Advanced Persistent Threats in Digital Identity
You may have heard this disturbing news report - Chinese hacker group caught bypassing 2FA - Chinese state-sponsored group APT20 has been busy hacking government entities and managed service providers.
We were amazed by the capability of those cyber attack forces, which might possibly be backed up by huge budgets and irresistible means to bribe and threaten the insiders of target organizations.
Well, we could make meaningful contributions in such areas as (1) preventing the compromise of an OTP token from affecting the overall security of 2F authentication, to (2) preventing the OTP token from getting compromised in the first place and (3) preventing the inside jobs.
Below are the conclusions that we reached.
1. Our proposition of the simplest 2F authentication could help.
We could consider an extremely simple two factor authentication made of a remembered password (what we remember) and a memo/storage with a long password written/stored on (what we possess), which we can use right away at no cost.
If properly hashed, the resulting high-entropy hashed value can stand fierce brute force attacks. Theft/copy of the memo/storage alone would not affect when the remembered password is unknown to the criminals.
Furthermore, ‘Image-to-Password Converter cum Entropy Amplifier’ software could be considered for better balance of security and convenience at a higher level when Expanded Password System becomes readily available. The ‘Image-to-Password Converter cum Entropy Amplifier’ software can be offered as a plug-in module either for the server or the user’s device.
These schemes are closely explained in the "Proposition on How to Build Sustainable Digital Identity Platform" selected as a finalist for ‘FDATA Global Open Finance Summit & Awards 2019’
2. Our proposition of 2-channel authentication could help.
With our 2-channel scheme, the onetime code can be recovered and sent to the server only by the legitimate user who retains the secret credential in their brain.
Further details are provided in this slide “2-Channel Authentication with No Physical Tokens and No SMS” for the specifics.
It is also referred to as a powerful phishing deterrent in “Targeted/Spear Phishing and Expanded Password System”
By the way, this 2-channel scheme is not just a concept, but was actually implemented in the real world for corporate use.
3. Our proposition of Authority-Distributed Authentication could help.
With this scheme, an encryption key gets reproduced by any combination of 3 registered operators and gets eliminated after operation as outlined in this slide “On-the-fly Key Generation from Our Memory”. It would be extremely hard to quietly bribe or threaten 3 people at a time
Again, this scheme is not just a concept but the prototype software proved to work.
Conclusion
We are confident that we could make significant contributions to mitigating these 3 problems of
preventing the compromise of an OTP token from affecting the overall security of 2F authentication,
preventing the OTP token from getting compromised in the first place
and
preventing the inside jobs.
< Related Articles >
History, Current Status and Future Scenarios of Expanded Password System
Removal of Passwords and Its Security Effect
#identity #authentication #password #security #fintech #finance #banking #biometrics #ethic #privacy #democracy
Hitoshi Kokumaiの記事
ブログを見るI would like to take up this somewhat puzzling report - “Google advises passwords are good, spear ph ...
There is actually a valid methodology that enable us to maximize the entropy of the secret credentia ...
I take up this new report today - “Researchers Defeated Advanced Facial Recognition Tech Using Makeu ...
この職種に興味がある方はこちら
-
ユニクロ コクーンシティ店
次の場所にあります: Talent JP C2 - 2日前
FAST RETAILING CO Yamaguchi, 日本仕事情報 · ● 仕事内容 ユニクロの店舗販売業務全般をお願いします。具体的には、●お客様対応(接客)/ご案内●商品整理/補充(品出し)/清掃●試着のお手伝い etc...まずは簡単なお仕事から始めてお店に慣れていってください。 ●ユニクロ公式HPへようこそ ユニクロではバラエティ豊かなスタッフが多数活躍中。WワークOK◎主婦(主夫)歓迎お仕事にブランクのある方も歓迎です20歳代、30歳代、40歳代。様々な年代のスタッフが活躍中です。アパレル、ホテル、美容コスメ雑貨、カフェなどでの接客経験のある方、接客ありのお仕事も同時募集中です ●未経験大歓迎♪ ア ...
-
デリバリーコーディネーター
次の場所にあります: Talent JP C2 - 1日前
Survitec Kobe, 日本 フルタイムVacancy Title: Delivery Coordinator · Vacancy Location: Kobe, Japan · Engagement Type: Temporary, Full Time · Your Company · Survitec are the world's largest survival technology provider. For over 166 years, we have been protecting lives in the air, on land and at sea, throu ...
-
栄養士
次の場所にあります: beBee S2 JP - 4日前
ほっぺるランド東日本橋 中央区, 日本 TEMPORARY〈ほっぺるランド東日本橋の求人ポイント〉 · ◆都営新宿線「馬喰横山駅」徒歩5分 · ◆月給220,000円~ · ◆園児数:72名(0~5歳児) · ◆認可保育園の栄養士 · ----- · 勤務地 · ----- · 東京都中央区東日本橋3-3-3Anelaビル 1~3階 · ----- · 最寄り駅 · ----- · 都営新宿線馬喰横山駅 徒歩5分 · ----- · 園名 · ----- · ほっぺるランド東日本橋 · ----- · 施設形態 · ----- · 認可保育園 · ----- · 園児定員 · ----- · 72名 · --- ...
コメント