D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g...
Transcript of D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g...
![Page 1: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/1.jpg)
Eval er K
General methodology comparisons betweenalternatives
simple chart
D DoDd dempty half fullI d does
does not achieves auhe.veactive engerty with caveats
Define every Cr terraDefine what D mean for
each
Phrase enter a in such a waythat a fall is desirable
best
![Page 2: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/2.jpg)
tastes
PasswordsBiometrics
Hardware Token e.g RSA
Google 2 FA e g SMS one time password
Password Managers
CI ent certificate certificates
Single Sign On Facebook connect
Graph nl Passwords e g Android
Evaluation Criteria
securityusabilityDeployability
![Page 3: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/3.jpg)
UL Physically Effortless
Ii oneNever typerdraw
Us Nothing to Memorize Memory w.seeffortless
X pas words for X webs te
t.tnjssiitn.n.i exwebsites
Us Nothing to carry
iii iii m
Nothing to carry
51852 Resilent to Guessing
6S2 Throttled Guessing 2 Unthrottlet
Guessing112 bits
Ifbbfs Habits
TDt.isios
![Page 4: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/4.jpg)
S3 Res.l.cat to Observation
TyeelDraw Something
Nothing entered
St Resilient to Physical Theft
Stay ay Somnath ng issufficient to log in
insuff c e H
Dl Negligible cost
Buy new equipment per user const
works in existing eiijiiif.mecost
![Page 5: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/5.jpg)
Chart
Jasswords0
Be Be
Ba q O
O
![Page 6: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/6.jpg)
Notes
RIA
At i
S.me eL oy.ni
ElDie
pasc.no sab.l.ty
Human chosen weak
System chosen strong
![Page 7: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/7.jpg)
![Page 8: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/8.jpg)
05691_LOVE Olxx
07777µ
Omgµ
x
1234 LABAB
gmmDD
04231gyp mush
20 JDDMM Jr g r J
![Page 9: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/9.jpg)
Recaps
STRIDE evaluating a solution
Evaluation Frameworks 3 evaluating a
set of solutions
Attack Trees evaluating a
single threat on a solution
Ata Te Threat Tree
structured brainstorming for attackinga systeminclude all potent.nl threats not
just attacks that work
objective think about alternative
and think broadly about securityCan use STRIDE
Requires expertiseStructure is easy execution is
hard
![Page 10: D DoD d empty - Encsclark/courses/1901-6150/... · 2019. 1. 18. · Biometrics Hardware Token e.g RSA Google 2 FA e g SMS one time password Password Managers CI ent certificate certificates](https://reader033.fdocuments.us/reader033/viewer/2022051916/6007e2d0d90ee724bc6039ba/html5/thumbnails/10.jpg)
E
TT7T d rRobotech etLsTunpeksl
ailsntiIuy.ieLscormntIgfeitJbDo.sDI aI I
Inos when ffbIa
fty.LI7IDr.vehr.TL µ.wTrcITent
fweightseisItf B
lsou y I µ nIYlS
tot