Moving to Multi-factor Authentication. Kevin Unthank

Similar documents

Introducing etoken. What is etoken?

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

NOAA HSPD-12 PIV-II Implementation October 23, Who is responsible for implementation of HSPD-12 PIV-II?

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

solutions Biometrics integration

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

Page 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications

Audio: This overview module contains an introduction, five lessons, and a conclusion.

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Smart Cards and Biometrics in Physical Access Control Systems

EXPLORING SMARTCARDS: AN INDEPENDENT LOOK TO TECHNOLOGIES AND MARKET

Multifactor authentication systems Jiří Sobotka, Radek Doležel

22 nd NISS Conference

CSC Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

Authentication Levels. White Paper April 23, 2014

Advanced Authentication

Using PIV Smart Cards on Linux for Authentication to Windows Active Directory

French Justice Portal. Authentication methods and technologies. Page n 1

Smart Card APDU Analysis

The Convergence of IT Security and Physical Access Control

KEYSTROKE DYNAMIC BIOMETRIC AUTHENTICATION FOR WEB PORTALS

The Convergence of IT Security and Physical Access Control

EESTEL. Association of European Experts in E-Transactions Systems. Apple iphone 6, Apple Pay, What else? EESTEL White Paper.

Derived credentials. NIST SP ( 5.3.5) provides for long term derived credentials

Multi-factor authentication

Secure Data Exchange Solution

Multi-Factor Authentication of Online Transactions

Entrust IdentityGuard

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

Simplifying Security with Datakey Axis Single Sign-On. White Paper

Secure Login Issues & Solutions

A brief on Two-Factor Authentication

Multi-Factor Authentication

Strong Authentication for Healthcare

Strong authentication of GUI sessions over Dedicated Links. ipmg Workshop on Connectivity 25 May 2012

Deploying Smart Cards in Your Enterprise

CoSign by ARX for PIV Cards

IDENTITY-AS-A-SERVICE IN A MOBILE WORLD. Cloud Management of Multi-Modal Biometrics

USER GUIDE WWPass Security for Windows Logon

Strong Authentication for Secure VPN Access

Public Key Applications & Usage A Brief Insight

Stronger / Multi-factor Authentication For Enterprise Applications (Identity Assurance using PKI, Smart cards and Biometrics)

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Enhancing Web Application Security

ADDING STRONGER AUTHENTICATION for VPN Access Control

May For other information please contact:

Biometric SSO Authentication Using Java Enterprise System

Global network of innovation. Svein Arne Lindøe Arnfinn Strand Security Competence Center Scandic Siemens Business Services (Norway)

Innovative Secure Boot System (SBS) with a smartcard.

Mobility, Security and Trusted Identities: It s Right In The Palm of Your Hands. Ian Wills Country Manager, Entrust Datacard

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

HSPD-12 Implementation Architecture Working Group Concept Overview. Version 1.0 March 17, 2006

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

Overview ActivClient for Windows 6.2

Authentication Solutions. Versatile And Innovative Authentication Solutions To Secure And Enable Your Business

Compliance and Industry Regulations

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

Longmai Mobile PKI Solution

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

GAO PERSONAL ID VERIFICATION. Agencies Should Set a Higher Priority on Using the Capabilities of Standardized Identification Cards

Aadhaar. Security Policy & Framework for UIDAI Authentication. Version 1.0. Unique Identification Authority of India (UIDAI)

SCB Access Single Sign-On PC Secure Logon

Using Entrust certificates with VPN

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Two Factor Authentication for VPN Access

Two Factor Authentication in SonicOS

Strong Identity Authentication for First Responders

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

IDaaS: Managed Credentials for Local & State Emergency Responders

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

How To Protect Your Data From Harm With Safenet

NetIQ Access Manager - Advanced Authentication Plugin. User's Guide. Version 5.1.0

Single Sign-On. Security and comfort can be friend. Arnd Langguth. September, 2006

SafeNet Authentication Client (Windows)

CMS Operational Policy for VPN Access to 3-Zone Admin and Development /Validation Segments

EBA STRONG AUTHENTICATION REQUIREMENTS

Multi Factor Authentication API

PrivateServer HSM Integration with Microsoft IIS

Software Token Security & Provisioning: Innovation Galore!

Identity & Privacy Protection

Schlumberger PKI /Corporate Badge Deployment. Neville Pattinson Director of Business Development & Technology IT & Public Sector

Creating Trust Online TM. Comodo Mutual Authentication Solution Overview: Comodo Two Factor Authentication Comodo Content Verification Certificates

SECURITY IMPLICATIONS OF NFC IN AUTHENTICATION AND IDENTITY MANAGEMENT

Jim Bray, Cyber Security Adviser InfoSight, Inc.

Architecture for Issuing DoD Mobile Derived Credentials. David A. Sowers. Master of Science In Computer Engineering

How To Configure An Activcard Smart Card With An Hp Powerbook On A Pc Or Ipa (Powerbook) On A Powerbook 2 (Powercard) On An Hpla 2 (Ahemos) Or Powerbook (Power Card

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

Transcription:

Moving to Multi-factor Authentication Kevin Unthank

What is Authentication 3 steps of Access Control Identification: The entity makes claim to a particular Identity Authentication: The entity proves that they are who they say they are Authorization: The entity is granted certain access rights based on that Authenticated Identity

What is Multi factor Authentication Authentication is based upon 3 Factors Something you know: Pin, Password, Picture Something you have: Token, Card, Certificate Something you are: Biometrics Fingerprint, Iris Scan, Hand Geometry, Voice Print, Facial Image

Why Consider Multi factor Authentication with PKI Regulatory Requirements Security Benefits Economic Benefits Usability Benefits

Regulatory: HSPD 12 & FIPS 201 Therefore, it is the policy of the United States to enhance security, increase Government efficiency, reduce identity fraud, and protect personal privacy by establishing a mandatory, Government wide standard for secure and reliable forms of identification issued by the Federal Government to its employees and contractors Homeland Security Presidential Directive/HSPD 12 FIPS 201 is a mandatory Federal Information Processing Standard which describes how HSPD 12 should be addressed. References several Special Publications SP 800 xx

Regulatory: FFEIC Guidance The agencies consider single factor authentication, as the only control mechanism, to be inadequate for high risk transactions involving access to customer information or the movement of funds to other parties. FIL 103 2005 October 12, 2005

Regulatory: Sarbanes Oxley Public companies are required to produce an internal control report, which shall: (1) state the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting; and (2) contain an assessment, as of the end of the most recent fiscal year of the issuer, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting. Sarbanes Oxley Act of 2002: SEC. 404. MANAGEMENT ASSESSMENT OF INTERNAL CONTROLS.

Security Benefits Increased Trust Digital Identity Authenticity and Integrity Strong authentication Encrypted data Non repudiation

Economic Benefits Reports estimate 30% 80% of help desk calls are password related Each help desk call costs, on average, from $25 to $50 Consolidate multiple functions onto a single token Consolidate physical and logical access systems

Usability Benefits End User Convenience ATM transactions Portability: Easily Displayed Fits in your Wallet or key ring Foundation for Single Sign on

Smartcards Pros Can store photo, proximity antenna and smart chip all on a single token PKI enables encryption and assures content integrity for secure interactions Cons Card readers are not ubiquitous User acceptance issues

Java Card Supports multiple applications including physical and logical access Add and delete applications to adapt to future needs Only trusted server can access its own associated applet on Java Card Each applet is firewalled from each other Biometric templates can be stored on card, eliminating risk of theft from biometric database

Global Open Platform Defines card components, command sets, transaction sequences and interfaces. Card Manager Applet Secure Channel Key Sets Global PIN Security Domains

US Department of Defense Common Access Card Single credential for: Personnel identification Building or facility access Systems and network access. In addition the CAC will have the capacity to host applications in other functional areas such as medical, personnel and logistics. (Photo credit: Lana Baumgartner)

USB Tokens Pros All the benefits of a Smartcard in a convenient form factor USB ports readily available Cons Logical authentication only. Cannot be used for physical identification or access

OTP Tokens Pros No reader hardware required No local client software required Cons Logical authentication only. Cannot be used for physical identification or access Can have clumsy UI Cannot be used for PKI operations

Software Tokens Pros No separate hardware token required Cons Does not provide non repudiation Vulnerable to automated attacks

Token Management Infrastructure Client Server Subsystems User Firewall HTML ESC CA DRM TPS TKS APDU Smartcard DB

Client Architecture IE Outlook login ESC VPN Firefox Thunderbird NSS MS CAPI PKCS#11 PC/SC E Gate USB

Demonstration Enrollment Authentication Email Encryption/Decryption

Questions?