Build your professional network on facebook via our app Go to app
 
<< Prev  3 of 3 in Topic 
Topic : What is the Identity of a Website?
  Rate : 
 

Can Identity of a website be authenticated without mutually authenticating the user and the website

Created by : Shaillender Mittal, Director Sales, Uniken Solutions  | 05 08 2009 06:57:08 +0000
Industry : Technology ConsultingFunctional Area : New Technologies(Technology)
Keywords : phishing internet banking authentication two factor authentication online frauds email security
Activity:  243 views;  last activity : 07 06 2010 20:18:09 +0000

The current known token technologies provide what is known as 2-FACTOR token – what you have and what you know – the second factor is essentially the physical hardware that the user needs to posses in order to authenticate himself/herself to the application before access is provided. These token technologies have been known to be vulnerable to man-in-the-middle attacks.
The fundamental reason for this vulnerability is the fact that these are not 2-WAY tokens – that is, they do not facilitate the authentication of the application before the submitting the authentication data of the end-user. Thus, in order to completely protect the end-user and the enterprise’s application from being hacked – one needs 2-WAY, 2-FACTOR authentication tokens.

  
Share
 
 
  Rate : 
 
 
Yes Vs No
1
 
 
 
 
1
4
0
Support   Support
Top Argument
1
0

We must Authenticate the end points before sumitting any cerdentials. Existing technologies and solutions require you to submit the credentials to an un-authenticated channel before authentication. It thus is prone to Identity thefts. We can authenticate without transmitting any Identity credentials and then share the Identity credentials.
By Shaillender Mittal, Director Sales, Uniken Solutions  05 08 2009 06:57:08 +0000
 
0
0

Thanks for your comment Mr. shailender....even i agree that both biometrics and password can be combined for better authentication process....
By Ramdas Pawar, Sales/BD Manager, Flex  | 05 08 2009 08:01:54 +0000
1
0

Ramdas, the fact that Identity is transmitted on an unauthenticated channel, even in current 2 factor solutions, is the root cause of teh problem of theft.

The USB tokens etc, issued by companies to financial institutions only add another changing password for the MITM to steal. How deos the user know that he is at the correct ban website or there is noone in between him and the bank stealing what he is entering?

In my opinion, Biometrics is a safer way, but the probem is that Biometrcis is the same for all your relatioships. Passwords, as in two factor, are changing in nature, so they are good as long as they change. But passwords can be stolen, Biometric cannot be stolen. So the idea is to combine these two.

Mutual Authentication - a new concept being studied by the Naval Postgraduate School alongwith the DoD, US - changes the game forever. It authenticates the end points before any credentials are shared. This is based on existing mathematical frameworks such as SPEKE and DH.
By Shaillender Mittal, Director Sales, Uniken Solutions  | 05 08 2009 07:46:51 +0000
1
0

Yes i agree with you Mr. Shailender, most of the employees at many companies, especially financial institutions and other environments, use multifactor authentication, which requires at least 2 items something users have, such as a USB token or smart card, and something they know, perhaps a PIN to gain access to company resources. The requirement for a combination of 2 authentication factors means stronger protection for the company resources, the whole 2 factor authentication solution also stores user credential information on the token or smart card or in a software program on the client machine, users gain easier access to resources (e.g., email, company data and devices, Web sites that require logon) and the Help desk benefits by fielding fewer calls about forgotten passwords. 

And one question Mr. Shailender how much do you think the Biometrics plays in this authentication factor???
By Ramdas Pawar, Sales/BD Manager, Flex  | 05 08 2009 07:30:27 +0000
Argue for "Yes"
Argue for "No"
 Found the debate "Can Identity of a website be authenticated without mutually authenticating the user and the website"  interesting ?  Suggest to your connections and communities  
 
Viewers also viewed
I have a idea that National Identity card should be important for us... So we should start a...
 
594 referals 76 arguments, 4047 views
Which is better ULIP or Mutual Funds?
 
25 referals 27 arguments, 2873 views
mutual fund vs insurance
 
342 referals 11 arguments, 284 views
more...  
Recent Knowledge (3)
WE HAD A GOOD NUMBER OF INVENTORS WITH GREATER VISION ABOUT THE SOCIETY. INVENTORS HERE NEED NOT...
 
2 referals 2 arguments, 97 views
These days as I switch on the tv or radio or look at a hoarding I do feel that power of ads I...
 
3004 referals 23 arguments, 492 views
MNC's should take in more freshers vs Do not take freshers
 
1 referals 2 arguments, 171 views
more...  
Sponsored Jobs
More From Author
Building additional security measures always help, and in that I agree with Mr. Arora. In India, Bank of India is doing it correctly... protecting the entire connection pipe to its' customers using StarToken - which also includes SMS OTP (mobiles) as...
We all have heard about phished SSLs - these are secured connections, not with the banks, but with the hackers... How easy it is to get a SSL today! A hacker establishes a secure connection with you, and then with the bank, all the time making you...
If the additional device and the Biometric Data travels over the "unsafe" Internet, it is prone to frauds. What we must ensure is first, that the end-point (the PC or the Phone) and the connection (The Internet or PSTN/GSM etc) are safe. Mutual...
more...  
  • Popular Knowledge
  •  
  •  
  • Popular Jobs
  •