Secur Access

8/13/2019 Secur Access

1/14

Next GenerationTwo Factor Authentication
http://www.securenvoy.com/


2/14

Laptop

Home / Other Business PC

Hotel / Cyber Caf / Airport

Smart Phone / Blackberry

21stCentury Remote Access
http://www1.euro.dell.com/content/products/compare.aspx/latit?c=uk&cs=ukbsdt1&l=en&s=bsdhttp://www.securenvoy.com/


3/14

Social engineering

Finding written password

Post-It Notes

Guessing password / pin Dog/Kids name/ Birthday

Shoulder surfing

Keystroke logging

Can be resolved with mouse based entry Screen scraping (with Keystroke logging)

Brute force password crackers

L0phtcrack

Who is using your VPN

Problems With Passwords


4/14

Two Factor Authentication

Something you know Pin Password Mothers Maiden Name

Something you own Keys Credit Card Token Phone

Something you are Fingerprint

DNA

Two Factor Authentication is Two of the above

Example: ATM Cash Machine Something you KnowPin

Something you Own - Cash Card (Chip)


5/14

Smartcards / USB Tokens

End user must remember to carry the card!

Smartcards need readersBoth need software drivers

Remote Users cant use other PCsor Cybercafs

Smart phones, Blackberrys, PocketPC etc are limited by size

Requires certificate enrolment and replacement

Deployment - Remote users must be sent a hardware device

SupportPin Management & Failed token must be managed

Existing Form Factors
http://www.securenvoy.com/http://www.securenvoy.com/


6/14

Hardware Tokens

End user must remember to carry the token!

Deployment - Remote users must be sent a hardware device

Token may require resynchronisation

SupportPin Management & Failed token must be managed Short Term Contractors - Dont always return the token

B2BOne to many companies requires many identical

tokens

Existing Form Factors


7/14

Mobile Phone based Authentication

Mobile Phones solve all the previous issues however

Adding Software to a range of Phones is difficult tosupport

SMS at peak times sometimes cause delay ofseveral minutes

The Next Generation


8/14

8

Pre-Load vs. On demand SMS


9/14


10/14

UserID: fredPIN: 3687Passcode:435891Microsoft Password: P0stcode

PIN Management

Two Factor Authentication requires something you know

& something you ownWhy authenticate with two things you know?

Traditional Approach

The SecurEnvoy Approach

UserID: fred

Microsoft Password: P0stcodePasscode: 435891

Reuse The Microsoft or other LDAP Password as the PINEasier end user authentication experienceNo PIN Administration required

Can also support a PIN if required


11/14

Cost Vs Risk

High Risk

Cost/U

se

Low Risk

Expensive / Hard

Ease Of Use (Cost) Vs Risk

CheapEasy

Risk

Fixed

Password

30 Day

Password

Tokens /Smartcards

SecurEnvoy

7 Day Code

SecurEnvoy

1 Day Code

SecurEnvoy

One Time Code


12/14

Use AD or other

LDAP as thedatabase

Standard Authentication Solutions

The SecurEnvoy Approach

ActiveDirectory

LDAP SyncSQLDatabase

SQLDatabase

Replication

SecurEnvoy Solution

No schema change required

Data Encrypted with 128 bit AES

Re-enter user information


13/14

SecurAccess Authentication

SecurAccess Authentication

Enter 6 Digit Number from Mobile Phone

Something You Know

Something You Own

Andyk

P0stcode

234836

Passcode

573921


14/14

The Next Generation is Mobile Phone Based Authentication

Up to 60% cheaper that Hardware Tokens

No Software on the phone

Must Allow for SMS Delays & Loss of Signal

Must Be Easy To Use (6 Digit Display On Phone)

Should Re-Use Existing Passwords (Windows) as the PIN

Should Use LDAP as the Database

www.SecurEnvoy.com

Summary

Secur Access

Documents

Transcript of Secur Access