Upload
kitra-trujillo
View
24
Download
2
Embed Size (px)
DESCRIPTION
Second Sign-in. Speaker: Eddie Lin 林志忠 Supervisor : Hsing Mei Date: 2008/09/05. Web Computing Laboratory Computer Science and Information Engineering Department Fu Jen Catholic University. Motivation Introduction Background Future work Reference. Outline. Outline. Motivation - PowerPoint PPT Presentation
Citation preview
Page:1
Second Sign-in
Speaker: Eddie Lin Speaker: Eddie Lin 林志忠林志忠Supervisor : Hsing MeiSupervisor : Hsing Mei
Date: 2008/09/05Date: 2008/09/05
Web Computing LaboratoryWeb Computing LaboratoryComputer Science and Information Engineering DepartmentComputer Science and Information Engineering Department
Fu Jen Catholic UniversityFu Jen Catholic University
Page:2
Outline
• Motivation • Introduction• Background• Future work• Reference
Page:3
Outline
• Motivation • Introduction• Background• Future work• Reference
Page:4
Is IP and Password enough?
• The way that get your ID and password
Client
Middle
Server
木馬 ● ●釣魚網站 ●SNIFFER ●暴力測猜 ●其他密碼洩漏 ●
Page:5
Why do people want to these things?
• Because of your ID and Password.
If lose ID and password, you will– Lose your money– Lose your credit– Lose your friends– Lose everything that you do in internet
Page:6
So what can we do with losing password?
Nothing that we can do? Waiting for dying out?
It should not be happen. We have responsibility for protecting people data.
Page:7
Outline
• Motivation • Introduction• Background• Future work• Reference
Page:8
Sign-in
• Sign in Google[1]
Fig 1 Fig2, 1 time wrong sign-in
Page:9
Sign-in
• Sign in Yahoo [2]
Fig 1Fig 2, 5 times wrong
Sign-in
Page:10
Sign in
• Sign in Pchome [3]Fig 1,Message with
wrong sign-in
Fig 2, 3 times wrong sign-in
Page:11
Sign in
Sign in JP[4].Using virtual keyboard.
Page:12
Sign in
Sign in Chinatrust[5].Using 3 field to sign in.
Page:13
So far
What do we see with these sites?
Only one step for sign-in.
Page:14
二次登入的流程
帳號申請設定
第二登入選擇
登入
成功 ? 合法來源 進入網站
否
是 是
否第二登入 成功 ?
否
是 儲存相關資料
Page:15
Outline
• Motivation • Introduction• Background• Future work• Reference
Page:16
登入流程之基本安全
帳號申請設定
第二登入選擇
登入
成功 ? 合法來源 進入網站
否
是 是
否第二登入 成功 ?
否
是 儲存相關資料
Page:17
Current tools
• SSL(HTTPS)• challenge-response • One Time Password• IC CARD
Page:18
登入流程之合法來源
帳號申請設定
第二登入選擇
登入
成功 ? 合法來源 進入網站
否
是 是
否第二登入 成功 ?
否
是 儲存相關資料
Page:19
Resource
Client Server
Cookie ●
Browser Type ●
OS Type ●
Session ●
Time ●
IP ●
What kind of data we can get?
Page:20
登入流程之生物特徵
帳號申請設定
第二登入選擇
登入
成功 ? 合法來源 進入網站
否
是 是
否第二登入 成功 ?
否
是 儲存相關資料
Page:21
We need to do
– Provide second step sign-in.– Need easy to use.– Can not change too mush current custom .– need easy to get tool.– Need to get some biometrics.
Page:22
EX:Hand-writing device
• Mouse• Keyboard• Touch panel• Touch screen• Writing board?
Page:23
登入流程之駭客
帳號申請設定
第二登入選擇
登入
成功 ? 合法來源 進入網站
否
是 是
否第二登入 成功 ?
否
是 儲存相關資料
HACKER HEAR
Page:24
Outline
• Motivation • Introduction• Background• Future work• Reference
Page:25
Future work
• Search more study of biometrics.• Find out relating work.
Page:26
Outline
• Motivation • Introduction• Background• Future work• Reference
Page:27
• [1] https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy<mpl=default<mplcache=2&hl=zh-TW, Google 的登入畫面
• [2] https://login.yahoo.com/config/login?.intl=tw&.src=ym&.done=https://tw.login.yahoo.com/cgi-bin/kcookie.cgi/mail/http%3a//edit.tpe.yahoo.com/config/mail%3f.intl=tw, Yahoo! 的登入畫面
• [3] http://shopping.pchome.com.tw/?m=myaccount&c=order, Pchome 的線上購物登入
• [4] http://www.jpmrich.com.tw/cgi-bin/jfonline/home/guest_home.jsp, 摩根富明林的登入畫面
• [5] https://www.chinatrust.com.tw/cgi-bin/prod/jsp/ch/home/default.jsp, 中國信託的登入畫面
Page:28
• [6] SessionLock: Securing Web Sessions against avesdropping, Ben Adida,, WWW 2008 / Refereed Track: Security and Privacy - Web Client Security April 21-25, 2008 · Beijing, China
• [7] 焯然 詹 , “The study of Biometrics for Digital Handwriting” ( 私立東海大學資訊丅程與程學研究所 , 2006)