Speaker: Arun Kothonath, Bharosa
Title: Bharosa Authenticator: Securing OTP data over a compromised computer
Abstract:
By default, when you login to any online or computer system, you are
prompted for a password. This is known as a "reusable password"
because you can input the same password whenever you login, until you
either change the password on your own or are forced to change an
expired password. This provides a measure of security: someone who
doesn't know your password won't be able to access the resources on
your system. However, this security is jeopardized if another user
discovers your password.
There is another authentication system known as One Time Passwords (OTP). As the name suggests, you can only use a password once; you aren't allowed to reuse it. An OTP system aims to ensure that a discovered password is useless to the person who discovers it. While this can provide a bit more security, in a world that contains password crackers, packet sniffers, keyloggers and a rising number of sophisticated attacks, OTPs can still be compromised and used for fraud.
Bharosa Authenticator uses a system which can incrementally protect sensitive OTP data by creating a virtual and secure channel between the user and the server for transmitting OTPs, even if the computer and/or the network has been compromised.
Bio:
Arun Kothonath is chief security architect for Bharosa. Over 12
years, Arun has led security initiatives for various Fortune 500
clients, the U.S. Department of Defense and state government
organizations. Prior to joining Bharosa, Arun launched the security
services organization for a Minnesota-based firm and headed their
commercial operations.