Scribd Logo
Upload

Welcome to Scribd!

  • Online Banking System: Trust Elevation

    Uploaded by

    Paula Ivan
    10 views6 pages
    This document outlines an online banking system that uses different levels of assurance (LoA) for user authentication. It lists common banking use cases and their required LoA levels, such as login requiring LoA 1. It also examines threats like impersonation, guessing, and session hijacking that could allow attackers to attain a lower LoA than required. For each threat, it shows the attained and required LoA levels and references using trust elevation methods to upgrade the user's authentication level to match what is needed.

    Original Description:

    sadas

    Original Title

    Online Banking System 20130710

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines an online banking system that uses different levels of assurance (LoA) for user authentication. It lists common banking use cases and their required LoA levels, such as login requiring LoA 1. It also examines threats like impersonation, guessing, and session hijacking that could allow attackers to attain a lower LoA than required. For each threat, it shows the attained and required LoA levels and references using trust elevation methods to upgrade the user's authentication level to match what is needed.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    10 views6 pages

    Online Banking System: Trust Elevation

    Uploaded by

    Paula Ivan
    This document outlines an online banking system that uses different levels of assurance (LoA) for user authentication. It lists common banking use cases and their required LoA levels, such as login requiring LoA 1. It also examines threats like impersonation, guessing, and session hijacking that could allow attackers to attain a lower LoA than required. For each threat, it shows the attained and required LoA levels and references using trust elevation methods to upgrade the user's authentication level to match what is needed.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 6

    Online Banking System

    Trust Elevation

    Reference:
    http://umldiagramtutorial.blogspot.com/2012/10/internet-banking-system-use-case-diagram.

    Online Banking Use Cases

    Trust Elevation Logical Sequence

    Notional Trust Elevation Use Cases


    Use Case

    Context

    Required LoA

    Login

    -User with Trusted Machine


    -User with Untrusted
    Machine

    - LoA 1

    Request to Open Acc.

    - Has LoA 1

    Request to Close Acc.

    - Has LoA 1

    Request for Loan

    - Has LoA 1

    Balance Enquiry

    - Has LoA 1

    View FD Summary

    - Has LoA 1

    Open New FD

    - Has LoA 1

    Transfer Money to
    Another Acc

    - Has LoA 1

    Do Bill Payments

    - Has LoA 1

    Open New Investor Acc.

    - Has LoA 1

    Request Acc. Statement

    - Has LoA 1

    View Different Forms


    Details

    - Admin from Intranet / Has


    LoA 1

    Trust Elevation
    Method

    Threat & Trust Elevation


    Threat

    Attained
    LoA

    Required
    LoA

    Impersonation

    LoA 1

    LoA 2

    LoA 2

    LoA 3

    LoA 3

    LoA 4

    LoA 1

    LoA 2

    LoA 2

    LoA 3

    LoA 3

    LoA 4

    LoA 1

    LoA 2

    LoA 2

    LoA 3

    LoA 3

    LoA 4

    LoA 1

    LoA 2

    LoA 2

    LoA 3

    LoA 3

    LoA 4

    LoA 1

    LoA 2

    General Authentication
    Phase Threats

    Online Guessing

    Phishing

    Eavesdropping

    Trust Elevation Method

    Threat & Trust Elevation


    Threat

    Attained
    LoA

    Required
    LoA

    Session Hijack

    LoA 1

    LoA 2

    LoA 2

    LoA 3

    LoA 3

    LoA 4

    LoA 1

    LoA 2

    LoA 2

    LoA 3

    LoA 3

    LoA 4

    LoA 1

    LoA 2

    LoA 2

    LoA 3

    LoA 3

    LoA 4

    LoA 1

    LoA 2

    LoA 2

    LoA 3

    LoA 3

    LoA 4

    Man In The Middle

    Credential Theft

    Spoofing &
    Masquerading

    Trust Elevation Method

    You might also like