Transcript Slide 1
Strong Authentication and Beyond Budai László, IT Biztonságtechnikai tanácsadó aladdIn.com Aladdin Product Lines ENTERPRISE SECURITY DRM TARGET MARKET aladdIn.com Software Rights Management – Copy protection, IP protection and secure licensing solution for software vendors Software Publishers and Embedded System Vendors Solutions for access, authentication and password/digital identity management Enterprise Education Finance Biopharm Government Web gateway content security and proactive email security Enterprise Education Government and ISP’s Data is everywhere Servers Workstations (LAN) Laptops Mobile aladdIn.com Identity Theft There are two kinds of companies: those who have experienced a data breach, and those who will. aladdIn.com Strong Authentication and Beyond • Identification, Authentication and Strong Authentication • Benefits of Strong Authentication • Aladdin Strong Authentication Product Offering STRONG AUTHENTICATION aladdIn.com Identification – Real World • Name, Paper Certificate (ID Card, Driver’s License…) • Physical Appearance aladdIn.com Identification – Computer Systems • Username • Digital Certificate • RFID • Biometrics aladdIn.com Identification - Usernames • Most dominant identification factor • Easily Obtained aladdIn.com Identification – Digital Certificates • Identifies a User, Computer, Server • X509V3 is the latest standard • Subject to Human Error (Trust) aladdIn.com Authentication Methods • Passwords • One Time Passwords • Public/Private Key Pairs (Digital Certificates) • Biometrics AUTHENTICATION METHODS aladdIn.com Passwords aladdIn.com Passwords – Insecure and Costly • Simple passwords – easy to guess • Complex passwords – hard to remember • Passwords are rarely changed • Passwords can be shared “Not only are passwords insecure… Gartner Group and Forrester Research put the cost of resetting a password at about $50, while a survey from software giant Computer Associates estimated 70% of help desk calls concern password replacements” Source: www.cryptocard.com, 2004, Identity thieves target firms aladdIn.com One Time Passwords • An OTP (one-time password) system generates a series of passwords that are used to authenticate • Once one of the passwords is used, it cannot be used again • The logon system will always expect a new one-time password at the next logon aladdIn.com One Time Password - Tokens • Password is generated on the device (token) • Zero footprint, Platform independent • Battery Operated (limited lifetime) • Strong Authentication when combined with PIN code aladdIn.com One Time Password – Soft OTP • Software generated • Variety of devices (Cell. Phone, PDA, Laptop, PC) • Low cost solution (compared to token) • Limited control • Distribution Overhead (of the OTP program) aladdIn.com One Time Password over SMS • Challenge-Response system • Generate the challenge on the Web, via SMS, etc’ • Main problem is reliability (usability concern) • SMS Costs is also a concern (in large volumes) High TCO / Limited ROI aladdIn.com Public-Private Key Pairs (Dig. Certificates) • Digital Certificates contain the Public Key • After trust is established, mathematical operation authenticates • Allows mutual authentication (protocol dependant) • Private key must be protected aladdIn.com Digital Certificates on Smart Cards • Dedicated Hardware • Secure – on-board key generation and storage • Allows personalization • Costly and less convenient – requires a reader aladdIn.com Digital Certificates on USB based Smart Cards • Dedicated Hardware • Secure – on-board key generation and storage • Reader-less • Portable aladdIn.com Biometrics • Can provide both functions: Identification and Authentication • Physiological / Behavioral • Costly • Complex to install (FAR/FRR) • Privacy Issues aladdIn.com Strong Authentication Authentication – the three ‛what’s x User Name: Password: What you know What you have What you are Strong authentication means using two or more authentication methods aladdIn.com Reliable Authentication Enables Business 24x7 secure access to sensitive business information Enhanced online services Digital signing of transactions Enhanced productivity (single sign-on) Secure PCs and laptops aladdIn.com OTP or PKI? aladdIn.com Strong Authentication and Beyond • OTP Provides Strong Authentication • Smart Tokens with PKI will take you beyond: • Authentication • Encryption • Signing aladdIn.com Strong Authentication and Beyond PKI OTP PKI OTP PKI PKI PKI Source: eToken Customer Survey aladdIn.com PKI PKI PKI eToken Devices • eToken PRO – • USB, reader-less smart card eToken PRO Smartcard – • eToken PRO in traditional smart card form factor eToken NG-OTP – • First ever USB smart card token with One-Time Password generation capabilities eToken NG-FLASH – USB smart card token with encrypted Flash memory for portable mass data storage • eToken PASS – One Time Password Authenticator aladdIn.com SafeWord 2008 aladdIn.com Köszönöm megtisztelő figyelmüket www.aladdin.com/eToken www.nador.hu aladdIn.com