Phone: +44 7972 111149 Email: [email protected] Mega AS Consulting Ltd © 2007 CAT – the problem...
-
Upload
vernon-chambers -
Category
Documents
-
view
213 -
download
1
Transcript of Phone: +44 7972 111149 Email: [email protected] Mega AS Consulting Ltd © 2007 CAT – the problem...
Phone: +44 7972 111149
Email: [email protected] AS Consulting Ltd © 2007
CAT – the problem & the solution
Using the CAT
Top Security
Mega AS
Cellular Authentication Token
CAT
Phone: +44 7972 111149
Email: [email protected] AS Consulting Ltd © 2007
CAT = Maximum Security
Two Factors Authentication
What you have = Cellular token
What you know = Password
The Cellular is protected by PIN
CAT is protected by CAT Password
CAT Password used to encrypt Secret Data
CAT Password not kept on Cellular
Only Verification sentence is kept on Cellular
Encryption with the Cellular unique ID (IMEI )
After 3 minutes shuts down
Phone: +44 7972 111149
Email: [email protected] AS Consulting Ltd © 2007
CAT = Maximum Security
User enters a One Time Password to login
CAT Generates OTP every 60 Seconds
Hacker can not reuse old OTP
Hacker can not predict the next OTP
Hacker will look for the CAT Password on the Cellular
Phone: +44 7972 111149
Email: [email protected] AS Consulting Ltd © 2007
CAT = Maximum Security
Usually:
Password = 1111Encryption
ProcessEnc. Password = xxxx
xxxx saved in memory
Hacker finds XXXX in memory:
Try word = zzzzEncryption
Process
zzzz = Password = 1111
Is it = xxxx ?
yes
no
Phone: +44 7972 111149
Email: [email protected] AS Consulting Ltd © 2007
CAT = Maximum Security
With CAT:
Password = 1111Encryption
ProcessEnc. Verification = xxxx
xxxx saved in memory
Hacker finds XXXX (Enc. Verification) in memory:
Try word = zzzz EncryptionProcess
zzzz = Enc. Verification
Is it = xxxx ?
yes
Verification = Joe is the best
+
Password NOT SAVED
Verification = ??????
+
Password NOT FOUND
Phone: +44 7972 111149
Email: [email protected] AS Consulting Ltd © 2007
CAT = Maximum Security
Hacker finds XXXX (Enc. Verification) in memory:
Try word = zzzz DecryptionProcess
Is it = ?????
yesEnc. Verification = xxxx
+
Nothing to compare too
No way to know when the Verification sentence is
found
Phone: +44 7972 111149
Email: [email protected] AS Consulting Ltd © 2007
Performance
Check if user exists
Check if user enabled
Encrypt entered password
Compare with saved password
Allow access
Check if user exists
Check if user enabled
Calculate required OTP
Compare with entered OTP
Allow access
Old way CAT way