authentication and transaction security in e-business€¦ · 1 next generation of access control...
TRANSCRIPT
![Page 1: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/1.jpg)
1
next generation of access control
Authentication and Transaction Security in E-Business
AXSionics AG, BFH Spin-off Park, Seevorstadt 103b, CH-2501 Biel-Bienne
Lorenz MüllerMobile: +41 79 341 03 26 [email protected]
![Page 2: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/2.jpg)
2
next generation of access control
Overview
Phising – what it is, how it works…Malware – a landscapeRole of authentication and transaction securityAuthentication with biometricsAXS Authentication SystemTM
![Page 3: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/3.jpg)
3
next generation of access control
Bank robbery – what is your style?
![Page 4: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/4.jpg)
4
next generation of access control
Old goals – new methods
Classical attackPersonal presenceHard workSingle copyLimited action rangeHigh riskHigh success rate is critical
Cyber attackRemote attackAvailable toolsAutomated industrial copiesWorldwide action rangeLow riskLow success rate is sufficient
The goal of most crimes is to get money!
![Page 5: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/5.jpg)
5
next generation of access control
Security $ 45Bil 19% CAGR (2007)
Market perspectives and indicators
Physical Access Control€ 2900 Mil 8-9 % CAGR- Building/facilities access- High-throughput access control
E-Business B2B (EU) € 1640 Bil 34 % CAGR (2007)
Logical Access Control€ 420 Mil 20 % CAGR- Extranet Access Management- Identity and Access Management
Transaction Security€ …. Mil … % CAGR- On-line contracts- Digital signatures- Secure payment
Logical & PhysicalAccess Control€ 500 Mil 15 % CAGR-Unified management & securitypolicies
Source: Gartner Group
![Page 6: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/6.jpg)
6
next generation of access control
Fraud Rate in the Cyber Space
US credit card based transactions: 2004
![Page 7: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/7.jpg)
7
next generation of access control
Fraud Types in non-physical interactions
US Federal Trade Commission’s:Top Categories in 2004 for Consumer Fraud Complaints
Source ISACA
![Page 8: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/8.jpg)
8
next generation of access control
Phising – what it is, how it works…
A few examplesHow to set-up a phising attackFacts and figuresThe business case
![Page 9: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/9.jpg)
9
next generation of access control
Phising Mail PayPal
![Page 10: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/10.jpg)
10
next generation of access control
![Page 11: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/11.jpg)
11
next generation of access control
![Page 12: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/12.jpg)
12
next generation of access control
MITM phising – how to set up the attack
![Page 13: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/13.jpg)
13
next generation of access control
Trojan horse phishing – how to set up the attack
Attacker
ClientBank Web
Server
2. Generate and send Spam mailsWith Trojan horse
FraudulentServer
1. Preparation- Fraudulent Server- Email addresses- Program Trojan horse- Hire money courier
Client logs to bank account
4. Trojaner manipulatestransaction data
Money courier
5. Transfer toMoney courier
6. Get money from courier
(Western Union)
3. Trojaner retrieves online instruction from fraudulent server
![Page 14: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/14.jpg)
14
next generation of access control
Trojan horse operates above TLS/SSL
[ID:1800 IP:200.165.211.68 12.10.2005 22:05:41]
check=1&PBLZ=32050000&KONTONUMMER=600000&kMH5LW0ai9k=FS911&javascript=1&Anmelden.x=32&Anmelden.y=7Ihr persönliches Finanzportal 32050000 - Microsoft Internet Explorer[-- bankingportal.sparkasse-krefeld.de/browserbanking/GvLogin --]
![Page 15: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/15.jpg)
15
next generation of access control
Exchanging entry fields in XML data
[ID:1800 IP:200.16[06/02/06] 15:23:49: [SKIPPED TAN] : 552484 URL: https://bankingportal.ksk-fds.de/banking/gvueberweisungtransaction; logindata: https://bankingportal.ksk-fds.de/banking/: check:1;kontonumber:900000;sklx64ehwdx:82827;javascript:1;x:39;y:11nn5.211.68 12.10.2005 22:05:41]
![Page 16: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/16.jpg)
16
next generation of access control
Phising: Statistical Highlights for May 2007
Number of unique phishing reports received in May: 23415 Number of unique phishing sites recorded in May: 37438 Number of brands hijacked by phishing campaigns in May: 149 Number of brands comprising the top 80% of phishing campaigns in May: 11 Country hosting the most phishing websites in May: United StatesContain some form of target name in URL: 15.5 % No hostname just IP address: 6 % Percentage of sites not using port 80: 1.1 % Average time online for site: 3.8 daysLongest time online for site: 30 days
Source: http://www.antiphishing.org
![Page 17: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/17.jpg)
17
next generation of access control
Number of attacks
![Page 18: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/18.jpg)
18
next generation of access control
Innovation is guaranteed
![Page 19: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/19.jpg)
19
next generation of access control
Surprise – it‘s not the Russian Mafia (alone)
![Page 20: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/20.jpg)
20
next generation of access control
Innovative methods – Trojan horses keyloggers
![Page 21: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/21.jpg)
21
next generation of access control
Attacks are well targeted
![Page 22: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/22.jpg)
22
next generation of access control
Why attackers do phising – the business case
Business Case:50 k Mails0.5-1 % sucess50 k$ revenueApprox. 40 k$ netto
![Page 23: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/23.jpg)
23
next generation of access control
Overall costs
25‘000 attacks / per month10 % successfulApprox. 50 k$ damage / successful attack125 Mio$ / month; approx. 1.5 Bill $ / year
Example: Nordea Bank, SwedenThomas Claburn (01/24/2007 6:00 PM EST)URL: http://www.eetimes.eu/scandinavia/197000422Cyber crime apparently pays quite well. Swedish bank Nordea has acknowledged that about 250 of its online banking customers have beenrobbed of about 8 million Swedish kronor -- roughly $1.14 million dollars -- as a result of a targeted phishing campaign.Customers were duped by a phishing scam coupled with a version of theHaxdoor Trojan installed on their computers.The attack took place over the past 15 months, according to Boo Ehlin, a spokesman for the bank. Swedish trade publication Computer Swedenreported that 121 people may have been involved in carrying out the attack, but Ehlin could not confirm that figure. The article identified Russian cyberthieves as being behind the attack.
![Page 24: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/24.jpg)
24
next generation of access control
Malware – a landscape
Taxonomy and definitionsTools and methodsHow attackers make moneyAttacks on E-business and E-transactions
![Page 25: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/25.jpg)
25
next generation of access control
Malware and crimeware
Malware is unwanted software running on a user’s computer thatperforms malicious actions. It encompasses among others
Adware (malicious but legal)
Spyware (malicious in a legal grey zone)
Viruses, Worms (destructive without commercial purposes)
Crimeware
Crimeware is software that performs illegal actions unanticipatedby a user running the software, which are intended to yieldfinancial benefits to the distributor of the software.
Source: The Crimeware Landscape: Malware, Phishing, Identity Theft and BeyondA Joint Report of the US Department of Homeland Security – SRI International Identity Theft Technology Council andthe Anti-Phishing Working Group. October, 2006
![Page 26: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/26.jpg)
26
next generation of access control
Distribution of crimeware
Crimeware is distributed via many mechanisms, including:Social engineering attacks convincing users to open a malicious
email attachment containing crimeware;
Injection of crimeware into legitimate web sites via content
injection attacks such as cross-site scripting;
Exploiting security vulnerabilities through worms and other
attacks on security flaws in operating systems, browsers, and
other commonly installed software;
Insertion of crimeware into downloadable software that
otherwise performs a desirable function.
![Page 27: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/27.jpg)
27
next generation of access control
Aim of crimeware
Crimeware can be used in many ways, including:Theft of personal information for fraudulent use and/or resale on a secondary market (as in a “phishing” attack);Theft of trade secrets and/or intellectual property, bycommission, or for sale, blackmail or embarrassment;Distributed denial-of-service attacks launched in furtherance of online extortion schemes;Spam transmission;“Click fraud” that generates revenues by simulating traffic to online advertisements;“Ransomware” that encrypts data and extorts money from thetarget to restore it; Perform or support man-in-the-middle attack;Manipulation of data in sensitive transactions;
![Page 28: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/28.jpg)
28
next generation of access control
Transaction triangle in E-business - attacks
010101001101111001001
010101001101111001001
Identity theft Transaction manipulation
Denial of Service
![Page 29: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/29.jpg)
29
next generation of access control
The role of authentication and transaction security
The weak spots in E-business schemesDefense in depthRaising the thresholdThe AXS-AS approach
![Page 30: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/30.jpg)
30
next generation of access control
Attacks on the E-business transaction
![Page 31: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/31.jpg)
31
next generation of access control
Defense in depth
![Page 32: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/32.jpg)
32
next generation of access control
Raising the threshold
Comfort• mobility, • convenience
SecurityStrong Authentication, Transaction signing
SSL / T
LS
(Cre
dit C
ard)
static
PW
One-tim
e PW
(TAN, iT
AN)
Short
time P
W
(timer
base
d)
Short
Time P
W
(chall
enge
base
d)
Certifi
cate
(soft t
oken
PKI)
SSL / T
LS
Hard T
oken
PKI
Hard T
oken
PKI o
n
truste
d plat
form
Perso
nal c
ontac
t
Spyware attacks (today)
Offline phishingattacks (today)
online channel breaking attack boundary
offline credential stealing attack boundary
Personal Token Cluster
Transaction Signing
Strong Authentication
![Page 33: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/33.jpg)
33
next generation of access control
Ergonomic and economic constraints
No local installtions on client IAD (Internet Access Device)Price must be at least as low as SMC-ReaderUser-Side Identity Management (individual federation)Full mobility (must work everywhere)Non disclosure of private data (biometrics)Simple to operate, easy to roll out
![Page 34: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/34.jpg)
34
next generation of access control
Authentication with biometrics
Authentication factorsBiometricsErrors in biometric applicationEncapsulated biometrics
![Page 35: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/35.jpg)
35
next generation of access control
Three factors for authentication
![Page 36: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/36.jpg)
36
next generation of access control
Biometric System
Definition:„Biometrics is a pattern recognition system that recognizes persons by some characteristic physiologic or behaviorist features.“
Attribute: mandatoryUniversal: All persons have the featureDistinctive: Each person has a distinct featureLong lived: Features are invariant over the timeMeasurable: Feature can be measured
Attribute: optionalQuality: Feature is simple to measure, separates maximalAcceptance: Persons are willing to accept the measurementFraud: It is difficult to fool the measurement system
![Page 37: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/37.jpg)
37
next generation of access control
Overview on common biometric features
Physiological featuresFinger printIrisRetinaVeinsPalmFaceEar formFinger geometriesDNA, ProteinOdorTemperature image (hand, face)Lip printTeeth bit…….
Behaviorist featuresVoiceHand writingHand movement dynamicsGaitKeyboard pressure dynamicsGrip………
![Page 38: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/38.jpg)
38
next generation of access control
Market Share by Technology
![Page 39: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/39.jpg)
39
next generation of access control
Unique role of biometrics
Cooperative Authentication
The user has an interest that his identity is verified
Typical applications are:E-bankingE-votingRemote accessE-business
Non-cooperative Authentication
Operator has to proof the identityUsers hides his true identity
Typical applications are:Remote Database accessOnline value services, e.g. e-UniversityAdult services / online lotteriesIdentification cardaccess to social security / health servicesforensics
2 or 3 factor Authentication with biometrics
1 / 2 or 3 factor Authentication
![Page 40: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/40.jpg)
40
next generation of access control
Two modes of operation: identification, verification
![Page 41: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/41.jpg)
41
next generation of access control
Biometric comparison process
![Page 42: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/42.jpg)
42
next generation of access control
Exampel – Fingerprint Feature Extraction (processing)
Ridge direction field
Binarization Scelet extraction Feature extractionMinutiae
Fingerprint recording Image quality enhancement
![Page 43: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/43.jpg)
43
next generation of access control
Matching (Minutia)
![Page 44: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/44.jpg)
44
next generation of access control
Matching: 2. geometrical
![Page 45: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/45.jpg)
45
next generation of access control
Match (1)
![Page 46: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/46.jpg)
46
next generation of access control
Matching score distributions, threshold, error rates
Freq
uenc
y de
nsity
![Page 47: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/47.jpg)
47
next generation of access control
FRR, FAR, EER, ROC-curve
0.00001
0.0001
0.001
0.01
0.1
1
0.00001 0.0001 0.001 0.01 0.1 1
FMR
FNM
R ROCEER
![Page 48: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/48.jpg)
48
next generation of access control
Errors are not so well defined
-0.2 -0.1 0.1 0.2dc'
-0.2
-0.1
0.1
0.2
dy'
B
C
A
D
![Page 49: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/49.jpg)
49
next generation of access control
Central or distributed biometric systems are vulnerable
Verification / Identification
Biometric Application System
MatchIdentityData
IdentityData
Extract
Capture
Template Database
Biometric Character-
istic
Subject
Identity claim
Score threshold
Pre-Processing
Feature Extraction
Raw data
Comparison
QueryTemplateTemplate
creation
Reference template
IdentityData
IdentityCredential
Verification
Identification
Physical signal presentation
Measurement
IdentityDatabase Verification mode
Enrollment
Authentication
Imposter CollusionSocial Engineering
Fake biometrics
Data Insertion
Replay
Enrolment collusion
Template stealing
Template Replacement
Insider Manipulation
Imposter fakes FTE
Misidentification of user
Imposter changes policy
System tampering (SW/HW)
Imposter takes session over
Comparisondecision
![Page 50: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/50.jpg)
50
next generation of access control
Reduced attack points with ‚encapsulated biometrics‘
Biometric system in one tamper resistant device-Delivered by operator that controls processing-Hold by user that controls his biometric data
![Page 51: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/51.jpg)
51
next generation of access control
AXS-Authentication SystemTM
ArchitectureKey innovations – the advantagesDemo
![Page 52: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/52.jpg)
52
next generation of access control
AXS – Authentication SystemTM approach
Replace client computerby a secure token
![Page 53: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/53.jpg)
53
next generation of access control
AXS-Authentication System – Positioning
Comfort• mobility, • convenience
SecurityStrong Authentication, Transaction signing
SSL / T
LS
(Cre
dit C
ard)
static
PW
One-tim
e PW
(TAN, iT
AN)
Short
time P
W
(timer
base
d)
Short
Time P
W
(chall
enge
base
d)
Certifi
cate
(soft t
oken
PKI)
SSL / T
LS
Hard T
oken
PKI
Hard T
oken
PKI o
n
truste
d plat
form
Perso
nal c
ontac
t
troyan horses attacks (today)
phishing attacks (today)
online channel breaking attack boundary
offline credential stealing attack boundary
Personal Token Cluster
Transaction Signing
Strong Authentication
![Page 54: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/54.jpg)
54
next generation of access control
The Internet Passport™convenient security – for everyone, anywhere
FingerprintSweep Sensor
Display 6 optical sensors
Secure chip withmultiple personal keys
USB-Interfacefor recharging
![Page 55: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/55.jpg)
55
next generation of access control
User authenticates himself to his personal “Internet Passport™” through the biometric sweep sensor
01001101001100101010100101010101010111011010100101010101010111010010100001100101
Trusted transition from the physical to the digital identity1
1
Biometricverification occursinside the IPP
Biometric data never leaves the token Link to digital identity highly secured
![Page 56: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/56.jpg)
56
next generation of access control
The service provider sends a code backthrough the optical interface
End-to-end connection security check 2
01001101001100101010100101010101010111011010100101010101010111010010100001100101
Optical interface -from any screen
Optical communication interface enables downwards communication - anytime, everywhereStrong encryption used for the Flickercode
Flickercode
2 2
![Page 57: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/57.jpg)
57
next generation of access control
Convenient use of “The Internet Passport” enables convergence of logical and physical access
Optical Interface
NFC RFID
USB-Interface
Payment @ POS Building Access / e-ticketing
e-transactions, strong authentication
Specific Smart Card application
Logical Access / Applicatoins
Physical Access / Applications
![Page 58: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/58.jpg)
58
next generation of access control
Multiple personal keys enable to share the costof infrastructure amongst several providers
Bank A Insurance A
Corporate Ae-biz 1
Corporate B
e-biz n
AXSionics AuSP one card
multiple providerno passwords
just convenience
Issuer and/orAuthentication
Service Provider
Card belongs to the Infrastructure of the
Issuer
![Page 59: Authentication and Transaction Security in E-Business€¦ · 1 next generation of access control Authentication and Transaction Security in E-Business AXSionics AG, BFH Spin-off](https://reader034.vdocuments.us/reader034/viewer/2022051606/60287279d17f2a2d0c334cab/html5/thumbnails/59.jpg)
59
next generation of access control
Demo and conclusion
Major concerns of the E-societyEndpoint authenticationTransaction securityReliable and privacy respecting identity managementCredential proliferation for every user
SolutionsStrong 3-factor link between person and his digital credentialsCryptographic secured channel between server and userEncapsulated biometricsUser Side Identity Management assistantPersonal identity federation