SlideShare une entreprise Scribd logo
1  sur  14
SECURE INTERNET
BANKING
AUTHENTICATION

AARTHI KANNAPPAN
DHIVYAA.R
MAHA LAKSHMI.S
Network Security

Offline cre
tion
c
dential
odu
tr
In
Attacks on
Onl
Sho
ine
rt t
authentication
ime
cha
pwd
n
tives
objec

nel

Abstract

Conclusion

tack
At

omy
xon
ta

e bas
t
rtifica
Ce

l u ti o n
ed so
2
PRESENTATION
OBJECTIVES

 Understand network security services
 Be aware of vulnerabilities and threats
 Realize why network security is necessary
 Highly attractive solution for valuable and
secure future.
3
ABSTRACT
The authors present two challenge response Internet
banking authentication solutions
 one based on short-time passwords
 and one on certificates
attacks on authentication
transaction-signing option

4
INTRODUCTION


The Internet is an integral part of our
daily lives, and the proportion of people
who expect to be able to manage their
bank accounts anywhere, anytime is
constantly growing
 This article describes current
Authentication threats and two proposed
solutions as well as how these solutions
can be extended in the face of more
complex future attacks
5
ATTACKS ON AUTHENTICATION
 Internet banking systems must

authenticate users before granting
them access to particular services.
 successful authentication
eventually enables users to access
their private information. We can
classify all Internet banking
authentication methods according
to their resistance to two types of
common attacks

 offline credential-stealing
attacks
 online channel-breaking
attacks
6
Offline credential-stealing attacks
 Security precautions can
help users protect
themselves from
malicious software.
 For example-- installing
and maintaining a
firewall and up-to date
antivirus software,
regularly applying
operating system and
browser patches
7
Online channel-breaking attack
 The intruder noticeably
intercepts messages between
the client PC and the
banking server by
masquerading as the server
to the client and vice versa
 Online channel-breaking
attacks don’t necessarily
compromise the user’s
credentials but the
session’s credentials and
therefore typically require
the user-initiated banking
session to work properly.

8
AN ATTACK TAXONOMY

Taxonomy of Internet banking authentication methods. Methods
are classified according to their resistance against offline
credential-stealing and online channel-breaking attacks .

9
SHORT-TIME PASSWORD
SOLUTION
 It uses symmetric cryptography in combination with a hardware
security module .
User authentication works as follows:
1. The user connects to the Internet banking
2. The user claims his or her identity by entering an account number
in the bank’s login form
3. The user opens his or her smart card by entering the corresponding
PIN in the reader before entering the given challenge.
4. The user manually copies the shown response to the bank’s login
form to be checked by the bank’s authentication server.
10
The Need for Web Security

11
CERTIFICATE-BASED SOLUTION
User authentication works as
follows.
 First, the user establishes an
SSL/TLS channel between
the user PC and
the bank’s Web server by
setting up an SSL/TLS
session without client
authentication.
Once the card is available,
its certificates become visible
in the Web browser.
12
Conclusion
Internet banking has turned into
an arms race between financial
institutions and public network
attackers.
Both solutions offer high
security against common attacks.
However, changing legislation
and the eventually spread of e-IDs
among customers makes this
solution a highly attractive and
valuable alternative for the future.
13
THANK YOU
Network
security!!!!!!!!

14

Contenu connexe

En vedette

Social Stream Draft v1 Duy Doan
Social Stream Draft v1 Duy DoanSocial Stream Draft v1 Duy Doan
Social Stream Draft v1 Duy Doan
Tai Tran
 
C:\Users\Javi\Documents\Documentos De Word Javi\Lola\Treball Cartes Dhivern P...
C:\Users\Javi\Documents\Documentos De Word Javi\Lola\Treball Cartes Dhivern P...C:\Users\Javi\Documents\Documentos De Word Javi\Lola\Treball Cartes Dhivern P...
C:\Users\Javi\Documents\Documentos De Word Javi\Lola\Treball Cartes Dhivern P...
conselleria educacion
 
RMIT Vietnam - Managerial Finance - Efficient Market Hypothesis - Week 9
RMIT Vietnam - Managerial Finance - Efficient Market Hypothesis - Week 9RMIT Vietnam - Managerial Finance - Efficient Market Hypothesis - Week 9
RMIT Vietnam - Managerial Finance - Efficient Market Hypothesis - Week 9
Tai Tran
 
Hist Petr Expl U of Myanmar_SEAPEXhouston23Jun2016pptx
Hist Petr Expl U of Myanmar_SEAPEXhouston23Jun2016pptxHist Petr Expl U of Myanmar_SEAPEXhouston23Jun2016pptx
Hist Petr Expl U of Myanmar_SEAPEXhouston23Jun2016pptx
Scott E Thornton
 

En vedette (20)

What’s new with Windows Azure / Karl Ots @ AppTalk Tampere
What’s new with Windows Azure / Karl Ots @ AppTalk TampereWhat’s new with Windows Azure / Karl Ots @ AppTalk Tampere
What’s new with Windows Azure / Karl Ots @ AppTalk Tampere
 
Holly qur'an
Holly qur'anHolly qur'an
Holly qur'an
 
Social Stream Draft v1 Duy Doan
Social Stream Draft v1 Duy DoanSocial Stream Draft v1 Duy Doan
Social Stream Draft v1 Duy Doan
 
PLC
PLCPLC
PLC
 
Retirement Plans: 10 Things You Should Know
Retirement Plans: 10 Things You Should KnowRetirement Plans: 10 Things You Should Know
Retirement Plans: 10 Things You Should Know
 
C:\Users\Javi\Documents\Documentos De Word Javi\Lola\Treball Cartes Dhivern P...
C:\Users\Javi\Documents\Documentos De Word Javi\Lola\Treball Cartes Dhivern P...C:\Users\Javi\Documents\Documentos De Word Javi\Lola\Treball Cartes Dhivern P...
C:\Users\Javi\Documents\Documentos De Word Javi\Lola\Treball Cartes Dhivern P...
 
Geotermikus energia projektek Toskánában és Magyarországon
Geotermikus energia projektek Toskánában és MagyarországonGeotermikus energia projektek Toskánában és Magyarországon
Geotermikus energia projektek Toskánában és Magyarországon
 
St.George's Acquisition by Westpac Analysis
St.George's Acquisition by Westpac AnalysisSt.George's Acquisition by Westpac Analysis
St.George's Acquisition by Westpac Analysis
 
Campbell River Community Meeting October 22, 2013
Campbell River Community Meeting October 22, 2013Campbell River Community Meeting October 22, 2013
Campbell River Community Meeting October 22, 2013
 
RMIT Vietnam - Managerial Finance - Efficient Market Hypothesis - Week 9
RMIT Vietnam - Managerial Finance - Efficient Market Hypothesis - Week 9RMIT Vietnam - Managerial Finance - Efficient Market Hypothesis - Week 9
RMIT Vietnam - Managerial Finance - Efficient Market Hypothesis - Week 9
 
How to use Facebook as a Social Customer Relationship Management tool for FREE
How to use Facebook as a Social Customer Relationship Management tool for FREEHow to use Facebook as a Social Customer Relationship Management tool for FREE
How to use Facebook as a Social Customer Relationship Management tool for FREE
 
Geothermal Energy Potential - Oregon
Geothermal Energy Potential - OregonGeothermal Energy Potential - Oregon
Geothermal Energy Potential - Oregon
 
New Word Formation
New Word FormationNew Word Formation
New Word Formation
 
Geothermal Energy Potential - Nevada
Geothermal Energy Potential - NevadaGeothermal Energy Potential - Nevada
Geothermal Energy Potential - Nevada
 
La influencia de la literatura universal en los videojuegos
La influencia de la literatura universal en los videojuegosLa influencia de la literatura universal en los videojuegos
La influencia de la literatura universal en los videojuegos
 
C1 Guðjón Helgi Eggertsson
C1 Guðjón Helgi Eggertsson C1 Guðjón Helgi Eggertsson
C1 Guðjón Helgi Eggertsson
 
C1 Knútur Árnason
C1 Knútur ÁrnasonC1 Knútur Árnason
C1 Knútur Árnason
 
La mitología en las sagas de Percy Jackson y los dioses del Olimpo y Los héro...
La mitología en las sagas de Percy Jackson y los dioses del Olimpo y Los héro...La mitología en las sagas de Percy Jackson y los dioses del Olimpo y Los héro...
La mitología en las sagas de Percy Jackson y los dioses del Olimpo y Los héro...
 
C2 Doyeon Kim
C2 Doyeon KimC2 Doyeon Kim
C2 Doyeon Kim
 
Hist Petr Expl U of Myanmar_SEAPEXhouston23Jun2016pptx
Hist Petr Expl U of Myanmar_SEAPEXhouston23Jun2016pptxHist Petr Expl U of Myanmar_SEAPEXhouston23Jun2016pptx
Hist Petr Expl U of Myanmar_SEAPEXhouston23Jun2016pptx
 

Similaire à NetworkSecurity.ppt (20)

NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
NetworkSecurity.ppt
NetworkSecurity.pptNetworkSecurity.ppt
NetworkSecurity.ppt
 
sample.ppt
sample.pptsample.ppt
sample.ppt
 
PPT
PPTPPT
PPT
 
sad
sadsad
sad
 
one
oneone
one
 

Plus de plutoone TestTwo (20)

Sam_V01.ppt
Sam_V01.pptSam_V01.ppt
Sam_V01.ppt
 
Scare at 13:59
Scare at 13:59Scare at 13:59
Scare at 13:59
 
Presentation1.PPTX
Presentation1.PPTXPresentation1.PPTX
Presentation1.PPTX
 
Presentation1.PPTX
Presentation1.PPTXPresentation1.PPTX
Presentation1.PPTX
 
Presentation1.PPTX
Presentation1.PPTXPresentation1.PPTX
Presentation1.PPTX
 
Effective_presentation.ppt
Effective_presentation.pptEffective_presentation.ppt
Effective_presentation.ppt
 
Effective_presentation.ppt
Effective_presentation.pptEffective_presentation.ppt
Effective_presentation.ppt
 
Effective_presentation.ppt
Effective_presentation.pptEffective_presentation.ppt
Effective_presentation.ppt
 
from app
from appfrom app
from app
 
example.pdf
example.pdfexample.pdf
example.pdf
 
7.2edited
7.2edited7.2edited
7.2edited
 
LAtest Doc
LAtest DocLAtest Doc
LAtest Doc
 
hello plutoone
hello plutoonehello plutoone
hello plutoone
 
plutoone channel
plutoone channelplutoone channel
plutoone channel
 
Document.docx.docx
Document.docx.docxDocument.docx.docx
Document.docx.docx
 
format.txt.txt
format.txt.txtformat.txt.txt
format.txt.txt
 
Presentation1.PPTX
Presentation1.PPTXPresentation1.PPTX
Presentation1.PPTX
 
Sample.ppt
Sample.pptSample.ppt
Sample.ppt
 
newdocument.txt
newdocument.txtnewdocument.txt
newdocument.txt
 
Presentation1.PPTX
Presentation1.PPTXPresentation1.PPTX
Presentation1.PPTX
 

Dernier

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...Workshop - Best of Both Worlds_ Combine  KG and Vector search for  enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

NetworkSecurity.ppt

  • 2. Network Security Offline cre tion c dential odu tr In Attacks on Onl Sho ine rt t authentication ime cha pwd n tives objec nel Abstract Conclusion tack At omy xon ta e bas t rtifica Ce l u ti o n ed so 2
  • 3. PRESENTATION OBJECTIVES  Understand network security services  Be aware of vulnerabilities and threats  Realize why network security is necessary  Highly attractive solution for valuable and secure future. 3
  • 4. ABSTRACT The authors present two challenge response Internet banking authentication solutions  one based on short-time passwords  and one on certificates attacks on authentication transaction-signing option 4
  • 5. INTRODUCTION  The Internet is an integral part of our daily lives, and the proportion of people who expect to be able to manage their bank accounts anywhere, anytime is constantly growing  This article describes current Authentication threats and two proposed solutions as well as how these solutions can be extended in the face of more complex future attacks 5
  • 6. ATTACKS ON AUTHENTICATION  Internet banking systems must authenticate users before granting them access to particular services.  successful authentication eventually enables users to access their private information. We can classify all Internet banking authentication methods according to their resistance to two types of common attacks  offline credential-stealing attacks  online channel-breaking attacks 6
  • 7. Offline credential-stealing attacks  Security precautions can help users protect themselves from malicious software.  For example-- installing and maintaining a firewall and up-to date antivirus software, regularly applying operating system and browser patches 7
  • 8. Online channel-breaking attack  The intruder noticeably intercepts messages between the client PC and the banking server by masquerading as the server to the client and vice versa  Online channel-breaking attacks don’t necessarily compromise the user’s credentials but the session’s credentials and therefore typically require the user-initiated banking session to work properly. 8
  • 9. AN ATTACK TAXONOMY Taxonomy of Internet banking authentication methods. Methods are classified according to their resistance against offline credential-stealing and online channel-breaking attacks . 9
  • 10. SHORT-TIME PASSWORD SOLUTION  It uses symmetric cryptography in combination with a hardware security module . User authentication works as follows: 1. The user connects to the Internet banking 2. The user claims his or her identity by entering an account number in the bank’s login form 3. The user opens his or her smart card by entering the corresponding PIN in the reader before entering the given challenge. 4. The user manually copies the shown response to the bank’s login form to be checked by the bank’s authentication server. 10
  • 11. The Need for Web Security 11
  • 12. CERTIFICATE-BASED SOLUTION User authentication works as follows.  First, the user establishes an SSL/TLS channel between the user PC and the bank’s Web server by setting up an SSL/TLS session without client authentication. Once the card is available, its certificates become visible in the Web browser. 12
  • 13. Conclusion Internet banking has turned into an arms race between financial institutions and public network attackers. Both solutions offer high security against common attacks. However, changing legislation and the eventually spread of e-IDs among customers makes this solution a highly attractive and valuable alternative for the future. 13

Notes de l'éditeur

  1. This sub-section addresses why Internet security is a problem and how it came to be that we are depending on an infrastructure with fundamental vulnerabilities.
  2. Confidentiality Integrity Authentication Ensures that the origin of a message is correctly identified, with an assurance that the identity is not false Nonrepudiation Neither the sender nor the receiver of a message is able to deny the transmission Access Control Availability