Multifactor authentication systems Jiří Sobotka, Radek Doležel
|
|
- Amie Simon
- 8 years ago
- Views:
Transcription
1 Multifactor authentication systems Jiří Sobotka, Radek Doležel Fakulta elektrotechniky a komunikačních technologií VUT v Brně sobotkaj@feec.vutbr.cz Fakulta elektrotechniky a komunikačních technologií VUT v Brně xdolez35@stud.feec.vutbr.cz Abstract - In this article are described methods of deploying systems of multifactor authentication. For two factor authentication were used two technologies from different industry area leading companies. Each system has different approach to the secure authentication issue. In the last part are described benefits of fourth factor of authentication. 1 Introduction A S the computer networks spread to almost all parts of human life became more vulnerable thanks to the enormous number of access points and connections between terminals. Classical method of authentication by user name and password is not anymore sufficient enough for credible user identification. The user password system has two main disadvantages: the passwords are either simple and easily guessable or very difficult and most of the users are going to write them somewhere and jeopardize the security of password. Even if a system administrators force the users to periodically change the passwords, the risk that an attacker will obtain the password by guessing or by brute force attack are still a threat. Still many companies are using this system as the only way of protecting their data. Furthermore authentication by password is for system operator very expensive, financial burden of for example password recovery service represent a considerable amount of the help desk time. Nevertheless breaking of the system security and loss of the data can be much more expensive for the company. 2 Authentication Authentication is a process of verifying the identity of a person requiring access to the system. To prove that I am really the person I claim is possible by following factors: Knowledge of an information password or PIN Possession of a thing token or card (two factor authentication) By a personal characteristic biometry, fingerprint for example (three factor authentication) Nowadays when identity theft problems are becoming a serious issue is a confidence in digital identity very important. More factors can be required for identification at system login to higher the authentication credibility. In the terms of secure access to the system it is necessary to distinguish between authentication and authorization, when authentication provides user identification and authorization define area of user activity in the system. 2.1 Authentication by password Authentication by password is the most used but also the most vulnerable form of authentication. Considerable effort has been used to develop system of password administration with different levels of password complexity; still obtaining the password by an attacker is only a matter of used tools and time. Propriety of using password authentication system has to be considered in comparison with value of assets secured by the system. In most of the cases higher level of security is required. 2.2 Two factor authentication Use of the two factor authentication considerably increases the system security level by forcing users to identify themselves by two identification factors. In most of the cases it is password (something the user knows), and a token (something the user has). These devices are very small and suitable for carrying them in pockets or together with keys. They usually contain keys for the cryptographic algorithms, user s digital ID, user s digital signature. The user s data are secured from compromising, because they all are stored in the token instead of hard drive. These devices are protected from tampering and thanks to the hard shell are quite durable. For successful login to the system, the token has to be plugged in to the USB port and correct PIN has to be entered by keyboard. The computer then carries out communication with authentication server for verifying user identity. 2.3 Thirth factor Thirth factor, which can be used for user identification and authentication, is a biometrical feature of the person requiring access to the system. Detailed description of biometrical methods is beyond scope of this article. 3 Applications of two factor authentication 30
2 Application of more methods of authentication is called multifactor authentication, or strong authentication. In our work we are focusing on two factor authentication. Classical example of two factor authentication is a credit card issued by a bank. To access your account by ATM you need to insert a card (something you have) and enter a PIN (something you know). As the organizations are improving security of their information systems, multifactor authentication is becoming popular. The organizations usually already have databases of user and user passwords and thus implementation of USB tokens is a convenient way how to improve security of entire system. Price, easy application and usage contribute to expansion of tokens. 3.1 Principle of the USB tokens USB tokens serves as a convenient storage of certificates for authentication, identification a digital signature. Every organization can create own token deployment strategy as well as system rules. Tokens can be easily distributed among large group of users in a short time period, even for large geographic distances. USB token is used to verify user identity and then allows access to required resources in the area of user authorization. USB tokens were used for storage of private keys and certificates in PKI and VPN technologies. Cryptographic USB tokens are perfect supplement of VPN for enterprises requiring secure distant access to company network. Nevertheless, USB tokens have many applications allowing strong and simple solution and offers additional benefits [1]: Security Cryptographic keys, certificates and personal information are safely stored in hardware device secured from extracting information. Portability Small size of devices allow carrying them in the pocket and having all personal information always accessible. Universality USB token can be used for save all kinds of information. Provides functions as cryptographic calculations, storage of authorization data, physical and logical access control. Simple and convenient usage Simple plug in to the USB port make all security functions accessible Modernization USB tokens can be easily modernized for support of biometry, PKI and other functions without change of current devices. Companies working with sensitive user data, financial systems, etc. are subject of controls executed by governmental institutions. Proper security from compromising, unpermitted access, wiretapping or tampering is being verified. 3.2 Technology SafeNet ikey USB Token USB tokens SafeNet are devices for secure authentication, can contain user s authorization data as passwords, keys, certificates or biometrical data and all of that in a very secured way. The device has operational system (DKCCOS), which provide secure access to the stored data. The tokens can be used in PKI systems as well as in different systems. SafeNet ikey USB Token is a portable PKI device of a small size, so it can by carried in a pocket. It generates and store digital data as private keys, digital certificates, user names and passwords and biometric templates. SafeNet USB Tokens provides easy application of advanced authentication without need for install additional devices. ikey represent hardware device, resistant to copying stored information, conformational by FIPS (Federal Informational Processing Standard), Level 2 and FIPS 140-2, Level 3 [ 1 ], providing high level of security for valuable digital property. SafeNet Inc. Company developed four basic kinds of tokens ikey: ikey 1000, ikey 2032, ikey 3000 and ikey Each kind has different amount of internal memory and supports different number of functions. Token ikey 1000 provides basically only safe storage of data, the other three types facilitates operations with stored data and other cryptographic operations as generating and verifying passwords, implementation of digital signature etc. Basic algorithms of symmetric and asymmetric cryptography are used. 3.3 Technology RSA SecurID Other approach to the problem of two factor authentication is technology developed by RSA Company. RSA SecurID system is based on periodical changes of the authentication key. Each SecurID authenticator contains unique symmetric key, which is combined by certain algorithm to generate a code, so-called one-time password (OTP). New OTP is being generated every 60 seconds. Every generated code is then by AES (Advanced Encryption Standard) algorithm encrypted and displayed on integrated screen. Each authenticator is by patented technology synchronized with authentication server, thus high level of security is ensured. During login to the system is the user asked to enter one-time password, by which he proves the possession of a token and he also needs to enter persona identification number PIN knowledge of information is proved. Combination of a PIN and one-time password is very difficult to guess for an attacker and even if he manage to find the right combination, after 60 seconds it is useless. For companies, dependent on wide token distribution to provide secure access for all employments is reliability of the tokens very important. RSA authenticators offer high level of reliability. SecurID Tokens are designed for the worst environmental conditions. They are able to resist quick temperature changes, mechanical exertion or submerge to the water. Before installation is each token subject to extensive tests. 31
3 Every user gets assigned one token, each of them generates different one-time password. System SecurID offers not only classical hardware tokens, but also software and on-demand tokens, which enable to use devices the use already has, as device for generating the code notebooks, cell phones, PDA. working with all kinds of platforms. Agent sends authentication requests of users to RSA Authentication Manager, where user authentication is performed. After verifying user identity, access to the system is allowed Hardware authenticator Advantage of hardware authenticators is no need for installing any other applications. Also no further initialization is necessary, the tokens are immediately ready. Only symmetric initialization key has to be uploaded to the authentication manager and synchronization follows. Five different RSA SecurID hardware authenticators exist. Basic version is RSA SecurID 700, which is designed as a key fob. This type contains only display with the one-time password. Every 60 seconds new password generated by AES algorithm is displayed. Extended version is RSA SecurID 800, where en USB connector and integrated smart chip are added. As supplement to one-time password generator it offers also storage for digital certificates for authentication, digital signature and file encryption applications. Device can store several combinations of user names and passwords for access to different applications. If the token is inserted to USB port, given application can automatically access the passwords, so the user does not have to log in to each application separately. Different physical elaborations of same authenticator are RSA SecurID 200 and RSA SecurID 520 models. These authenticators have size and shape of credit card and again very durable case. Both models have display with one-time password. Model SecurID 720 has in addition a keyboard where the user enter his PIN, final code on display is then hash of combination of actual one-time password and PIN Software authenticator Goal of software authenticator is to lower number of things the use has to carry to be able to securely access the system. Software authenticators offer same level of two factor authentication as hardware authenticators. Software tokens employs the same algorithms as hardware tokens, the symmetrical key is saved in users computer instead of in the token. RSA SecurID software tokens supports smartphones BlackBerry, iphone and smartphones with Java and with operational systems Windows Mobile and Symbian. From computer OS, MS Windows and Mac OSX are supported RSA Authentication Agent User requests for access are accepted by RSA Authentication Agent, either from local or distant stations (by VPN). RSA Authentication Agent is integrated in existing systems, applications and consoles, which serve as gate for remote access to the server, VPN networks firewalls, web servers etc. Many modifications exist for different applications, which are RSA Authentication Manager Core of the RSA SecurID system is RSA Authentication Manager, which maintain used database, handle authentication requests and allows access to the system. RSA Authentication Manager offers possibility of centralized management of whole system, creation of hierarchical structure of users and administrators, and all of that with full support of secure remote access. Entire communication with Authentication Agents is secured, as well as all important aspects of system user names and passwords, server databases and remote administration. System also uses logical evaluation of attack attempts or use of stolen tokens. Because RSA Authentication Manager is centralized system, failure of one central server would take down whole system, the central database and Authentication Manager are installed on more servers, so-called replicas. Replicas provides backup of user database and enable user authentication on more servers. In comparison with SafeNet technology has RSA SecurID several advantages. Verification of possession of a token is proceed by copying one-time password from token display, so no reader is necessary. Second advantage is periodical password change, so even in a case of revealing of the password, the attacker has only 60 second to use it. Last advantage is in impossibility of copying the tokens. 4 Deployment of two factor authentication In our laboratory, both technologies were deployed for educational purposes. From SafeNet the ikey 3000 was chosen together with open source software. RSA SecurID is more complex technology and original software had to be used with RSA SecurID 200 and RSA SecurID 800 tokens. 4.1 Two-factor authentication with ikey 3000 The ikey 3000 tokens [7] were selected because they also support RSA standard PKCS #15 (Public-Key Cryptography Standards: Cryptographic Token Information Format Standard) [8]. PKCS #15 allows using an alternate cryptographic token interface for independence on the support from manufacturer. Tokens ikey 3000 are products of SafeNet, Inc. For working with the tokens an infrastructure is necessary to build. The infrastructure is based on Open Source Software. 32
4 4.1.1 Security infrastructure building The tokens are only medium, but for their fully usage the whole infrastructure is necessary to build. The security infrastructure is shown in Figure 1. Figure 1 consists of clientserver model on each side. In Figure 1 is also outlined the layers division by Reference model ISO/OSI. Figure 1: Security Infrastructure. In the infrastructure are used applications that represent the Open Source Software projects. As can be seen in Figure 1, most of the applications are running on Application layer of Reference model ISO/OSI. On a client side the complex of applications that supports operating system for working with tokens is involved on Application and other lower layers. This support is represented by the OpenSC project [9]. For the communication HTTPS is used, which establish connection on Application layer. A base of this protocol is SSL/TLS that operates on lower layers. For the successful connection establishing a web server on a server side and a web browser on the client side are used. The web server is powered by Apache HTTP Server [10] and as the web browser can be used standard web browser compatible with certificates and tokens, Mozilla Firefox and Microsoft Internet Explorer etc. The connection is secured by certificates issued by a certification authority. The certification authority is created by the OpenSSL project [11]. The description of the Open Source Software projects used in the infrastructure is given in Table 1. Open Source Software project OpenSC Web browser Apache HTTP Server OpenSSL Description Operating system support for tokens Client's application compatible with certificates and tokens Web server that provides secure connection establishing Certification authority that issues certificates Table 1: Open Source Software projects description. Server As a basic system on the server the GNU/Linux operating system is used. Into this operating system Open Source Software projects as the appropriate services are installed. The server then provides services such as certification authority and web server. Certification authority is created by the OpenSSL project and issues server s and client s certificates with matching private keys. The web server is powered by Apache HTTP Server. Apache HTTP Server is set up for connection establishing via HTTP and HTTPS. With HTTPS connection is used a mutual authentication. During one session of the mutual authentication the client's certificate as well as server certificate is proved. Client In most cases is the client represented by a user computer. As an operating system on the user computer can be used GNU/Linux as well as Microsoft Windows. The aim of this solution is creating the client that could be independent on the platform of the operating system. On the user computer it is suitable to install standard web browser compatible with certificates and tokens. In our case we use Mozilla Firefox. Support for tokens is supplied by the OpenSC project. Project OpenSC consist of many parts, but two main are OpenCT and OpenSC. Project OpenSC is developed for the GNU/Linux operating system. The ported version for the Microsoft's operating systems is already available Working with tokens The clients' certificates can be stored in secured key storage of web browser (software) or into the tokens (hardware). We use tokens for our purpose. The OpenSC project serves for management of the tokens. The whole process of working with tokens can be divided into two parts. First part is a management of tokens by administrator and second one is an client usage of tokens. The items of token life cycle are listed with description in Table 2. User Description Formatting Erase of old items Initialization re- Storing quired content Administrator Handover Operating system and applications setup Associate with cryptographic interface used Storing client's certificate with matching private key and often setup of an access PIN (Personal Identification Number) The token with the access PIN is given to end user Installation of supported drivers and link applications with token interface Usage Common user usage of token Return to administrator If a content of the token is out of date Table 2: Life cycle of working with token 33
5 4.1.3 Establishing secure connection via HTTPS with tokens When the whole infrastructure is built, appropriate setup is done and tokens are ready then clients can work together with server. The process of secure connection establishing between the client and the server consists of several points. In these points are the two-factor and the mutual authentication used. The two-factor authentication is realised by tokens. In to the tokens are stored client's certificate and matching private key. The validation of the client's certificate and the server certificate represents the mutual authentication. The process of connection establishing is following: the client tries to establish secure connection via HTTPS to the server the server accept incoming connection and send back the server certificate the client validates the server certificate if the server certificate is approved then the client input the access PIN to the token if the access PIN is correct then the client can put and check-up the own client's certificate the server validates the client's certificate if the client's certificate is approved then the secure connection is successfully established To establish the secure connection is necessary to accomplish each point of this listing. If only one point is disturbed then the whole connection is disconnected and client has to try establish a new connection from beginning. 4.2 Two factor authentication with RSA SecurID Each RSA SecurID token is delivered from manufacturer with related XML file. XML file contains information about each token serial number, initial key for generating passwords seed, date of activation of the token, date of expiration of the token and physical address. This information is important for the server for synchronisation with token. For deploying the tokens, XML file is uploaded to the RSA server and synchronisation is performed. Following paragraph describes part of the XML source code, installed for each token in RSA Authentication manager. All informations are in plain text, except the most important line Seed. Usual lifetime of the token is 4 years. <SN> </SN> <Seed>=nPjS+lF+Fv9ZXaBFok5aKA==</Seed> <Birth>2008/12/08</Birth> <Death>2012/03/31</Death> <TokenMAC>3tY44ro8dPXsYQK6Y6qdQ==</TokenMAC> The network structure consists of several parts. Heart of the system is server with installed RSA Authentication Manager, which administers all aspects of RSA Authentication System: user accounts, RSA SecurID tokens, policies, other support instances as replica servers and RADIUS server. Other part are user terminals, with installed instances of RSA Authentication Agent. User terminals can be desktop computers with Ethernet connection, wireless laptops or mobile devices. Each user has to use his own personal RSA SecurID token for successful log on to the system. User with the mobile device can use software RSA SecurID token in order to lower number of necessary things needed for authentication, since he carries the mobile device with him all the time. Brief structure is on Figure 2. Figure 2: Structure of RSA SecurID system Each user computer has RSA Authentication Agent installed for secure communication with RSA Authentication Manager. In the RSA Authentication Manager has been created a system of administration levels with hierarchical structure and with different policies for each level. The students were creating their own users profiles for each level and simulating a company network with main administrator and subordinate administrators. Important point of assigning rights to each administrator is correct set up of the policies at each level of administration structure. Only the main administrator has the rights to the whole system and for the all levels of the hierarchical structure. Subordinate administrators can administrate only part of the system and group of users assigned to them by main administrator. Subordinate administrators shall not have access to their own user account or to the accounts of others administrators. One of the other features of RSA SecurID system is RSA Authentication Client, a tool for secure log on to the system and for acces to the certificates stored within the token. RSA Authentication client supports only RSA SecurID 800 Authenticator, which is a universal device. For smart card use, it has a tiny smart card with an embedded chip and reader build into it. The smart chip is a microprocessor that can store and process data. For SecurID use, it has a panel that displays the SecurID tokencode. To use the SecurID 800 as a smart card, the user needs to insert it into the USB port of the computer. The user can then add a valid Windows account, digital certificate, or both to the smart card. For example, to configure Authentication Client to display the RSA logon prompts, the user sees fields to add a 34
6 Windows account (user name, password, and domain) to their smart card. This allows the user to log on to the computer by inserting the smart card and entering a PIN instead of manually entering a Windows account. While installing the full RSA Authentication Client product, a user interface RSA Control Center is also installed. The Control Center contains options that allow users to store certificates on the smart card and manage many other aspects of their authenticator. For example, the user can select options to change or unblock a smart card PIN, manage certificates and Windows accounts, copy the tokencode to log on to a SecurID application, and review authenticator details and logon requirements. You can also select a Group Policy Object setting to remove certain options from the Control Center. After synchronization the one-time passwords for each minute are calculated. Passwords can be saved in to the file and required time period can be chosen in the terms of minutes, hours, days, months or years. Figures 4 and 5 [12] shows a function of RSA SecurID Token Calculator and a way how an attacker can authenticate himself without physical possession of a token. For successful authentication, correct time synchronized with RSA server is necessary. But security of the RSA SecurID is not compromised, because for use of RSA SecurID Token Calculator the XML file is need. This file is delivered together with tokens, so only system administrator has access to this file. Also user password is still needed. Figure 4: Cain & Abel tool RSA SecurID Token Calculator [12] Figure 3: RSA Control Center One part of our work was to find a way of attacking this system. Only possible way how to break this system is to predict generated token numbers. One of the methods is described in following article Simulation of a hacker attack [12] Software Cain&Abel has a tool RSA SecurID Token Calculator to calculate generated one-time passwords in advance. For the reason of correct synchronization, it is necessary to have several one-time passwords for successful brake in to the system. To generate one-time passwords, Cain&Abel require XML file distributed with tokens, which contains information about token and initial key for password generating algorithms - seeds. After the import of XML file, serial number and seed of the token is displayed. Then the tool is synchronized with token by entering actual one-time password from the token. Figure 5: RSA SecurID token [12] 35
7 5 Fourth factor Last type of authentication can be system of knowledge of some person a factor somebody I know [13]. This principal of identification by an entrusted person is being used from the beginning of a mankind. In the electronic environment is this principal used to verify identity by or phone call. For practical implementation of this type of authentication is proposed a system of guarantees. Authentication is applied on a group of users, where one of the users with appropriate rights a guarantee, uses his authentication devices for emergency authentication of other user an applicant. This principle is fully applicable in RSA SecurID system. If a user lose or forget his authenticator, other user with appropriate rights his guarantee, can provide a temporary access by generating one time password, provided the user remembers his password. RSA Authentication Manager offers two versions of generating emergency token code a temporary fixed tokencode and a set of one time tokencodes. The former is a one tokencode with limited lifetime, while the latter is a set of tokencodes, each of them can be used only one time. RSA Authentication Manager also offers a possibility of denying authentication with the user hardware token for the case the token was stolen. Important part of this kind of authentication is user identity verification process. It is necessary to ensure that the guarantee correctly identifies a person he is guaranteeing for. If the user is identified by or phone, the authentication system is not sufficiently reliable. There are many methods of obtaining unauthorized access by so called social engineering, as described by Kevin Mitnick [14]. Some kind of a personal bond should be among guarantee and applicant. A proposal of fourth factor authentication is described in [13]. 6 Conclusion Two factor authentication provides secure and reliable way of identifying user during access to the system. Both technologies were successfully deployed in our laboratory and now help with education of computer security to students. The designed example is based on the secure infrastructure. For building whole infrastructure Open Source Software (GNU/Linux, OpenSC, Mozilla Firefox, Apache HTTP Server and OpenSSL) is used. In this solution the two-factor and the mutual authentication is realised. The two-factor authentication uses as the medium the ikey 3000 and RSA SecurID tokens. Into the tokens are stored the client's certificate and matching private key. When the user wants to use his token then he has to input access PIN because the token (first factor) is protected by the access PIN (second factor). The mutual authentication stands for proving certificates on both sides, i.e. on the client's computer and on the server. The work with tokens is divided into two parts, but if these parts would be joined together then the life cycle of the token usage is created. The first part is management by administrator and second one is common user usage. The whole communication model consists of several points when the certificates are validate on opposite side and on the client's computer is in addition used token with the access PIN. REFERENCES [1] SafeNet White Paper. Multi-Factor Authentication [online] Available: < [2] RSA White Paper. RSA SecureID Authenticators [online] Available: < [3] Security Reference Guide CDW. [online] Available: < [4] SafeNet The Foundation of Information Technology [online] Available : < />. [5] BRAINARD, John, JULES, Ari, RIVEST, Ronald. Fourth Factor Authentication: Somebody You Know [online] Available: < />. [6] MITNICK, K. D, SIMON, W. L. The Art Of Deception: Controlling The Human Element Of Security. Wiley, 2002 [7] SafeNet (Rainbow) ikey 3000 Datasheet [online] [cit ]. Available: < [8] RSA Laboratories PKCS #15: Cryptographic Token Information Format Standard [online] [cit ]. Available: < [9] OpenSC [online]. [cit ]. Available: < [10] Apache SSL/TLS Encryption Apache HTTP Server [online]. 2009, [cit ]. Available: < [11] OpenSSL: Documents, openssl(1). [online]. [cit ]. Available: < [12] SMÉKAL, L. Útoky pomocí programu Cain & Abel. Brno: Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií, XY s. Vedoucí diplomové práce Ing. Jiří Sobotka [13] BRAINARD, John, JULES, Ari, RIVEST, Ronald.Fourth Factor Authentication: Somebody You Know [online] Dostupný z WWW: < />. [14] MITNICK, K. D, SIMON, W. L. The Art Of Deception: Controlling The Human Element Of Security. Wiley,
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationSecure Data Exchange Solution
Secure Data Exchange Solution I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates
More informationSmart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationDigital Signatures on iqmis User Access Request Form
Digital Signatures on iqmis User Access Request Form When a user clicks in the User Signature block on the iqmis Access Form, the following window appears: Click Save a Copy and rename it with your name,
More informationThe Convergence of IT Security and Physical Access Control
The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationWhy it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory
GoldKey vs RSA Why it s Time to Make the Change Analysis of Current Technologies for Multi-Factor Authentication in Active Directory WideBand Corporation www.goldkey.com Analysis of Current Technologies
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationEnhancing Organizational Security Through the Use of Virtual Smart Cards
Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company
More informationEnhancing Web Application Security
Enhancing Web Application Security Using Another Authentication Factor Karen Lu and Asad Ali Gemalto, Inc. Technology & Innovations Austin, TX, USA Overview Introduction Current Statet Smart Cards Two-Factor
More informationRSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide
RSA Authentication Agent 7.2 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com
More informationRSA Authentication Manager 7.1 Administrator s Guide
RSA Authentication Manager 7.1 Administrator s Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationMoving to Multi-factor Authentication. Kevin Unthank
Moving to Multi-factor Authentication Kevin Unthank What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationCRYPTOGRAPHY AS A SERVICE
CRYPTOGRAPHY AS A SERVICE Peter Robinson RSA, The Security Division of EMC Session ID: ADS R01 Session Classification: Advanced Introduction Deploying cryptographic keys to end points such as smart phones,
More informationMobile Admin Security
Mobile Admin Security Introduction Mobile Admin is an enterprise-ready IT Management solution that generates significant cost savings by dramatically increasing the responsiveness of IT organizations facing
More informationRSA Authentication Manager 7.1 Basic Exercises
RSA Authentication Manager 7.1 Basic Exercises Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA and the RSA logo
More informationStrong Authentication for Secure VPN Access
Strong Authentication for Secure VPN Access Solving the Challenge of Simple and Secure Remote Access W H I T E P A P E R EXECUTIVE SUMMARY In today s competitive and efficiency-driven climate, organizations
More informationResearch Information Security Guideline
Research Information Security Guideline Introduction This document provides general information security guidelines when working with research data. The items in this guideline are divided into two different
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationSafeNet Authentication Client (Windows)
SafeNet Authentication Client (Windows) Version 8.1 SP1 Revision A User s Guide Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete
More informationSecure Web Access Solution
Secure Web Access Solution I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. E-CODE SECURE WEB ACCESS SOLUTION... 3 OVERVIEW... 3 PKI SECURE WEB ACCESS... 4 Description...
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationRSA Authentication Manager 7.1 Security Best Practices Guide. Version 2
RSA Authentication Manager 7.1 Security Best Practices Guide Version 2 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationImproving Online Security with Strong, Personalized User Authentication
Improving Online Security with Strong, Personalized User Authentication July 2014 Secure and simplify your digital life. Table of Contents Online Security -- Safe or Easy, But Not Both?... 3 The Traitware
More informationRemote Access Securing Your Employees Out of the Office
Remote Access Securing Your Employees Out of the Office HSTE-NB0011-RV 1.0 Hypersecu Information Systems, Inc. #200-6191 Westminster Hwy Richmond BC V7C 4V4 Canada 1 (855) 497-3700 www.hypersecu.com Introduction
More informationInternet Banking Two-Factor Authentication using Smartphones
Internet Banking Two-Factor Authentication using Smartphones Costin Andrei SOARE IT&C Security Master Department of Economic Informatics and Cybernetics Bucharest University of Economic Studies, Romania
More informationManaged Portable Security Devices
Managed Portable Security Devices www.mxisecurity.com MXI Security leads the way in providing superior managed portable security solutions designed to meet the highest security and privacy standards of
More informationA brief on Two-Factor Authentication
Application Note A brief on Two-Factor Authentication Summary This document provides a technology brief on two-factor authentication and how it is used on Netgear SSL312, VPN Firewall, and other UTM products.
More informationRSA Authentication Manager 8.1 Help Desk Administrator s Guide
RSA Authentication Manager 8.1 Help Desk Administrator s Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
More informationWelcome Guide for MP-1 Token for Microsoft Windows
Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made
More informationAdvanced Authentication
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
More informationRSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide
RSA Authentication Agent 7.1 for Microsoft Windows Installation and Administration Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com
More informationDeploying Smart Cards in Your Enterprise
www.css-security.com 425.216.0720 WHITE PAPER The merging of physical access technology with public key-enabled smart card technology has been an emerging trend that has occurred in the security industry
More informationAn Introduction to Entrust PKI. Last updated: September 14, 2004
An Introduction to Entrust PKI Last updated: September 14, 2004 2004 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries. In
More informationSecure Authentication Managed Service Portfolio
Secure Authentication Managed Service Portfolio Combating Corporate Identity Theft Signify Managed Authentication Services Signify offers a complete range of Secure Authentication and Identity Management
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 10 Authentication and Account Management Objectives Describe the three types of authentication credentials Explain what single sign-on
More informationVMware Virtual Desktop Manager User Authentication Guide
Technical Note VMware Virtual Desktop Manager User Authentication Guide VMware Virtual Desktop Manager The purpose of this guide is to provide details of user authentication in VMware Virtual Desktop Manager
More informationAuthentication Tokens
State Capitol P.O. Box 2062 Albany, NY 12220-0062 www.its.ny.gov New York State Information Technology Standard IT Standard: Authentication Tokens No: NYS-S14-006 Updated: 05/15/2015 Issued By: NYS ITS
More informationVeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.
END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010
More informationGoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey
GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With
More informationADVANCE AUTHENTICATION TECHNIQUES
ADVANCE AUTHENTICATION TECHNIQUES Introduction 1. Computer systems and the information they store and process are valuable resources which need to be protected. With the current trend toward networking,
More informationResearch Article. Research of network payment system based on multi-factor authentication
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2014, 6(7):437-441 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 Research of network payment system based on multi-factor
More informationAchieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER
with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics
More informationSHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client
SHC Client Remote Access User Guide for Citrix & F5 VPN Edge Client Version 1.1 1/15/2013 This remote access end user reference guide provides an overview of how to install Citrix receiver (a required
More informationTrustKey Tool User Manual
TrustKey Tool User Manual 1 Table of Contents 1 Introduction... 5 2 TrustKey Product...6 2.1 TrustKey Tool... 6 2.2 TrustKey function modules...7 2.3 TrustKey using environment...7 3 TrustKey Tool Installation...
More informationMulti-factor authentication
CYBER SECURITY OPERATIONS CENTRE (UPDATED) 201 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL
More informationRSA Authentication Manager 8.1 Help Desk Administrator s Guide. Revision 1
RSA Authentication Manager 8.1 Help Desk Administrator s Guide Revision 1 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
More informationCRYPTOCard. Strong Two Factor Authentication
CRYPTOCard Strong Two Factor Authentication CRYPTOCard Solutions Overview Cybercrime is a serious, real, and all-to-prevalent threat to networked assests. With the abundance of deployed workers requiring
More informationUSER GUIDE WWPass Security for Windows Logon
USER GUIDE WWPass Security for Windows Logon December 2015 TABLE OF CONTENTS Chapter 1 Welcome... 3 Introducing WWPass Security for Windows Logon... 4 Related Documentation... 4 Presenting Your PassKey
More informationRSA Authentication Manager 8.1 Administrator s Guide
RSA Authentication Manager 8.1 Administrator s Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm Trademarks
More informationTwo-Factor Authentication Making Sense of all the Options
Two-Factor Authentication Making Sense of all the Options The electronic age we live in is under attack by information outlaws who love profiting from the good record of others. Now more than ever, organizations
More informationDashlane Security Whitepaper
Dashlane Security Whitepaper November 2014 Protection of User Data in Dashlane Protection of User Data in Dashlane relies on 3 separate secrets: The User Master Password Never stored locally nor remotely.
More informationFrench Justice Portal. Authentication methods and technologies. Page n 1
French Justice Portal Authentication methods and technologies n 1 Agenda Definitions Authentication methods Risks and threats Comparison Summary Conclusion Appendixes n 2 Identification and authentication
More informationetoken Single Sign-On 3.0
etoken Single Sign-On 3.0 Frequently Asked Questions Table of Contents 1. Why aren t passwords good enough?...2 2. What are the benefits of single sign-on (SSO) solutions?...2 3. Why is it important to
More informationCopyright Giritech A/S. Secure Mobile Access
Secure Mobile Access From everywhere... From any device... From user......to applications Page 3...without compromising on security and usability... and to my PC in the office: Secure Virtual Access Contrary
More informationADDING STRONGER AUTHENTICATION for VPN Access Control
ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows
More informationA new Secure Remote Access Platform from Giritech. Page 1
A new Secure Remote Access Platform from Giritech Page 1 Remote users have preferences G/On 5 works for Windows, Mac and Linux The G/On Client user experience is specific to the operating system Users
More informationCheck Point FDE integration with Digipass Key devices
INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document
More informationDIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication
DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of
More informationNASA PIV smartcards at Headquarters Frequently Asked Questions (FAQ s)
Frequently Asked Questions (FAQ s) November, 2013 This list of FAQs is a subset of a larger list derived by the Agency. This list is tailored to meet the needs of users at Headquarters. If you do not find
More informationSecure USB Flash Drive. Biometric & Professional Drives
Secure USB Flash Drive Biometric & Professional Drives I. CONTENTS II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE FLASH DRIVE... 3 DESCRIPTION... 3 IV. MODULES OF SECURE
More informationApache Server Implementation Guide
Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042
More informationRSA SecurID Software Token 1.0 for Android Administrator s Guide
RSA SecurID Software Token 1.0 for Android Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks RSA,
More informationWhite Paper. The risks of authenticating with digital certificates exposed
White Paper The risks of authenticating with digital certificates exposed Table of contents Introduction... 2 What is remote access?... 2 Authentication with client side digital certificates... 2 Asymmetric
More informationCA ArcotOTP Versatile Authentication Solution for Mobile Phones
PRODUCT SHEET CA ArcotOTP CA ArcotOTP Versatile Authentication Solution for Mobile Phones Overview Consumers have embraced their mobile phones as more than just calling or texting devices. They are demanding
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationRSA SecurID Ready Implementation Guide
RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet
More informationCompliance and Security Challenges with Remote Administration
Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges
More informationMulti-Factor Authentication FAQs
General FAQs What is Multi-factor Authentication (MFA)? Multi-factor authentication (MFA) seeks to decrease the likelihood that others can access your data. Specifically, it enhances the security of your
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationMulti-Factor Authentication
Enhancing network security through the authentication process Multi-Factor Authentication Passwords, Smart Cards, and Biometrics INTRODUCTION Corporations today are investing more time and resources on
More informationSalesforce1 Mobile Security Guide
Salesforce1 Mobile Security Guide Version 1, 1 @salesforcedocs Last updated: December 8, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationRSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide
RSA SecurID Software Token 1.3 for iphone and ipad Administrator s Guide Contact Information See the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks
More informationMobile Admin Architecture
Mobile Admin Architecture Introduction Mobile Admin is an enterprise-ready IT Management solution that enables system administrators to monitor and manage their corporate IT infrastructure from a mobile
More informationViSolve Open Source Solutions
ViSolve Open Source Solutions Best-In-Class Authentication and Authorization Solutions & Services ViSolve Inc. ViSolve Securing Digital Assets Contents Security Overview Security Concerns Security Needs
More informationWhite Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS
White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services Over the past decade, the demands on government agencies to share information across the federal, state and local levels
More informationIntroducing etoken. What is etoken?
Introducing etoken Nirit Bear September 2002 What is etoken? Small & portable reader-less Smartcard Standard USB connectivity Logical and physical protection Tamper evident (vs. tamper proof) Water resistant
More informationSafeNet Authentication Client (Mac)
SafeNet Authentication Client (Mac) Version 8.2 SP2 Revision A Administrator s Guide 1 Copyright 2014 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document
More informationThe Security Behind Sticky Password
The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and
More informationCASQUE SNR Presentation 16 th April 2015
Presentation 16 th April 2015 What is it Distributed Management Systems Innovative Methodology from UK owned company with accompanying Protocol that allows Key Generation, Key Distribution and Key Change
More informationChapter 1: Introduction
Chapter 1 Introduction 1 Chapter 1: Introduction 1.1 Inspiration Cloud Computing Inspired by the cloud computing characteristics like pay per use, rapid elasticity, scalable, on demand self service, secure
More informationwww.rohos.com Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon
Two-factor authentication Free portable encryption for USB drive Hardware disk encryption Face recognition logon Secure Windows and Mac login by USB key www.rohos.com Rohos Logon Key Secure two-factor
More informationCitrix MetaFrame XP Security Standards and Deployment Scenarios
Citrix MetaFrame XP Security Standards and Deployment Scenarios Including Common Criteria Information MetaFrame XP Server for Windows with Feature Release 3 Citrix Systems, Inc. Information in this document
More informationMIGRATION GUIDE. Authentication Server
MIGRATION GUIDE RSA Authentication Manager to IDENTIKEY Authentication Server Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as
More informationWhite Paper. Options for Two Factor Authentication. Authors: Andrew Kemshall Phil Underwood. Date: July 2007
White Paper Options for Two Factor Authentication Authors: Andrew Kemshall Phil Underwood Date: July 2007 Page 1 Table of Contents 1. Problems with passwords 2 2. Issues with Certificates (without Smartcards)
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationMobile OTPK Technology for Online Digital Signatures. Dec 15, 2015
Mobile OTPK Technology for Online Digital Signatures Dec 15, 2015 Presentation Agenda The presentation will cover Background Traditional PKI What are the issued faced? Alternative technology Introduction
More informationEXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET
EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET Giuseppe Gippa Paternò gpaterno@gpaterno.com June 2008 WHO AM I Experienced architect Linux, Networking and Security Focused on Telcos
More informationInnovative Secure Boot System (SBS) with a smartcard.
Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable
More informationStrong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012
Strong authentication of GUI sessions over Dedicated Links ipmg Workshop on Connectivity 25 May 2012 Agenda Security requirements The T2S U2A 2 Factor Authentication solution Additional investigation Terminal
More informationAlternative authentication methods. Niko Dukić/Mario Šale CS Computer Systems
Alternative authentication methods Niko Dukić/Mario Šale CS Computer Systems Table of contents: Authentication and why is it important Authentication methods RSA SecureID solutions for authentication Implementation
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationAllianz Global Investors Remote Access Guide
Allianz Global Investors Remote Access Guide Web Address: http://remote.allianzgi-us.com/ Page 1 of 34 pages Please contact the Service Desk at Table of Contents 1. Introduction to the Remote Access Page
More information