlue Airways JC Penney / Carrefour / Hannaford Euronet/ Dow Jones / Nasdaq Diners Singapore / Ingenicard
5
6 Attacks on payments systems have exploded in the past two years said the US Secret Service ATM skimming fraud is costing the US banking industry about $1 billion each year. According to the US Secret Service, payment card fraud in America is at least $8 billion annually. According to the National Retail Federation, credit card fraud exceeded $11 billion in 2012.
7
8 WHAT IS CRYPTOGRAPHY? Encryption and decryption Permutation, substitution = product cipher Symmetric cipher: same secret key to encrypt, decrypt Asymmetric cipher: public key, private key
9 CIPHERS AND HASH FUNCTIONS Algorithm Key Length Weak Strong DES RC4 SSL RSA ECC MD5 128 SHA /192/256 AES 128/192/256
10 ENCRYPTION ALGORITHM 3DES Key size: 168 bits
11 ENCRYPTION ALGORITHM AES 256
12 HASHING ALGORITHM SHA256
13 ebanking & ATM/POS SYSTEMS ATM NETWORKS PSTN / WIFI INTERNET WEB SERVER IVR /BIOMETRICS ATM / EFTPOS CARDS/M-APPS AUTHENTICATION VERIFICATION AUTHORISATION CORE BANKING SYSTEM
14 ONLINE BANKING SECURITY ARCHITECTURE Crypto Server OTP verification APPLET HOST Firewall IPS Sensor AVS SECURE SOCKETS LAYER (SSL) + APPLICATION LAYER END TO END ENCRYPTION Customer ID PIN (encrypted) Web Server Application Server Database Server HSM 4 types of OTP with Transaction Alerts Cryptographic functions
15
16
17 PIN MECHANICS A/C # KEY DES Chosen PIN Derived PIN PIN OFFSET
18 PIN VERIFICATION A/C # Chosen PIN HSM calculates new Derived PIN from A/C # then adds it to previously stored PIN OFFSET for comparison with Chosen PIN
19 ATM NETWORKS SHARED LOCAL NETWORK: >2,000 ATMs in Singapore State Bank of India Global Networks:
20 SHARED ATM NETWORKS PIN encryption PIN encryption PIN encryption
21 ATM5 NETWORK ATMs at 153 locations ekc(pin) ekm(pin) ekh(pin) CIRRUS State Bank of India
22 KEY EXCHANGE A B C D E F
23 KEY EXCHANGE PERMUTATION Number of keys : n(n-1)/2 = 6(6-1)/2 = 15 A B C D E F B C D E F C D E F D E F E F F Total
24 DES KEY MANAGEMENT Key generation KM KKE KDE Master keys Key encrypting keys Data encrypting keys Key distribution Key installation Key recovery
25 KEY MANAGEMENT KT1 KT2 KTn ekm(kde1) ekm(kde2) ekm(kden) SCM KM
26 HIERARCHY OF KEYS KM KT KMO KM1 KM2 KMn ekmo((kde) ekm1(kt) KT ekt(kde) ekde(pin) SCM HOST ATM RANDOM # = ekmo(kde) EN[eKMO(KDE), PIN] = ekde(pin) DE[eKMO(KDE), ekde(pin)] = PIN (disallowed) VE[eKMO(KDE), ekde(pini), ekm2(pinv)] KT
27 $45 MILLION ATM HEISTS
28 Note: acquiring bank layer is not shown Note: acquiring bank layer is not shown BANKNET $5M $40M
29
30 ANATOMY OF A MAGNETIC STRIPE ; nnnn nnnn nnnn nnnn = YYMM SVC DDDDDDDDCVV X Start Card Number Separator Expiry Date Service Code Discretionary End Track 1 Track 2 Track 3 THE ACHILLES HEEL OF PAYMENT CARD SECURITY 30
31 CHIP AND MAGNETIC STRIPE 916 Card Number Expiry Date Service Code Discretionary CVC THE ACHILLES HEEL OF PAYMENT CARD SECURITY
32 CARD DATA AND PERSONAL DETAILS OF 110 MILLION CUSTOMERS WERE HACKED BETWEEN 27 NOV AND 15 DEC 2013.
33
34 ENCRYPTION FORMAT IN ECB MODE 1. XOR PIN AND PAN 2. CONCATENATE PIN AND TRANSACTION NUMBER 3. PAD PIN WITH RANDOM VALUE 4. PAD PIN WITH FIXED VALUE
35
36 PAYMENT CARD FRAUD WHAT DO WE KNOW? HOW MUCH DO WE KNOW?
37 PAYMENT CARD AND ONLINE BANKING SECURITY ENHANCEMENT ROADMAP DDA Credit/Debit Chip Card Migration DDA ATM Chip Card Migration One Time Password for Card Not Present New/Replacement Card Activation Cessation of Domestic Magstripe Transactions for Credit/Debit Card Transaction Alerts Deactivation of Overseas Cash Withdrawal for ATM Card Transaction Signing for Online Banking Deactivation of Overseas Use of Magstripe for Credit/Debit/Prepaid Card Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q 1Q 2Q 3Q 4Q DDA: Dynamic Data Authentication ATM: Automated Teller Machine
38 ONLINE BANKING SECURITY ARCHITECTURE Security Server OTP & Biometrics HOST APPLET Firewall SSL IPS Sensor AVS APPLICATION LAYER END TO END ENCRYPTION Customer ID PIN Configuration Management Controls Transaction Signing (1 January 2013) Web Server Application Server Database Server HSM BIOMETRICS 38 Cryptographic functions
39
40 BIOMETRICS
41 AUTHENTICATION WHAT YOU KNOW WHAT YOU HAVE WHO YOU ARE (BIOMETRICS) The automatic identification or identity verification of living persons based on behavioural and physiological characteristics.
42 BIOMETRICS A general term to describe a process or a characteristic. 1. Automated methods of recognizing a person based on measurable behavioural and physiological characteristics. 2. A measurable physiological and behavioural trait that can be used for automated recognition.
43 SURVEY BANKS Australia Belgium Brazil Brunei Canada Chile China Germany Indonesia Ireland Israel Italy Japan Jordan Pakistan Poland Mexico Panama Russia Spain Turkey UAE UK USA
44 BARCLAYS
45
46 iphone5s Touch ID
47 Apple iphone 5S Touch ID Laser-cut sapphire crystal Tactile switch Touch ID sensor Stainless steel detection ring FAR = 0.002%
48 VENDOR CLAIMS OF BIOMETRIC ACCURACY FINGERPRINT / AuthenTec FAR % FRR 1.0% FINGER-VEIN / Hitachi-Omron FAR % FRR 0.01% PALM-VEIN / Fujitsu FAR % FRR 0.01%
49 VOICE BIOMETRICS
50
51
52
53
54 BASIC COMPONENTS OF A BIOMETRIC SYSTEM Decision Module
55 TOP FIVE THREATS TO BIOMETRICS 1. IMPERSONATION 2. CIRCUMVENTION 3. SUBSTITUTION 4. REPUDIATION 5. COERCION
56 finis
BCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationBIOMETRIC MECHANISM FOR ONLINE TRANSACTION ON ANDROID SYSTEM ENHANCED SECURITY OF. Anshita Agrawal
BIOMETRIC MECHANISM FOR ENHANCED SECURITY OF ONLINE TRANSACTION ON ANDROID SYSTEM 1 Anshita Agrawal CONTENTS Introduction Biometric Authentication Fingerprints Proposed System Conclusion References 2 INTRODUCTION
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationPut Identity at the Heart of Security
Put Identity at the Heart of Security Strong Authentication via Hitachi Biometric Technology Tadeusz Woszczyński Country Manager Poland, Hitachi Europe Ltd. 20 September 2017 Financial security in the
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationSmart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security
Smart Cards and Authentication Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security Payment Landscape Contactless payment technology being deployed Speeds
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationVulnerability and security issues in Auto teller machine transactions
Vulnerability and security issues in Auto teller machine transactions NAVNEET SHARMA Sr. Asstt. Professor Dept. of Computer Sc. The IIS University, Jaipur, Rajasthan, India E-Mail navneetsharma1977@gmail.com
More informationGlenda Whitbeck Global Computing Security Architect Spirit AeroSystems
Glenda Whitbeck Global Computing Security Architect Spirit AeroSystems History 2000 B.C. Egyptian Hieroglyphics Atbash - Hebrew Original alphabet mapped to different letter Type of Substitution Cipher
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationHARDWARE SECURITY MODULES (HSMs)
HARDWARE SECURITY MODULES (HSMs) Cryptography: The basics Protection of data by using keys based on complex, randomly-generated, unique numbers Data is processed by using standard algorithms (mathematical
More informationCompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals
CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals This course contains copyrighted material used by permission of Logical Operations, Inc. Slide 1 Course 01: Security Fundamentals The Information
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationIntroduction to information Security
First lecture Introduction to information Security Why Computer and information Security Cryptography Secret key algorithms: DES/AES Public key algorithms: RSA One-way hash functions & message digests:
More informationCredit Card/-i PIN & PAY - Frequently Asked Questions
Credit Card/-i PIN & PAY - Frequently Asked Questions 1. About PIN & PAY Implementation of PIN & PAY card is an industry-wide initiative to replace signature cards with PIN-enabled cards. From 1 July 2017
More informationPayment Security: Attacks & Defences
Payment Security: Attacks & Defences Dr Steven J Murdoch University College London COMPGA03, 2014-12-02 UK fraud is going up again Chip & PIN deployment period Losses ( m) 0 50 100 150 200 250 300 Card
More informationLecture III : Communication Security Mechanisms
Lecture III : Communication Security Mechanisms Internet Security: Principles & Practices John K. Zao, PhD (Harvard) SMIEEE Computer Science Department, National Chiao Tung University 2 X.800 : Security
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationWHAT FUTURE FOR CONTACTLESS CARD SECURITY?
WHAT FUTURE FOR CONTACTLESS CARD SECURITY? Alain Vazquez (alain.vazquez@louveciennes.sema.slb.com) 1/27 AV Contents Major contactless features : summary Contactless major constraints Major security issues
More informationWelcome to Baker McKenzie Stockholm Fifth Annual Trade Day. 7 November 2017
Welcome to Baker McKenzie Stockholm Fifth Annual Trade Day 7 November 2017 Software Classification and Security Alison Stafford Powell and Olof König 3 4 Alison J. Stafford Powell Partner Baker McKenzie
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationEzetap V3 Security policy
Ezetap V3 Security policy Page 1 Document changes Date Version Description 01 Feb 2015 Draft Initial document 08 Sep 2015 0.1 Added Key management 22 sep 2015 0.2 Specified security settings configuration
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationII. LITERATURE SURVEY
Secure Transaction By Using Wireless Password with Shuffling Keypad Shweta Jamkavale 1, Ashwini Kute 2, Rupali Pawar 3, Komal Jamkavale 4,Prashant Jawalkar 5 UG students 1,2,3,4, Guide 5, Department Of
More informationCryptography Introduction
Cryptography Introduction Last Updated: Aug 20, 2013 Terminology Access Control o Authentication Assurance that entities are who they claim to be o Authorization Assurance that entities have permission
More informationHow does the Prepaid Travel Card work?
How does the Prepaid Travel Card work? The American Airlines Federal Credit Union ( Credit Union ) Prepaid Travel Card is a reloadable prepaid card, which means you can spend up to the value placed on
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationPrinciples of Information Security, Fourth Edition. Chapter 8 Cryptography
Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationStep 1: New Portal User User ID Created Using IdentityIQ (IIQ)
Rockwell Automation PartnerNetwork Portal Single Sign-on (SSO) Login to Rockwell Automation PartnerNewtork Portal for Commercial Programs Participants Scope: This job aid provides instructions on how to
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationJordan Levesque - Keeping your Business Secure
Jordan Levesque - Keeping your Business Secure Review of PCI Benefits of hosting with RCS File Integrity Monitoring Two Factor Log Aggregation Vulnerability Scanning Configuration Management and Continuous
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationInnovative Fastening Technologies
Innovative Fastening Technologies Corporate Overview 2011 Update Infastech is one of the world s largest producers of engineered mechanical fasteners with revenues exceeding USD500 million and an industry
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationCarrier Services. Intelligent telephony. for over COUNTRIES DID NUMBERS. All IP
Carrier Services All IP Intelligent telephony In current times, being connected to the telephone network just isn t enough anymore; one needs to be INTERconnected with it, as it all has become IP. Along
More informationAuthentication Technologies
Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys), something
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationCIS 4360 Secure Computer Systems Biometrics (Something You Are)
CIS 4360 Secure Computer Systems Biometrics (Something You Are) Professor Qiang Zeng Spring 2017 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors)
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationATM Cash-out Attacks. Susan Langford, Ph.D. Atalla Sr. Cryptographer
ATM Cash-out Attacks Susan Langford, Ph.D. Atalla Sr. Cryptographer About HP Atalla Security Products Founded 1972, HP 2002, HP Enterprise Security Products 2012 Trusted security partner in the Financial
More informationDATA APPENDIX. Real Exchange Rate Movements and the Relative Price of Nontraded Goods Caroline M. Betts and Timothy J. Kehoe
DATA APPENDIX Real Exchange Rate Movements and the Relative Price of Nontraded Goods Caroline M. Betts and Timothy J. Kehoe I. ORIGINAL SERIES: DESCRIPTION A. ANNUAL AND QUARTERLY SERIES 1a. MARKET EXCHANGE
More informationSystems Analysis and Design in a Changing World, Fourth Edition
Systems Analysis and Design in a Changing World, Fourth Edition Learning Objectives Discuss examples of system interfaces found in information systems Define system inputs and outputs based on the requirements
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationSankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank
Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationCharter Pacific Biometrics Acquisition
Charter Pacific Biometrics Acquisition Charter Pacific Biometrics Acquisition Charter Pacific has executed a Share Purchase Agreement to acquire 100% of Microlatch. Charter Pacific/Microlatch has a patent
More informationWHITE PAPER 2019 AUTHENTICATOR WHITE PAPER
WHITE PAPER 2019 AUTHENTICATOR WHITE PAPER 1 The Background to the WIZZIT Authenticator THE EVOLUTION OF AUTHENTICATION At its most basic level, bank grade authentication is built around a simple concept
More informationPASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationPayment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.
Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.0 May 2012 Document Changes Date Version Author Description April 2009
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationDistributed Systems. Lecture 14: Security. Distributed Systems 1
06-06798 Distributed Systems Lecture 14: Security Distributed Systems 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More informationCSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Biometrics (Something You Are) Professor Lisa Luo Spring 2018 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors)
More informationEncryption of cardholder information. Torbjörn Lofterud Cybercom Sweden East AB.
Encryption of cardholder information Cybercom Sweden East AB 8/13/11 1 torbjorn.lofterud@cybercomgroup.com Information security consultant at Cybercom Sweden AB QSA PA-QSA PFI 8/13/11 2 PCI DSS Common
More informationContents. Cybercrime and Escalating Risks 3. PART 1 Crisis in Information Security 1 CHAPTER 1. Acknowledgments About the Editor About the Authors
Preface Acknowledgments About the Editor About the Authors xiv xviii xix xx PART 1 Crisis in Information Security 1 CHAPTER 1 Cybercrime and Escalating Risks 3 Expanding Global Cybersecurity Threats 4
More informationDistributed Systems. Lecture 14: Security. 5 March,
06-06798 Distributed Systems Lecture 14: Security 5 March, 2002 1 What is security? policies and mechanisms threats and attacks Overview Security of electronic transactions secure channels authentication
More informationCh 9: Mobile Payments. CNIT 128: Hacking Mobile Devices. Updated
Ch 9: Mobile Payments CNIT 128: Hacking Mobile Devices Updated 4-24-17 Current Generation Scenarios Mobile banking apps NFC-based or barcode-based payment apps used by consumers to purchase goods Premium-rated
More informationIDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller
IDCore Flexible, Trusted Open Platform financial services & retail enterprise > SOLUTION Government telecommunications transport Trusted Open Platform Java Card Alexandra Miller >network identity >smart
More informationInstructions. (For 6180 Industrial Computers) Installing a Processor Upgrade
Instructions (For 6180 Industrial Computers) This document describes how to remove or install a Pentium processor in the 6180 Industrial Computer. Processor specifications are also provided. Installing
More informationEncryption I. An Introduction
Encryption I An Introduction Reading List ADO and SQL Server Security A Simple Guide to Cryptography Protecting Private Data with the Cryptography Namespaces Using MD5 to Encrypt Passwords in a Database
More informationA Digital Signature Scheme using Diffie-Hellman Key Exchange
A Digital Signature Scheme using Diffie-Hellman Key Exchange Muhammad Fareed Uddin and Kashif Siddiqui SZABIST Karachi, Pakistan Abstract: The new age digital communication has drastically changed the
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More informationCryptography Security in E-Banking
IOSR Journal of Business and Management (IOSR-JBM) e-issn: 2278-487X, p-issn: 2319-7668 PP 33-37 www.iosrjournals.org Cryptography Security in E-Banking Uma Dixit Department of Mathematics, University
More informationCRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK
CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationBuilding on existing security
Building on existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang
More informationCryptographic Systems
CPSC 426/526 Cryptographic Systems Ennan Zhai Computer Science Department Yale University Recall: Lec-10 In lec-10, we learned: - Consistency models - Two-phase commit - Consensus - Paxos Lecture Roadmap
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationPro s and con s Why pins # s, passwords, smart cards and tokens fail
Current Authentication Methods Pro s and con s Why pins # s, passwords, smart cards and tokens fail IDENTIFYING CREDENTIALS In The Physical World Verified by Physical Inspection of the Credential by an
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationComputer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography
Chapter 7: Network security 15-441 Computer Networking Network Security: Cryptography, Authentication, Integrity Foundations: what is security? cryptography authentication message integrity key distribution
More informationJordan Levesque Making sure your business is PCI compliant
Jordan Levesque Making sure your business is PCI compliant Brief overview of PCIDSS What's new in PCI DSS 3.2 Why is PCI important? Dive in! Simple things you can do to be secure Tomorrows session: What
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationMobile Identity Management
Mobile Identity Management Outline Ideas Motivation Architecture Implementation notes Discussion Motivation 1 The mobile phone has become a highly personal device: Phonebook E-mail Music, videos Landmarks
More informationSecurity in ECE Systems
Lecture 11 Information Security ECE 197SA Systems Appreciation Security in ECE Systems Information security Information can be very valuable Secure communication important to protect information Today
More informationISSN: ISO 9001:2008 Certified International Journal of Engineering and Innovative Technology (IJEIT) Volume 3, Issue 10, April 2014
Two Way User Authentication Using Biometric Based Scheme for Wireless Sensor Networks Srikanth S P (Assistant professor, CSE Department, MVJCE, Bangalore) Deepika S Haliyal (PG Student, CSE Department,
More informationA simple approach of Peer-to-Peer E-Cash system
A simple approach of Peer-to-Peer E-Cash system Mr. Dharamvir, Mr. Rabinarayan Panda Asst. Professor, Dept. of MCA, The Oxford College of Engineering Bangalore, India. Abstract-With the popularization
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationThe Design of an Anonymous and a Fair Novel E-cash System
International Journal of Information & Computation Technology. ISSN 0974-2239 Volume 2, Number 2 (2012), pp. 103-109 International Research Publications House http://www. ripublication.com The Design of
More information(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography
Code No: RR410504 Set No. 1 1. Write short notes on (a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography 3. (a) Illustrate Diffie-hellman Key Exchange scheme for GF(P) [6M] (b) Consider
More informationAn Overview of Secure and Authenticated Remote Access to Central Sites
Workshop on Data Access to Micro-Data (WDA) Nuernberg, August 20-21 An Overview of Secure and Authenticated Remote Access to Central Sites Dr Milan Marković Banca Intesa ad Beograd, Serbia milan.markovic@bancaintesabeograd.com
More informationRajat Moona j CSE, IIT Kanpur October 11, Reach IIT K
Rajat Moona j CSE, IIT Kanpur October 11, 2010 Reach 2010 @ IIT K Identity Establishment Problem Smart Card Technology IIT Kanpur Contribution ID related applications DL/RC, MNIC, e Passport Protection
More informationUsing existing security infrastructures
Using existing security infrastructures Chris Mitchell Royal Holloway, University of London http://www.isg.rhul.ac.uk/~cjm 1 Acknowledgements This is joint work with Chunhua Chen and Shaohua Tang (South
More informationHow the world pays, now and in the future: The Global Payments Report. Ieuan Owen, SVP Strategy Worldpay ecom
How the world pays, now and in the future: The Global Payments Report Ieuan Owen, SVP Strategy Worldpay ecom What are our key findings? Improving what we call insight QBRs Case studies worldpay.com/global/insights
More informationConfiguring DHCP for ShoreTel IP Phones
Configuring DHCP for ShoreTel IP Phones Network Requirements and Preparation 3 Configuring DHCP for ShoreTel IP Phones The ShoreTel server provides the latest application software and configuration information
More informationCHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM
109 CHAPTER 6 EFFICIENT TECHNIQUE TOWARDS THE AVOIDANCE OF REPLAY ATTACK USING LOW DISTORTION TRANSFORM Security is considered to be the most critical factor in many applications. The main issues of such
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationGLOBAL MOBILE PAYMENT METHODS: FIRST HALF 2016
PUBLICATION DATE: OCTOBER 2016 PAGE 2 GENERAL INFORMATION I PAGE 3 KEY FINDINGS I PAGE 4-8 TABLE OF CONTENTS I PAGE 9 REPORT-SPECIFIC SAMPLE CHARTS I PAGE 10 METHODOLOGY I PAGE 11 RELATED REPORTS I PAGE
More information