C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

39
Valencia 2014 – Chema Alonso Chema Alonso @chemaalonso [email protected] http://www.elladodelmal.com

description

Ponencia: Seguridad Informática: Digital Latches for your Digital Life. COIICV: X Congreso de la Ingeniería Informática de la Comunidad Valenciana

Transcript of C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Page 1: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Chema Alonso @chemaalonso

[email protected] http://www.elladodelmal.com

Page 2: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Incidentes de Seguridad

Page 3: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Dumps de identidades

Page 4: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

BYOM (Bring Your Own Malware)

Page 5: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

El enemigo a las puertas

Page 6: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Superficie de exposición

•  Los servicios están activos 24 x 7 x 365

•  Solo usamos nuestras identidades un breve espacio de tiempo

•  Las cuentas deberían poder apagarse

Page 7: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Passwords+OTP

SMS  TOKEN  8762134  

Page 8: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

2FA “classics”

•  Usuario necesita introducir un código •  Despliege de SMS •  Matriz de coordenadas es estática •  Hardware tokens son caros •  Usuario necesita introducir un código •  Usuario no le gusta introducir un código

Page 9: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

A la gente le gusta dormir la siesta (con el mando de la tele)

Page 10: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Patentes

Page 11: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

KISS (Keep It Spanish, Stupid)

Page 12: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

At the airport Anna has just started a new job and she is on a business trip. As usual, she checks the weather, prepares her suitcase and defines her online security levels using Latch.

Page 13: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Taking a cab To make her trip easier she decides to pay everything using a service, on her way to the office at the destination point she switches service on, so she can pay the taxi fare. Once done she switches her account off, minimizing the exposure to improper usage.

Page 14: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

An alert of the service used! Fortunately her account was blocked by Latch, as Anna easily requested using the app. Alas, in the stopover someone tried to hack her service account. The attack was under control and no misuse was ever fulfilled.

Page 15: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

¿Cómo proteger una identidad?

Page 16: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

“Latch” de una cuenta

Latch  Server  

1.-­‐  Generate  pairing  code  

2.-­‐  Temporary  Pariring  token  

My  Site  User  Se>ngs:  Login:  XXXX  Pass:  YYYY  

Latch:            

4.-­‐AppID+Temp  pairing  Token    

5.-­‐  OK+Unique  Latch  

6.-­‐ID  Latch  appears  in  app  

ULatch  

Page 17: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Login en una Web

Latch  Server  

Latch  app  Latch1:  OFF  Latch2:ON  Latch3:OTP  Latch4:OFF  

….  

My  Bank  Users  DB:  Login:  XXXX  Pass:  YYYY  

Latch:  Latch1            

Login  Page:    

Login:AAAA  Pass:BBBB  

1.-­‐  Client  sends  Login/password  

2.-­‐  Web  checks  CredenXals  with  Its  users  DB  

3.-­‐    asks  about  Latch1  status  

4.-­‐  Latch  1  is  OFF  

5.-­‐  Login  Error  

6.-­‐  Someone  try  to  get  Access  to  Latch  1  id.  

2.-­‐  Check  user/pass  

Page 18: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Login en una web

Page 19: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Vamos a “Latchear”…

Page 20: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Hacer login con OTP

Latch  Server  

Latch  app  Latch1:  OFF  Latch2:ON  Latch3:OTP  Latch4:OFF  

….  

My  Bank  Users  DB:  Login:  XXXX  Pass:  YYYY  

Latch:  Latch1            

Login  Page:    

Login:AAAA  Pass:BBBB  

1.-­‐  Client  sends  Login/password  

2.-­‐  Web  checks  CredenXals  with  Its  users  DB  

3.-­‐    asks  about  Latch1  status  

5.-­‐  Latch  1  is  ON(OTP)  

6.-­‐  OTP?  

7.-­‐  Use  this  (OTP).  

4.-­‐  Latch  Server  Generates  OTP  

8.-­‐  User  introduces  OTP  

2.-­‐  Check  user/pass  

Page 21: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Hacer login con OTP

Page 22: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Control Parental

User  Pass  

Login:  User  Pass:  Pass  Latch:  Latch  

Page 23: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

User1  Pass1  

User2  Pass2  

Login:  User2  Pass:  Pass2  Latch:  Latch2  

Login:  User1  Pass:  Pass1  Latch:  Latch1  

Verificación de 4 ojos

Page 24: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

2 keys activation

User1 Pass1

User2 Pass2

Asset Latch: Latch1 Latch: Latch 2

Page 25: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Operaciones latcheadas

Latch  Server  

Latch  app  Latch1:  ON  Op1:OFF  Op2:ON  OP3:OTP  

Latch  2:  OFF  ….  

My  Bank  Login:  XXXX  Pass:  YYYY  

Latch:  Latch1  Int_Trnas:  Op1  

Online  Banking  

 Send  Money:  1231124343  

1.-­‐  Client  orders  InternaXonal    TransacXons  

3.-­‐    asks  Latch1:Op1  status  

4.-­‐  Latch  1:Op1  is  OFF  

5.-­‐  Denied  

6.-­‐  Someone  try  to    do  a    Latch  1:Op1  OperaXon  

Page 26: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

User Pass

Login: User Pass: Pass

Latch: Latch Op1:Unlock Op2: OTP

Supervision

Why?  

Answer  

OTP  

Page 27: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Latch Users     Developers   Corporates  

Control  all  digital  idenXXes  in  one  single  point.  ON/OFF.      

Integrate  Plugins  and  develop  soluXons  with  SDKs  to  adapt  

Latch  technology  to  their  needs      

SDKs:  PHP,  Java,  .NET,    C,  Ruby,  Python  &  WebService  API  

 Plugins:  

WordPress,  PrestaShop,  RedMine,  Cpanel,  Moodle,  OpenVPN,  SSH,  Drupal,  DotNetNuke,  Joomla!,  …  

-­‐  Deploy  2FAuth  -­‐  Opt-­‐in/mandatory  -­‐  Detect  idenXty  theg  -­‐  Granularity  -­‐  Reduce  Fraud  -­‐  Parental  Control  -­‐  4  Eyes  verificaXon    

Tools  -­‐  Control  Dashboard  -­‐  Usage  StaXsXcs  -­‐  Internal  appliance  (beta)  

!

Page 28: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Monitoring Switch

•  With one latch –  As many granularity as needed –  Two status –  OTP –  User confs

•  Schedulle •  AutoLock

•  Possible to re-act at status If Lock then {} Else {} Goto fail; Goto fail:

Page 29: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Latching SSH

Page 30: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Windows pGina

hip://unstableequilibrium.com/2014/02/07/using-­‐pgina-­‐and-­‐latch-­‐to-­‐protect-­‐your-­‐windows-­‐login/    

Page 31: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

SCCAID

Page 32: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Triggering actions at events

Page 33: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Latch Event Monitor

Page 34: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Coming Soon

•  Physical World •  Biometry •  AD Plugins •  New Plugins – Open Exchange – PHP MyAdmin – Django? – LDAP Bridge – Etc…

Page 35: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Latch DashBoard

Page 36: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Sobre Latch •  Privacidad: – AppIDs conoce los UniqueLatches pero no los

UserLatches. – Latch Server conoce Latchets y AppID, pero

no los usuarios/passwords •  Robustez: – Si el servidor de Latch es comprometido la

seguridad del sitio protegido sigue intacta. – No se guarda ningún dato sensible en Latch

Server.

Page 37: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Developer Area

Page 38: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

Apps disponibles

En desarrollo: •  Firefox OS •  Blackberry

Page 39: C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014

Valencia 2014 – Chema Alonso

¿Preguntas?

•  Chema Alonso •  @chemaalonso •  [email protected] •  http://www.elladodelmal.com •  http://www.elevenpaths.com •  https://latch.elevenpahts.com


Latches and Flip-Flops

Latches and Flip-Flops

Digital Design: Sequential logic, Latches and Flip-Flops Part - II

Digital Design: Sequential logic, Latches and Flip-Flops Part - II

CS 151 Digital Systems Design Lecture 19 Sequential Circuits: Latches

CS 151 Digital Systems Design Lecture 19 Sequential Circuits: Latches

Charge-Steering Latches - CURVE

Charge-Steering Latches - CURVE

IE1204 Digital Design L8: Memory Elements: Latches and ...

IE1204 Digital Design L8: Memory Elements: Latches and ...

Downee Gate Latches

Downee Gate Latches

Figure 7–1 Two versions of SET-RESET (S-R) latches. Open file F07-01 and verify the operation of both latches. Thomas L. Floyd Digital Fundamentals, 9e.

Figure 7–1 Two versions of SET-RESET (S-R) latches. Open file F07-01 and verify the operation of both latches. Thomas L. Floyd Digital Fundamentals, 9e.

RootedCON 2014: Playing and Hacking with Digital Latches

RootedCON 2014: Playing and Hacking with Digital Latches

irrigation project using latches

irrigation project using latches

Company LOGO DKT 122/3 DIGITAL SYSTEM 1 WEEK #12 LATCHES & FLIP-FLOPS.

Company LOGO DKT 122/3 DIGITAL SYSTEM 1 WEEK #12 LATCHES & FLIP-FLOPS.

CEC 220 Digital Circuit Design Latches and Flip-Flops Monday, March 03 CEC 220 Digital Circuit Design Slide 1 of 19.

CEC 220 Digital Circuit Design Latches and Flip-Flops Monday, March 03 CEC 220 Digital Circuit Design Slide 1 of 19.

Module -17 Latches 1. 2. 3. Latches

Module -17 Latches 1. 2. 3. Latches

L6 - Latches, the D Flip-Flop and Counter Design...1 Latches, the D Flip-Flop & Counter Design ECE 152A –Winter 2012 February 6, 2012 ECE 152A -Digital Design Principles 2 Reading

L6 - Latches, the D Flip-Flop and Counter Design...1 Latches, the D Flip-Flop & Counter Design ECE 152A –Winter 2012 February 6, 2012 ECE 152A -Digital Design Principles 2 Reading

CHAPTER Digital-to-Analog Converters for LCDscwlu/book/2_CMOS... · Digital-to-Analog Converters for LCDs ... data latches, digital-to-analog converters (DACs), and output buffers.

CHAPTER Digital-to-Analog Converters for LCDscwlu/book/2_CMOS... · Digital-to-Analog Converters for LCDs ... data latches, digital-to-analog converters (DACs), and output buffers.

SEGURIDAD INFORMÁTICA Y FIRMA DIGITAL · SEGURIDAD INFORMÁTICA Y FIRMA DIGITAL IFCM026PO / 50 horas sistemas de seguridad informá ca en la empresa. Ruano Formación SL · Ctra.

SEGURIDAD INFORMÁTICA Y FIRMA DIGITAL · SEGURIDAD INFORMÁTICA Y FIRMA DIGITAL IFCM026PO / 50 horas sistemas de seguridad informá ca en la empresa. Ruano Formación SL · Ctra.

Latches and Flip Flops

Latches and Flip Flops

Objectives:• Understand latches, timers, counters and … · • Understand latches, timers, counters and MCRs. • To be able to select simple internal memory bits. • Latches,

Objectives:• Understand latches, timers, counters and … · • Understand latches, timers, counters and MCRs. • To be able to select simple internal memory bits. • Latches,

12 latches

12 latches

10 Latches

10 Latches

Lecture06 Latches

Lecture06 Latches