20. • Something user knows– password
• Something user have– security tokens
• Something user is– biometric scan
• Location of the user– geographical location or coordinates
• …….
• …….
• and so on
21. ATM
+ Something user knows
Something user have
OTP
+ Something user knows
Something user have
Mobile Device
+ Something user knows
Something user have
39. Digest입력 Hash 함수
Fox
The red fox jumps
over the blue dog
The red fox jumps
ouer the blue dog
The red fox jumps
oevr the blue dog
The red fox jumps
oer the blue dog
DFCD 3454 BBEA 788A 751A
696C 24D9 7009 CA99 2D17
0086 46BB FB7D CBE2 823C
ACC7 6CD1 90B1 EE6C 3ABC
8FD8 7558 7851 4F32 D1C6
76B1 79A9 0DA4 AEFE 4819
FCD3 7FDB 5AF2 C6FF 915F
D401 C0A9 7D9A 46AF FB45
8ACA D682 D588 4C75 4BF4
1799 7D88 BCF8 92B9 6A6C
#
42. To be or not
to be, that is
the question,
whether tis
nobler in
the…
평문
@#$ȴ˲JńLjK{
ôĂűȲ^$ȴʎűσ˥͔
ŭ̕˰#$ȴ˲*JńLjK
{ô%űȲ^$ȴʎűσ
˥͔ŭ̕˰@#$ȴ˲Jń
LjK{ôĂű&^$
암호문
To be or not
to be, that is
the question,
whether tis
nobler in
the…
평문
복호화
알고리즘
암호화
알고리즘
단일키
46. To be or not
to be, that is
the question,
whether tis
nobler in
the…
B
(Unlocked)
C
(Locked)
공개 키
공개 키로 암호화
A
(Locked)
47. To be or not
to be, that is
the question,
whether tis
nobler in
the…
B
(Unlocked)
공개 키로 암호화
개인 키로 복호화
개인 키
A
(Locked)
C
(Locked)
48. To be or not
to be, that is
the question,
whether tis
nobler in
the…
@#$ȴ˲JńLjK{
ôĂűȲ^$ȴʎűσ˥͔
ŭ̕˰#$ȴ˲*JńLjK
{ô%űȲ^$ȴʎűσ
˥͔ŭ̕˰@#$ȴ˲Jń
LjK{ôĂű&^$
To be or not
to be, that is
the question,
whether tis
nobler in
the…
49. To be or not
to be, that is
the question,
whether tis
nobler in
the…
B
(Unlocked)
C
(Locked)
A
(Locked)
개인 키로 암호화
개인 키
50. To be or not
to be, that is
the question,
whether tis
nobler in
the…
B
(Unlocked)
공개 키로 검증
공개 키
A
(Locked)
C
(Locked)
개인 키로 암호화
53. Windows Hello Microsoft Authenticator Microsoft compatible
security keys (FIDO2)
Microsoft의 password 대체 기술
54.
55. 보안상
password는
가장 취약
81%
보안 문제가
password과 관련
여러 계정에
동일 password
재사용
73%
의 암호가 중복
데이터 유출시
비용 손실
$3.86M
데이터 유출시
평균 비용 손실
Password로
인한 지원
비용
#1 지원 요청
Password를 잊어서
발생하는 지원 요청
57. 그럼에도 불구하고…
Security baseline (FINAL) for Windows 10 v1903 and
Windows Server v1903
Microsoft Security Compliance Toolkit 1.0
Office 365 Password guidelines for administrators
58. 참고자료
Microsoft looks toward a password-free future of data security
Password
Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903
2017년 NIST 보고자료 소개
MICROSOFT WILL NO LONGER RECOMMEND FORCING PERIODIC PASSWORD CHANGES
Azure Active Directory Password Protection
Office 365 Password guidelines for administrators
81% of Company Data Breaches Due to Poor Passwords
How to choose a secure password
Password-less protection
Password-less Strategy
바이오와 보안의 융합, 생체인식 기술
Microsoft Achieves FIDO2 Certification for Windows Hello
FIDO alliance