Beruflich Dokumente
Kultur Dokumente
Revolutions
of Cyber
Security
Ken Higuchi
General Manager, Sales
Division
INFOSEC CORPORATION
Introduction
INFOSEC CORPORATION, established in
2001, is a group of cyber security professionals
who provide a broad range of cyber security
solutions and services.
Head Office : Tokyo, Japan
Shareholders : NEC Corporation(60%) Mitsubishi
Corporation(40%)
Employees
: 110
Customers
: Military, Government, Financials, Power
Utilities,
Transportations,
Telecommunications, Broadcasters,
Manufacturers, Educations, etc.
Copytight Infosec Corporation 2015. All Rights
Solutions
: SOC Design/Deployment/Operation,
Pen-2
Reserved.
CASE-1
Japan Pension
Service
(June 2015)
were stolen
Name / Address /
Copytight
Infosec Corporation 2015.
AllNumber
Rights
Birthday
/ Pension
ID
Reserved.
My Number is a unique ID
used
for taxation and pension
Copytight Infosec Corporation 2015. All Rights
Reserved.
Taxations?
Online Accounts ?
Create Malicious
Bank Account?
Copytight Infosec Corporation 2015. All Rights
Reserved.
The Reality is
Here are some examples of recent cases:
using a
stolen Social Security number to obtain thousands of dollars in
credit and then filing for bankruptcy in the name of her victim. More recently, a man was
Central District of California. A woman pleaded guilty to federal charges of
indicted, pleaded guilty to federal charges and was sentenced to 27 months' imprisonment
for obtaining private bank account information about an insurance
Central District of California.Two of three defendants have pleaded guilty to identity theft,
bank fraud,and related charges for their roles in a scheme to open bank accounts with
both real and fake identification documents, deposit U.S. Treasury checks that were stolen
from the mail, and withdraw funds from those accounts.
Middle District of Florida.A defendant has been indicted on bank fraud charges for
obtaining names, addresses, and Social Security numbers from a Web
(REF)those
http://www.justice.gov/criminal-fraud/identity-theft/identity-theft-andsite and using
data to apply for a series of car loans over
identity-fraud
the Internet.
CASE-2
Remote Control
Trojan
IESYS.exe
(2012-13)
On Oct 9
and 10
2012,
Feb 2013,
11
12
Who is good/bad?
Crisis of trust for intentions
Copytight Infosec Corporation 2015. All Rights
Reserved.
13
How do
you trust
him?
Unintended
Transaction
Compensatio
n
XX
BANK
Cash
Transfer
XX
BANK
14
Mission Impossible
Given Conditions
a) Endpoint devices (PC/Smartphones) are infected by
malwares
b) User credentials (ID/PW) are compromised
c) Internet traffics can easily be tapped / modified
d) There are certain number of evils at the user side
Distinguish trusted
transactions
under untrusted
Copytight Infosec Corporation 2015. All Rights
Reserved.
16
INTERNE
T
Credential
s
Malicious
Remote Controls
SERVICER
S
USERS
TROJAN
Easy Deployment
of Malicious
Codes & Processes
Bad Guys,
Sometimes
Copytight Infosec Corporation 2015. All Rights
Reserved.
17
18
Trusted Virtual
Network
Login
SERVICER
S
Edge Node
INTERNE
T
Credential
s
TROJAN
Private KeyUSERS
Machinedependent
19
ADVERSARIE
S
SERVICER
S
Edge Node
INTERNE
T
Policy Enforcement
Private Key
Machine
Specific
USERS
TROJAN
Session Control
Apps/Process
Control
Traffic Encryption
All Rights
20
Project Ozone
Architectural Revolutions of Cyber
Security
22
Realtime
Threat
Intelligence
Centralized
Applications
Repository
Realtime
Transaction
Monitoring
OZONE
The Internet
Trusted identity,
Trusted location and
Trusted single connection
Copytight Infosec Corporation 2015. All Rights
Reserved.
Trusted transaction,
Trusted applications,
Trusted location and
Trusted single connection
23
Ozone Transaction
Security
Ozone ID Federation
Platform
24
25
Thank you!
ken.higuchi@infosec.co.
jp
Copytight Infosec Corporation 2015. All Rights
Reserved.
26