rp2 online banking attacks defences
play

RP2 Online Banking: Attacks & Defences Dominic van den Ende, - PowerPoint PPT Presentation

Aug 21, 2023 •202 likes •440 views

Outline Introduction Research Analysis Questions Conclusion RP2 Online Banking: Attacks & Defences Dominic van den Ende, Tom Hendrickx University of Amsterdam Master of Science in System and Network Engineering Class of 2008-2009

  1. Outline Introduction Research Analysis Questions Conclusion RP2 Online Banking: Attacks & Defences Dominic van den Ende, Tom Hendrickx University of Amsterdam Master of Science in System and Network Engineering Class of 2008-2009 July 1, 2009 Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  2. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Research questions Examine the current used models of authentication and consider their strengths and flaws. Which methods can be used in one of the three different layers of security and compare them on points such as maturity, potential and effectivity. Propose new models, based on known elements in combination with the new found methods for a more secure level of authentication. Make a proposition of a balanced model and analyse this architecture against current trojans and speculate how future trojans may evolve if confronted with this new architecture. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  3. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Research questions Examine the current used models of authentication and consider their strengths and flaws. Which methods can be used in one of the three different layers of security and compare them on points such as maturity, potential and effectivity. Propose new models, based on known elements in combination with the new found methods for a more secure level of authentication. Make a proposition of a balanced model and analyse this architecture against current trojans and speculate how future trojans may evolve if confronted with this new architecture. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  4. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Research questions Examine the current used models of authentication and consider their strengths and flaws. Which methods can be used in one of the three different layers of security and compare them on points such as maturity, potential and effectivity. Propose new models, based on known elements in combination with the new found methods for a more secure level of authentication. Make a proposition of a balanced model and analyse this architecture against current trojans and speculate how future trojans may evolve if confronted with this new architecture. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  5. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Research questions Examine the current used models of authentication and consider their strengths and flaws. Which methods can be used in one of the three different layers of security and compare them on points such as maturity, potential and effectivity. Propose new models, based on known elements in combination with the new found methods for a more secure level of authentication. Make a proposition of a balanced model and analyse this architecture against current trojans and speculate how future trojans may evolve if confronted with this new architecture. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  6. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Level of fraud Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  7. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Two-factor authentication First factor: Something you know. Second factor: Something you have. Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  8. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Current danger: Man-in-the-Browser attacks Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  9. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Current danger: Man-in-the-Browser attacks Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  10. Outline Introduction Research Plan of approach Analysis Current situation Questions Conclusion Out-of-band control and authentication "ABN AMRO" model: E.dentifier2 "ING" model: SMS messages Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  11. Outline Introduction Research Multi-layer security Analysis Next generation models Questions Conclusion Multi-layer security Layer I: End-user PC Layer II: Extra out-of-band authentication Layer III: Back-office monitoring Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  12. Outline Introduction Research Multi-layer security Analysis Next generation models Questions Conclusion Multi-layer security Layer I: End-user PC Layer II: Extra out-of-band authentication Layer III: Back-office monitoring Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  13. Outline Introduction Research Multi-layer security Analysis Next generation models Questions Conclusion Multi-layer security Layer I: End-user PC Layer II: Extra out-of-band authentication Layer III: Back-office monitoring Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  14. Outline Introduction Research Multi-layer security Analysis Next generation models Questions Conclusion Next generation models Model 1: Thin server-side virtual machine Username Challenge-response token Secure environment Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  15. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion The most balanced model Compare models using the following: Cost overview User convenience & Security Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  16. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Estimated cost overview Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  17. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Convenience & Security overview Security questions The number of attacks it does not counter Degree of difficulty to perform possible attacks User skill-level/awareness dependence Maturity Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  18. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Convenience & Security overview Some of the user convenience questions The number of steps / operations for the customer The time needed to login and make a transaction The number of physical items to keep The familiarity with the solutions (by other sites / banks) Is the solution "perceived" to be secure Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  19. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Convenience & Security overview Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  20. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Future malware threats Man-in-the-Middle Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  21. Outline Introduction Research The most balanced model Analysis Server side VM-model: Future malware threats Questions Conclusion Server side VM-model: Future malware threats Man-in-the-Middle Large scale attack will be very difficult Connection speed Application reaction time span Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  22. Outline Introduction Research Analysis Questions Conclusion Questions Any questions? Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

  23. Outline Introduction Research Analysis Questions Conclusion Conclusion Most of the current models not protected against Man-in-the-Browser Thin server-side virtual machine : Our most balanced model Dominic van den Ende, Tom Hendrickx RP2 Online Banking: Attacks & Defences

Recommend

A Year's Evolution in Attacks Against Online Banking Customers Matthew W A Pemble Information

A Year's Evolution in Attacks Against Online Banking Customers Matthew W A Pemble Information

A Year's Evolution in Attacks Against Online Banking Customers Matthew W A Pemble Information Security Crystal Ball 29 th June 2006 Group Security & Fraud Phishing, Trojans & other scams Despite appearances banks are actually (ish)

351 views • 24 slides
Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT

Future Banking and Financial Attacks Konstantinos Karagiannis Director, Ethical Hacking, BT Advise Assure 2 Agenda/topics covered Threat overview Advanced User Enumeration and DDoS Trading Turret and Timing Attacks Internal and External User

365 views • 35 slides
Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100

Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100

Online Banking Presentation for Financial Agents ONLINE FINANCIAL PLATFORM 85 regions 1100 cities and towns Otkritie Bank B&N bank Promsvyazbank Metallinvestbank Alfa-bank Baikalinvestbank Absolut Bank SME bank Sberbank Raifazzen

343 views • 7 slides
Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van

Security and Usability Gap in Online Banking NSPW Presentation - Sep 19, 2007 Security and Usability: The Gap in Real-World Online Banking Mohammad Mannan and P . C. van Oorschot Carleton University Mohammad Mannan Sep 19, 2007 1 Security

544 views • 22 slides
I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November

I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November

I ts Me 247 Online Banking is coming to your members on December 5! Rollout Update November 20, 2007 Beta Test Report 15 beta-sites testing with credit union staff Community GR Family Onaway CorePlus Kenowa

746 views • 20 slides
HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it

HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it

HOW TO PRESENT TRUSTLY ON YOUR WEBSITE Trustly Online Banking Payments Introduction We know it can be tricky to describe Trustly on your site, so weve created this best practices handbook to help you out. The tips here will aid you in

171 views • 5 slides
Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer

Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer

Over-the-Air Cross-platform Infection for Breaking mTAN-based Online Banking Authentication Alexandra Dmitrienko Fraunhofer Institute for Secure Information Technology/CASED, Germany Joint work with Lucas Davi Ahmad-Reza Sadeghi Christopher

482 views • 33 slides
Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de

Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de

Anti-Fraud Suite Holistic Approach to Online Banking Security About ThreatMark 2 Made Ma de in Czec ech h Repu public Fo Foun unded ded in 2015 15 Active on 4 continents by former Ethical Hackers 50 50+ Exper erts s 20+ million

558 views • 17 slides
On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit

On Demand Online Credit Rates in the Banking Domain A proposal for dynamic on-demand credit rates computation based on event processing. An Idea by David Luckham, Stanford University, and CITT. Daniel Jobst, Benjamin Gebauer, Thomas Schfer,

311 views • 6 slides
Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem ,

Updates-Leak: Data Set Inference and Reconstruction Attacks in Online Learning Ahmed Salem , Apratim Bhattacharya, Michael Backes Mario Fritz,Yang Zhang CISPA Helmholtz Center for Information Security, Max Planck Institute for Informatics 1

568 views • 20 slides
A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018

A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018

Marcello Messori (SEP-LUISS) The role of the ESM in a deepening EMU: A comment to Rolf Strauch Online Seminar Florence School of Banking & Finance 2 May 2018 Outline Rolf Strauchs presentation a number of stimulating suggestions:

285 views • 5 slides
How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November

How we hacked Online Banking Malware Sebastian Bachmann & Tibor Eli as 22. November 2014 B-Sides Vienna Sebastian Bachmann & Tibor Eli as How we hacked Online Banking Malware 22. November 2014 1 / 55 About Us About:

576 views • 55 slides
THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking)

THE BANKING SERVICES ACT Banking Services (Deposit Taking Institutions) (Agent Banking) Regulations 2016 Presentation to Parliament by The Honourable Audley Shaw CD, MP. Minister of Finance and the Public Service

435 views • 6 slides
PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING

PROCESS AND PROCEDURES AMIR ALFATAKH YUSOF ISLAMIC BANKING FROM CONVENTIONAL TO ISLAMIC BANKING SPEAKER PROFILE 1. Started in Conventional Banking Sales for OCBC Bank Retail, Business Banking and Corporate Banking, Kuala Lumpur Main Branch

830 views • 26 slides
The Future of Online Banking Amidst Crises The Enhanced Community Quarantine (ECQ) disrupting

The Future of Online Banking Amidst Crises The Enhanced Community Quarantine (ECQ) disrupting

The Future of Online Banking Amidst Crises The Enhanced Community Quarantine (ECQ) disrupting businesses and consumers E-learning for students Home Mandatory work from home Quarantine Closure of non-essential shops No work

217 views • 7 slides
Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide

Reverse Social Engineering Attacks in Online Social Networks Danesh Irani, Marco Balduzzi Davide Balzarotti, Engin Kirda, Calton Pu Motivations Social Networks have experienced a huge surge in popularity Facebook has more than 500

336 views • 20 slides
Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking

Offering banking services in a mobile world Denise Buckton Head of Mobile and Phone Banking Evolution of ANZ & NBNZ Mobile Banking Txt Banking NBNZ iBank M-Banking ANZ goMoney NBNZ Mobile Banking and M-Banking for iPhone browser for

429 views • 8 slides
Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia

Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia

Banking Transformation in ASEAN and Mobile Banking in Indonesia 16 Feb 2012 Indonesia International Banking Convention (IIBC) Devabalan Theyventheran Head of Transformation Office and Business Process Development CIMB Group Agenda 1

439 views • 24 slides
Defences Structure of the Courts What is a Crime? a public wrong Wrong committed

Defences Structure of the Courts What is a Crime? a public wrong Wrong committed

Defences Structure of the Courts What is a Crime? a public wrong Wrong committed against the common good or public interest causes harm to society, not just the individual 3 features that make something a public wrong:

474 views • 25 slides
COMMITTAL FOR CONTEMPT: Procedure, Defences, Funding and Costs 14 July 2020 Paper produced by

COMMITTAL FOR CONTEMPT: Procedure, Defences, Funding and Costs 14 July 2020 Paper produced by

COMMITTAL FOR CONTEMPT: Procedure, Defences, Funding and Costs 14 July 2020 Paper produced by Tim Baldwin, Barrister at Garden Court Chambers to supplement slides A. Introduction 1. There are many types of proceedings for committal for

361 views • 12 slides
Right way to establish critical pro-active defences against emerging cyber threats Andrew J

Right way to establish critical pro-active defences against emerging cyber threats Andrew J

Right way to establish critical pro-active defences against emerging cyber threats Andrew J Clarke Director, One Identity A fast changing world Digital Transformation Internet of Things (IoT) 2 Andrew J Clarke - One Identity The new attack

498 views • 24 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com

7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com

7 sins of ATM protection against logical attacks Timur Yunusov Senior expert ptsecurity.com whoami Positive Technologies (from 2009) Application security researcher (from 2009) Banking systems

647 views • 45 slides
The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the

The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the

The Italian Banking System in the Perspective of the Banking Union Fabio Panetta Member of the Governing Board - Banca dItalia London, November 21, 2013 Outline of the Presentation 1. The Banking Union (BU) project o the Single Supervisory

321 views • 21 slides

More recommend