digital latches for your digital life
DESCRIPTION
Presentación impartida por Chema Alonso en las Universidades de Málaga, Almería, UEM y la Semana de la Informática de Valencia. https://latch.elevenpaths.comTRANSCRIPT
![Page 2: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/2.jpg)
Incidentes de Seguridad
![Page 3: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/3.jpg)
Dumps de identidades
![Page 4: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/4.jpg)
BYOM (Bring Your Own Malware)
![Page 5: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/5.jpg)
El enemigo a las puertas
![Page 6: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/6.jpg)
Superficie de exposición
• Los servicios están activos 24 x 7 x 365
• Solo usamos nuestras identidades un breve espacio de tiempo
• Las cuentas deberían poder apagarse
![Page 7: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/7.jpg)
Passwords+OTP
SMS TOKEN8762134
![Page 8: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/8.jpg)
2FA “classics”
• Usuario necesita introducir un código• Despliege de SMS• Matriz de coordenadas es estática• Hardware tokens son caros• Usuario necesita introducir un código• Usuario no le gusta introducir un código
![Page 9: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/9.jpg)
A la gente le gusta dormir la siesta (con el mando de la tele)
![Page 10: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/10.jpg)
KISS (Keep It Spanish, Stupid)
![Page 11: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/11.jpg)
Taking a cabTo make her trip easier she decides to pay everything using a service, on her way to the office at the destination point she switches service on, so she can pay the taxi fare. Once done she switches her account off, minimizing the exposure to improper usage.
![Page 12: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/12.jpg)
An alert of the service used! Fortunately her account was blocked by Latch, as Anna easily requested using the app. Alas, in the stopover someone tried to hack her service account. The attack was under control and no misuse was ever fulfilled.
![Page 13: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/13.jpg)
¿Cómo proteger una identidad?
![Page 14: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/14.jpg)
“Latch” de una cuenta
LatchServer
1.- Generate pairing code
2.- TemporaryPariring token
My SiteUser Settings:Login: XXXXPass: YYYY
Latch:
3.- User in
troduces
Temp Pairing token
4.-AppID+Temp pairing Token
5.- OK+Unique Latch
6.-ID Latchappears in app
ULatch
![Page 15: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/15.jpg)
Login en una Web
LatchServer
Latch appLatch1: OFFLatch2:ONLatch3:OTPLatch4:OFF
….
My BankUsers DB:
Login: XXXXPass: YYYY
Latch: Latch1
Login Page:
Login:AAAAPass:BBBB
1.- Client sendsLogin/password
2.- Web checksCredentials withIts users DB
3.- asks about Latch1 status
4.- Latch 1 is OFF
5.- Login Error
6.- Someone try to getAccess to Latch 1 id.
2.- Check user/pass
![Page 16: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/16.jpg)
Vamos a “Latchear”…
![Page 17: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/17.jpg)
Hacer login con OTP
LatchServer
Latch appLatch1: OFFLatch2:ONLatch3:OTPLatch4:OFF
….
My BankUsers DB:
Login: XXXXPass: YYYY
Latch: Latch1
Login Page:
Login:AAAAPass:BBBB
1.- Client sendsLogin/password
2.- Web checksCredentials withIts users DB
3.- asks about Latch1 status
5.- Latch 1 is ON(OTP)
6.- OTP?
7.- Use this (OTP).
4.- LatchServerGeneratesOTP
8.- User introduces OTP
2.- Check user/pass
![Page 18: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/18.jpg)
Control Parental
UserPass
Login: UserPass: Pass
Latch: Latch
![Page 19: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/19.jpg)
User1Pass1
User2Pass2
Login: User2Pass: Pass2
Latch: Latch2
Login: User1Pass: Pass1
Latch: Latch1
Verificación de 4 ojos
![Page 20: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/20.jpg)
2 keys activation
User1Pass1
User2Pass2
AssetLatch: Latch1Latch: Latch 2
![Page 21: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/21.jpg)
Operaciones latcheadas
LatchServer
Latch appLatch1: ON
Op1:OFFOp2:ONOP3:OTP
Latch 2: OFF….
My BankLogin: XXXXPass: YYYY
Latch: Latch1Int_Trnas: Op1
Online Banking
Send Money:1231124343
1.- Client ordersInternational Transactions
3.- asks Latch1:Op1 status
4.- Latch 1:Op1 is OFF
5.- Denied
6.- Someone try to do a Latch 1:Op1Operation
![Page 22: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/22.jpg)
UserPass
Login: User
Pass: PassLatch: Latch
Op1:Unlock
Op2: OTP
Supervision
Why?
Answer
OTP
![Page 23: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/23.jpg)
Monitoring Switch
• With one latch– As many granularity as needed– Two status– OTP– User confs
• Schedulle• AutoLock
• Possible to re-act at statusIf Lock then {}Else {}Goto fail;Goto fail:
![Page 24: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/24.jpg)
Sobre Latch• Privacidad:– AppIDs conoce los UniqueLatches pero no los
UserLatches.– Latch Server conoce Latchets y AppID, pero
no los usuarios/passwords
• Robustez:– Si el servidor de Latch es comprometido la
seguridad del sitio protegido sigue intacta. – No se guarda ningún dato sensible en Latch
Server.
![Page 25: Digital latches for your digital Life](https://reader037.vdocuments.site/reader037/viewer/2022103115/557894bfd8b42aaf518b48f9/html5/thumbnails/25.jpg)
¿Preguntas?
• Chema Alonso• @chemaalonso• [email protected]• http://www.elladodelmal.com• http://www.elevenpaths.com• https://latch.elevenpahts.com