rp2 online banking attacks defences
play

RP2 Online Banking: Attacks & Defences Dominic van den Ende, - PowerPoint PPT Presentation

Aug 21, 2023 •202 likes •440 views

Outline Introduction Research Analysis Questions Conclusion RP2 Online Banking: Attacks & Defences Dominic van den Ende, Tom Hendrickx University of Amsterdam Master of Science in System and Network Engineering Class of 2008-2009

  1. Outline Introduction Research Analysis Questions Conclusion RP2 Online Banking: Attacks & Defences Dominic van den Ende, Tom Hendrickx University of Amsterdam Master of Science in System and Network Engineering Class of 2008-2009 July 1, 2009 Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  2. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Research questions Examine the current used models of authentication and consider their strengths and flaws. Which methods can be used in one of the three different layers of security and compare them on points such as maturity, potential and effectivity. Propose new models, based on known elements in combination with the new found methods for a more secure level of authentication. Make a proposition of a balanced model and analyse this architecture against current trojans and speculate how future trojans may evolve if confronted with this new architecture. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  3. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Research questions Examine the current used models of authentication and consider their strengths and flaws. Which methods can be used in one of the three different layers of security and compare them on points such as maturity, potential and effectivity. Propose new models, based on known elements in combination with the new found methods for a more secure level of authentication. Make a proposition of a balanced model and analyse this architecture against current trojans and speculate how future trojans may evolve if confronted with this new architecture. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  4. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Research questions Examine the current used models of authentication and consider their strengths and flaws. Which methods can be used in one of the three different layers of security and compare them on points such as maturity, potential and effectivity. Propose new models, based on known elements in combination with the new found methods for a more secure level of authentication. Make a proposition of a balanced model and analyse this architecture against current trojans and speculate how future trojans may evolve if confronted with this new architecture. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  5. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Research questions Examine the current used models of authentication and consider their strengths and flaws. Which methods can be used in one of the three different layers of security and compare them on points such as maturity, potential and effectivity. Propose new models, based on known elements in combination with the new found methods for a more secure level of authentication. Make a proposition of a balanced model and analyse this architecture against current trojans and speculate how future trojans may evolve if confronted with this new architecture. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  6. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Level of fraud Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  7. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Two-factor authentication First factor: Something you know. Second factor: Something you have. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  8. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Current danger: Man-in-the-Browser attacks Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  9. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Current danger: Man-in-the-Browser attacks Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  10. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Out-of-band control and authentication "ABN AMRO" model: E.dentifier2 "ING" model: SMS messages Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  11. Outline Introduction Research Multi-layer security Analysis Next generation models Questions Conclusion Multi-layer security Layer I: End-user PC Layer II: Extra out-of-band authentication Layer III: Back-office monitoring Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  12. Outline Introduction Research Multi-layer security Analysis Next generation models Questions Conclusion Multi-layer security Layer I: End-user PC Layer II: Extra out-of-band authentication Layer III: Back-office monitoring Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  13. Outline Introduction Research Multi-layer security Analysis Next generation models Questions Conclusion Multi-layer security Layer I: End-user PC Layer II: Extra out-of-band authentication Layer III: Back-office monitoring Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  14. Outline Introduction Research Multi-layer security Analysis Next generation models Questions Conclusion Next generation models Model 1: Thin server-side virtual machine Username Challenge-response token Secure environment Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  15. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion The most balanced model Compare models using the following: Cost overview User convenience & Security Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  16. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Estimated cost overview Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  17. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Convenience & Security overview Security questions The number of attacks it does not counter Degree of difficulty to perform possible attacks User skill-level/awareness dependence Maturity Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  18. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Convenience & Security overview Some of the user convenience questions The number of steps / operations for the customer The time needed to login and make a transaction The number of physical items to keep The familiarity with the solutions (by other sites / banks) Is the solution "perceived" to be secure Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  19. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Convenience & Security overview Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  20. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Future malware threats Man-in-the-Middle Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  21. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Server side VM-model: Future malware threats Man-in-the-Middle Large scale attack will be very difficult Connection speed Application reaction time span Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  22. Outline Introduction Research Analysis Questions Conclusion Questions Any questions? Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  23. Outline Introduction Research Analysis Questions Conclusion Conclusion Most of the current models not protected against Man-in-the-Browser Thin server-side virtual machine : Our most balanced model Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Year's Evolution in Attacks Against Online Banking Customers Matthew W A Pemble Information

A Year's Evolution in Attacks Against Online Banking Customers Matthew W A Pemble Information

A Year's Evolution in Attacks Against Online Banking Customers Matthew W A Pemble Information Security Crystal Ball 29 th June 2006 Group Security & Fraud Phishing, Trojans & other scams Despite appearances banks are actually (ish)

351 views • 24 slides
Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT Advise Assure 2 Agenda/topics covered Threat overview Advanced User Enumeration and DDoS Trading Turret and Timing Attacks Internal and External User

365 views • 35 slides
Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100

Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100

Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100 cities and towns Otkritie Bank B&N bank Promsvyazbank Metallinvestbank Alfa-bank Baikalinvestbank Absolut Bank SME bank Sberbank Raifazzen

343 views • 7 slides
Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability Gap in Online Banking NSPW Presentation - Sep 19, 2007 Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van Oorschot Carleton University Mohammad Mannan Sep 19, 2007 1 Security

544 views • 22 slides
I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November

I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November

I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November 20, 2007 Beta Test Report 15 beta-sites testing with credit union staff Community GR Family Onaway CorePlus Kenowa

746 views • 20 slides
HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it

HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it

HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it can be tricky to describe Trustly on your site, so weve created this best practices handbook to help you out. The tips here will aid you in

171 views • 5 slides
Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer

Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer

Over-the-Air Cross-platform Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer Institute for Secure Information Technology/CASED, Germany Joint work with Lucas Davi Ahmad-Reza Sadeghi Christopher

482 views • 33 slides
Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de

Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de

Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de in Czec ech h Repu public Fo Foun unded ded in 2015 15 Active on 4 continents by former Ethical Hackers 50 50+ Exper erts s 20+ million

558 views • 17 slides
On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit rates computation based on event processing. An Idea by David Luckham, Stanford University, and CITT. Daniel Jobst, Benjamin Gebauer, Thomas Schfer,

311 views • 6 slides
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem , Apratim Bhattacharya, Michael Backes Mario Fritz,Yang Zhang CISPA Helmholtz Center for Information Security, Max Planck Institute for Informatics 1

568 views • 20 slides
A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018

A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018

Marcello Messori (SEP-LUISS) The role of the ESM in a deepening EMU: A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018 Outline Rolf Strauchs presentation a number of stimulating suggestions:

285 views • 5 slides
How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November 2014 B-Sides Vienna Sebastian Bachmann & Tibor Eli as How we hacked Online Banking Malware 22. November 2014 1 / 55 About Us About:

576 views • 55 slides
THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking) Regulations 2016 Presentation to Parliament by The Honourable Audley Shaw CD, MP. Minister of Finance and the Public Service

435 views • 6 slides
PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING SPEAKER PROFILE 1. Started in Conventional Banking Sales for OCBC Bank Retail, Business Banking and Corporate Banking, Kuala Lumpur Main Branch

830 views • 26 slides
The Future of Online Banking Amidst Crises The Enhanced Community Quarantine (ECQ) disrupting

The Future of Online Banking Amidst Crises The Enhanced Community Quarantine (ECQ) disrupting

The Future of Online Banking Amidst Crises The Enhanced Community Quarantine (ECQ) disrupting businesses and consumers E-learning for students Home Mandatory work from home Quarantine Closure of non-essential shops No work

217 views • 7 slides
Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide Balzarotti, Engin Kirda, Calton Pu Motivations Social Networks have experienced a huge surge in popularity Facebook has more than 500

336 views • 20 slides
A CONTINUUM DAMAGE MODEL FOR COMPOSITE LAMINATED STRUCTURES SUBMITTED TO STATIC AND FATIGUE

A CONTINUUM DAMAGE MODEL FOR COMPOSITE LAMINATED STRUCTURES SUBMITTED TO STATIC AND FATIGUE

18 TH INTERNATIONAL CONFERENCE ON COMPOSITE MATERIALS A CONTINUUM DAMAGE MODEL FOR COMPOSITE LAMINATED STRUCTURES SUBMITTED TO STATIC AND FATIGUE LOADINGS P. Nimdum 1* , J. Renard 1* 1 Mines-Paris Tech, CNRS UMR 7633, BP 87, F-91003 Evry, Cedex *

321 views • 6 slides
(IoT) and the Future of Property Management By Nardo Snyman What is IOT? IoT is short for

(IoT) and the Future of Property Management By Nardo Snyman What is IOT? IoT is short for

Internet of Things (IoT) and the Future of Property Management By Nardo Snyman What is IOT? IoT is short for Internet of Things . The Internet of Things refers to the ever-growing network of physical objects that feature an IP address

483 views • 32 slides
1 11/05/2016 18:35 Strong recovery in Q4 post cyber attack Lowest ever churn Flat net

1 11/05/2016 18:35 Strong recovery in Q4 post cyber attack Lowest ever churn Flat net

1 11/05/2016 18:35 Strong recovery in Q4 post cyber attack Lowest ever churn Flat net adds Strongest quarter of RGU growth +148k FY EBITDA 260m in line with guidance; material step up in H2 margin to 18.4% Reiterating FY17

651 views • 43 slides
A Framework for Analyzing the Effects of Interruptions of Online Assessment Joseph Martineau

A Framework for Analyzing the Effects of Interruptions of Online Assessment Joseph Martineau

A Framework for Analyzing the Effects of Interruptions of Online Assessment Joseph Martineau Senior Associate June 22, 2016 1 Based on a Paper Prepared for CCSSO Available on the web from: CCSSO The Center for Assessment Martineau,

281 views • 24 slides
Zelin.io ZBS: Converged Openstack Infrastructure Made Simple Wenhao Xu wenhao@zelin.io VM VM

Zelin.io ZBS: Converged Openstack Infrastructure Made Simple Wenhao Xu wenhao@zelin.io VM VM

Zelin.io ZBS: Converged Openstack Infrastructure Made Simple Wenhao Xu wenhao@zelin.io VM VM VM VM VM VM VM VM VM VM VM VM KVM/VMware KVM/VMware KVM/VMware Server Server Server Data corruption Hard to do capacity planning

281 views • 13 slides
Dell to Acquire Wyse Technology Dave Johnson Jeff Clarke SVP, Corporate Strategy, Dell Inc. Vice

Dell to Acquire Wyse Technology Dave Johnson Jeff Clarke SVP, Corporate Strategy, Dell Inc. Vice

Dell to Acquire Wyse Technology Dave Johnson Jeff Clarke SVP, Corporate Strategy, Dell Inc. Vice Chairman, Global Operations and End User Computing Solutions, Dell Inc. Rob Williams Tarkan Maner Vice President, Investor Relations, Dell Inc.

137 views • 9 slides
Ipswich Public School FY 18 Budget Presentation Mobilizing Thinkers School Committee

Ipswich Public School FY 18 Budget Presentation Mobilizing Thinkers School Committee

Ipswich Public School FY 18 Budget Presentation Mobilizing Thinkers School Committee Presentation February 1, 2017 Introduction Mobilizing Thinkers Video Five Year Budget Plan Priorities Doyon & Winthrop Middle School

632 views • 30 slides
www.itgonline.com 1984 - 2017 2 Our History ISO 9001:2015 ISO 27001:2013 ISO 20000-1:2011

www.itgonline.com 1984 - 2017 2 Our History ISO 9001:2015 ISO 27001:2013 ISO 20000-1:2011

www.itgonline.com 1984 - 2017 2 Our History ISO 9001:2015 ISO 27001:2013 ISO 20000-1:2011 CMMI-DEV CMMI-SVC 2001 - 2005 Business Model Bu 1990 S Change Ch Awarded and Begin best practices Implemented implementations; IRS

328 views • 14 slides

More recommend