Beruflich Dokumente
Kultur Dokumente
Sarajevo
Sylvain Maret / Digital Security Expert / OpenID Switzerland @smaret Version 1.01 / 22.11.2012
Who am I?
Security Expert
17 years of experience in ICT Security Principal Consultant at MARET Consulting Expert at Engineer School of Yverdon & Geneva University Swiss French Area delegate at OpenID Switzerland Co-founder Geneva Application Security Forum OWASP Member Author of the blog: la Citadelle Electronique http://ch.linkedin.com/in/smaret or @smaret http://www.slideshare.net/smaret
Chosen field
AppSec & Digital Identity Security
22 per minute
Strong AuthN
RSA FAILED ?
http://fr.wikipedia.org/wiki/Authentification_forte
OTP Strong authentication Encryption Digital signature Non repudiation Strong link with the user
PKI (HW)
Biometry
Alice
Web Server
Others:
OTP via SMS OTP via email Biometry and OTP Phone Bingo Card Etc.
Crypto - 101
OTP
T=UTC Time
ie = OTP(K,T) = Truncate(HMAC-SHA-1(K,T))
OTP
C = Counter
ie = OTP(K,C) = Truncate(HMAC-SHA-1(K,C))
OTP Challenge
nonce
ie:
Flicker code Generator Software that converts already encrypted data into optical screen animation
http://itunes.apple.com/us/app/iotp/id328973960
Editor / Vendor
Secret Key are[is] generated on promise
K1
K1
K1
TokenCode
Mobile OTP
(Use MD5 ..)
TOTP
Time Based OTP Draft IETF Version 8
OCRA
(R)isk
(B)ased
(A)uthentication
Module/Agent-based approach
&
Application Security
Questions ?