1 / 28

Second Sign-in

Second Sign-in. Speaker: Eddie Lin 林志忠 Supervisor : Hsing Mei Date: 2008/09/05. Web Computing Laboratory Computer Science and Information Engineering Department Fu Jen Catholic University. Motivation Introduction Background Future work Reference. Outline. Outline. Motivation

kitra-trujillo
Download Presentation

Second Sign-in

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Second Sign-in Speaker: Eddie Lin 林志忠 Supervisor : Hsing Mei Date: 2008/09/05 Web Computing Laboratory Computer Science and Information Engineering Department Fu Jen Catholic University

  2. Motivation Introduction Background Future work Reference Outline

  3. Outline • Motivation • Introduction • Background • Future work • Reference

  4. Is IP and Password enough? • The way that get your ID and password

  5. Why do people want to these things? • Because of your ID and Password. If lose ID and password, you will • Lose your money • Lose your credit • Lose your friends • Lose everything that you do in internet

  6. So what can we do with losing password? Nothing that we can do? Waiting for dying out? It should not be happen. We have responsibility for protecting people data.

  7. Outline • Motivation • Introduction • Background • Future work • Reference

  8. Sign-in • Sign in Google[1] Fig 1 Fig2, 1 time wrong sign-in

  9. Sign-in • Sign in Yahoo [2] Fig 2, 5 times wrong Sign-in Fig 1

  10. Sign in • Sign in Pchome [3] Fig 1,Message with wrong sign-in Fig 2, 3 times wrong sign-in

  11. Sign in Sign in JP[4]. Using virtual keyboard.

  12. Sign in Sign in Chinatrust[5]. Using 3 field to sign in.

  13. So far What do we see with these sites? Only one step for sign-in.

  14. 二次登入的流程 設定 第二登入 選擇 帳號申請 否 第二登入 成功? 是 儲存相關 資料 登入 否 否 合法來源 成功? 進入網站 是 是

  15. Outline • Motivation • Introduction • Background • Future work • Reference

  16. 登入流程之基本安全 設定 第二登入 選擇 帳號申請 否 第二登入 成功? 是 儲存相關 資料 登入 否 否 合法來源 成功? 進入網站 是 是

  17. Current tools • SSL(HTTPS) • challenge-response • One Time Password • IC CARD

  18. 登入流程之合法來源 設定 第二登入 選擇 帳號申請 否 第二登入 成功? 是 儲存相關 資料 登入 否 否 合法來源 成功? 進入網站 是 是

  19. Resource What kind of data we can get?

  20. 登入流程之生物特徵 設定 第二登入 選擇 帳號申請 否 第二登入 成功? 是 儲存相關 資料 登入 否 否 合法來源 成功? 進入網站 是 是

  21. We need to do • Provide second step sign-in. • Need easy to use. • Can not change too mush current custom . • need easy to get tool. • Need to get some biometrics.

  22. EX:Hand-writing device • Mouse • Keyboard • Touch panel • Touch screen • Writing board?

  23. 登入流程之駭客 設定 第二登入 選擇 帳號申請 否 HACKER HEAR 第二登入 成功? 是 儲存相關 資料 登入 否 否 合法來源 成功? 進入網站 是 是

  24. Outline • Motivation • Introduction • Background • Future work • Reference

  25. Future work • Search more study of biometrics. • Find out relating work.

  26. Outline • Motivation • Introduction • Background • Future work • Reference

  27. [1] https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&ltmpl=default&ltmplcache=2&hl=zh-TW, Google的登入畫面 • [2] https://login.yahoo.com/config/login?.intl=tw&.src=ym&.done=https://tw.login.yahoo.com/cgi-bin/kcookie.cgi/mail/http%3a//edit.tpe.yahoo.com/config/mail%3f.intl=tw, Yahoo!的登入畫面 • [3] http://shopping.pchome.com.tw/?m=myaccount&c=order, Pchome的線上購物登入 • [4] http://www.jpmrich.com.tw/cgi-bin/jfonline/home/guest_home.jsp, 摩根富明林的登入畫面 • [5] https://www.chinatrust.com.tw/cgi-bin/prod/jsp/ch/home/default.jsp, 中國信託的登入畫面

  28. [6] SessionLock: Securing Web Sessions against avesdropping, Ben Adida,, WWW 2008 / Refereed Track: Security and Privacy - Web Client Security April 21-25, 2008 · Beijing, China • [7]焯然 詹, “The study of Biometrics for Digital Handwriting” (私立東海大學資訊丅程與程學研究所, 2006)

More Related