Security in the Digital Age

“There is no security on this earth; there is

only opportunity”
ABOUT US

10/13/2023
 Leading information Security and Surveillance
consultant group based in India

 Servicing our clients in both –

 PhysicalSecurity
 Information Security

2
CONTD.

10/13/2023
 Servicing Security business for more than 5 years

 Tie ups up security companies across the world

 R&D Team consists of top brains from IIT Mumbai,

IIT Delhi etc

 Registered vendor with MI – Directorate

 Board of Advisors consist of Ex-Army officers

3
LAW ENFORCEMENT CLIENTS IN
INDIA

10/13/2023
 Indian Army –

 Military Intelligence
 Multiple core(s) including 15 core etc
 Multiple commands including Northern Command, Western Command etc.

 Central Organizations including –

 NTRO
 NIA

 Multiple state police departments including –

 Delhi Police
 J & K Police
4
10/13/2023
5
 10/13/2023
Multifactor
Authentication

MFID – Multifactor Identity

6
10/13/2023
7
IT SECURITY - CURRENT
 Anti – Virus

 Firewall

 Unified Threat Management

 People and Processes –

 Processesto connect to the Internet

 No authorization for Pen drives, CD’s, Laptops etc
BANKS TODAY ARE USING UTM, IPS etc FOR
COMPREHENSIVE PERIMETER SECURITY. AS
A HACKER, WHO WOULD YOU IDENTIFY AS
THE WEAKEST LINK IN THE CHAIN?
POINT OF VULNERABILITY
Point of attack
TYPES OF FINANCIAL FRAUD

10/13/2023
 Card cloning
 Online credit card frauds by stealing card data
 Identity Thefts / Phishing
 Money Laundering / Hawala
 Tax evasion / PF Fraud / Pension Scam
 Internet Investment Scams
 Internet Auctions
 Nigerian Scandal
 Online investment scams – Market Manipulation

11
POINT OF VULNERABILITY
Point of attack
IDENTITY THEFTS

10/13/2023
 Identity thefts – Fastest growing white collar crime
 Number of victims in 2006 – 9.9 Million

 900,000 new victims each year

 Cost to businesses more than $50 billion
 Cost per incident to consumer $6,383
 Hours spent per victim resolving the problem as shown by

identity theft statistics: 30

 Hours spent resolving problem: 297 million

15
THREATS

10/13/2023
 Identity theft can be carried out by
 Phishing
 Virus, Trojans, worms
 LAN Attacks – Remote Sniffing
 Web Vulnerabilities including SQL Injection, XSS attacks
and Cookie capturing

 78% of all Information Security breaches are conducted by

internal employees

16
PREVENT IDENTITY THEFT

10/13/2023
 Map the physical identity of the user to the server
 Removes the vulnerability of Static Passwords
 Works on two premises –
 Something you have
 Something you know

 Prevents –
 Online Credit Card Fraud
 Phishing
 Cloning of Cards

17
ACCESS AND AUTHENTICATION

10/13/2023
 Credit Card Transaction
 E-Banking / Net Banking
 IT Infrastructure in the Bank –
 LAN
 Wi-Fi connectivity
 Mail Servers
 Critical web applications
 VPN

18
AUTHSHIELD

10/13/2023
 AuthShield is a multi factor authentication system which
uses either of the three authentication mechanisms
 Soft Token
 Hard token
 E-Token
 Black Berry / Other smart Phones
 AuthShield is used to identify the physical identity of the
user to the server
 AuthShield identifies the user on two factor –
 Something he/she knows (User Name / Password)
 Something he/she has

19
Hard Token – Identifying the user on the basis of
his Key

20
PREVENT CREDIT CARD FRAUD

10/13/2023
 Security device given to authorized users
 The device displays a changing number that is typed in as
a password
 The password is based on a pre defined unbreakable
randomized algorithm
 Every time the user makes a credit card transaction, the
randomly generated number is matched with the server to
verify users credentials

21
Soft Token – Identifying the user on the basis of
his phone number

10/13/2023
22
MOBILE TOKEN – GENERATING TOKEN VIA
MOBILE PHONES
BlackBerry AuthShield for Web Clients–

10/13/2023
4). Token Generated

5). Credentials Entered

2).Request Sent to BES

Web Client –
UN+PWD+TOKEN

BES

1). User accesses the token generation

application on his BB device

3). Request Forwarded to IAS IAS & AD

3).

23

IAS
6). Access
PROTECT CUSTOMERS IDENTITY

10/13/2023
 The OTP is sent either via SMS or the OTP is generated
by the smart phone itself

 The user use the OTP to log into the web application like
OWA or the core banking application

 Works on all smart phones with GPRS enabled

 The system does not depend on the memory or the

processor usage of the phones
24
CLIENTS LOGIN – SECURE NET
BANKING

10/13/2023
 Centralized architecture where all web / applications servers
are integrated centrally. Distributed servers can have their own
controlling architecture

 The user logs into the application server and provides his
credentials

 Based on user’s credentials, a One-Time-Password is

generated and sent to the user’s mobile number. The user
meanwhile is taken to the OTP authentication application
(integrated with the AAA server). Once the users identity is
verified, the user is then provided access to the application
25
CONTD.
 All logs are stored in a secured database (completely
encrypted) for future analysis
 Date and Time
 User
 Time Gap

 Access to logs only available to Admin team

 Privileges assigned to every users

 IP Address of the user

AUTOMATED SECURITY ALERTS

10/13/2023
 Whether the user is using a spoofed IP address or not
 IP address of the system of the user

 Time stamp

 Login pattern of the user which includes -

 Last three login time and location of the user
 Current login time and location of the user
 Registered location of the user
 Average time gap between the last two transactions

27
FEATURES

10/13/2023
 Optional integration available in the system for advanced
Risk based Transaction Algorithm which includes –
 Predictive Modeling based Algorithm (Heuristics)
 Behavioral pattern of the user based on his previous 50
transaction
 Average card use over the past two years
 Address verification service
 Profile of the user
 Pre programmed with specific patterns found during
fraudulent activity attacks like fund consolidation or
exaggerated numbers of small transactions

28
CONTD.

10/13/2023
 OS Independent Authentication Mechanism

 Seamless Integration with the current business and security

architecture

 Increases the log on security for critical applications

 Unbreakable encryption on the lines of those used by US Government

 Works as a single application or in connection with Microsoft AD,

Radius, firewall, VPN, Wi-Fi, Terminal services etc

 Logs are maintained to fix responsibility in case of an unlawful event.

29
UNIQUE FEATURES

10/13/2023
 AAA Servers to be deployed at the clients premises

 Unbreakable encryption

 Competitive costs

 One Time Costs

 Optional – Risk Based Transaction Algorithm

30
SAMPLE SCENARIO 1
 Bank requires –

10/13/2023
 A secure access solution for Core Banking Applications, LAN users, offline users,

 Protect critical information stored on User’s PC

 Users only access applications via their desktops

 Monitored, limited and controlled user base

 Access is available from both LAN and RDP

 Compatible with different Windows OS version

 Quick, scalable and easy to maintain solution

 Domain based authentication preferred

31
 A Solution interoperable with different types of Tokens
OUR OFFERING
AuthShield for Windows Logon –

10/13/2023
2). User Prompted to enter OTP

3). OTP/UN sent to IAS

IAC
1). User Logs in with his credentials Interoperable with
multiple token
types

2). User Name/Domain/Pwd forwarded to AD

5). IAS Result

32
4). AD Result
5). Access
AD
SAMPLE SCENARIO 2
 Bank requires –

10/13/2023
 A secure access solution for Net Banking

 Prevent critical information stored in accounts

 A “required-to-carry” hard token not acceptable

 SMS based token acceptable but not preferred for users travelling to remote
locations with connectivity issues

 The net banking solution should be robust and scalable

 Quick implementation and easy to maintain solution

 Prompt Generation of Tokens

33

 Users use BB, Android, Apple devices, other Smart Phones

OUR OFFERING
BlackBerry AuthShield for Web Clients–

10/13/2023
4). Token Generated

5). Credentials Entered

2).Request Sent to BES

Web Client –
UN+PWD+TOKEN

BES

1). User accesses the token generation

application on his BB device

3). Request Forwarded to IAS IAS & AD

3).

34

IAS
6). Access
SAMPLE SCENARIO 3
 Bank requires –

10/13/2023
 A secure access solution for web based applications for users in remote
offices

 The solution should be easily deployable over a large user base

 A hard token not preferable

 Applications accessed using SSL VPN (Citrix, Juniper etc…)

 Phased implementation and easy to maintain solution

 Robust and scalable

 Easy Generation of Tokens 35

OUR OFFERING
AuthShield Soft Token (SMS)–

10/13/2023
Authenticate Authenticate

MMFSL
Server
IAS

Token Generated

SMS

Access

36

6). Access
SAMPLE SCENARIO 3
 Bank requires –

10/13/2023
 A secure access solution for –
 ATM Transactions

 Credit Card Fraud

 Users can use any ATM or can use his credit card at any location

 Dynamic PIN / Password for ATM or Credit card transactions

 The One Time Password is verified at the Bank’s servers

 Robust and scalable

 Prompt Token Generation

37
OUR OFFERING
AuthShield Hard Token –

10/13/2023
Authenticate/
Authenticate
Commit

IAS Bank’s DB
Server

Access

38

6). Access
ADVANTAGES

10/13/2023
The Bank User Gets –

 Easy access to resources

 No extra codes to remember.
 Use any device (mobile phone / laptop / hard token) they wish.
 Works worldwide

39
CONTD.

10/13/2023
The Bank gets -
 Zero user administration.
 Seamless Integration with current setup
 Simple price set up
 Better use of the IT systems already in place
 100% control of 'who can access the system'.
 Zero maintenance on card frauds
 Decrease credit card frauds by up to 99%
 No deployment of devices or software to users.

40
 Thankyou!!
Questions Welcome!!