Post on 04-Jun-2018
8/13/2019 Secur Access
1/14
Next GenerationTwo Factor Authentication
http://www.securenvoy.com/8/13/2019 Secur Access
2/14
Laptop
Home / Other Business PC
Hotel / Cyber Caf / Airport
Smart Phone / Blackberry
21stCentury Remote Access
http://www1.euro.dell.com/content/products/compare.aspx/latit?c=uk&cs=ukbsdt1&l=en&s=bsdhttp://www.securenvoy.com/8/13/2019 Secur Access
3/14
Social engineering
Finding written password
Post-It Notes
Guessing password / pin Dog/Kids name/ Birthday
Shoulder surfing
Keystroke logging
Can be resolved with mouse based entry Screen scraping (with Keystroke logging)
Brute force password crackers
L0phtcrack
Who is using your VPN
Problems With Passwords
http://www.securenvoy.com/8/13/2019 Secur Access
4/14
Two Factor Authentication
Something you know Pin Password Mothers Maiden Name
Something you own Keys Credit Card Token Phone
Something you are Fingerprint
DNA
Two Factor Authentication is Two of the above
Example: ATM Cash Machine Something you KnowPin
Something you Own - Cash Card (Chip)
http://www.securenvoy.com/8/13/2019 Secur Access
5/14
Smartcards / USB Tokens
End user must remember to carry the card!
Smartcards need readersBoth need software drivers
Remote Users cant use other PCsor Cybercafs
Smart phones, Blackberrys, PocketPC etc are limited by size
Requires certificate enrolment and replacement
Deployment - Remote users must be sent a hardware device
SupportPin Management & Failed token must be managed
Existing Form Factors
http://www.securenvoy.com/http://www.securenvoy.com/8/13/2019 Secur Access
6/14
Hardware Tokens
End user must remember to carry the token!
Deployment - Remote users must be sent a hardware device
Token may require resynchronisation
SupportPin Management & Failed token must be managed Short Term Contractors - Dont always return the token
B2BOne to many companies requires many identical
tokens
Existing Form Factors
http://www.securenvoy.com/http://www.securenvoy.com/8/13/2019 Secur Access
7/14
Mobile Phone based Authentication
Mobile Phones solve all the previous issues however
Adding Software to a range of Phones is difficult tosupport
SMS at peak times sometimes cause delay ofseveral minutes
The Next Generation
http://www.securenvoy.com/http://www.securenvoy.com/8/13/2019 Secur Access
8/14
8
Pre-Load vs. On demand SMS
http://www.securenvoy.com/8/13/2019 Secur Access
9/14
http://www.securenvoy.com/8/13/2019 Secur Access
10/14
UserID: fredPIN: 3687Passcode:435891Microsoft Password: P0stcode
PIN Management
Two Factor Authentication requires something you know
& something you ownWhy authenticate with two things you know?
Traditional Approach
The SecurEnvoy Approach
UserID: fred
Microsoft Password: P0stcodePasscode: 435891
Reuse The Microsoft or other LDAP Password as the PINEasier end user authentication experienceNo PIN Administration required
Can also support a PIN if required
http://www.securenvoy.com/http://www.securenvoy.com/8/13/2019 Secur Access
11/14
Cost Vs Risk
High Risk
Cost/U
se
Low Risk
Expensive / Hard
Ease Of Use (Cost) Vs Risk
CheapEasy
Risk
Fixed
Password
30 Day
Password
Tokens /Smartcards
SecurEnvoy
7 Day Code
SecurEnvoy
1 Day Code
SecurEnvoy
One Time Code
http://www.securenvoy.com/http://www.securenvoy.com/8/13/2019 Secur Access
12/14
Use AD or other
LDAP as thedatabase
Standard Authentication Solutions
The SecurEnvoy Approach
ActiveDirectory
LDAP SyncSQLDatabase
SQLDatabase
Replication
SecurEnvoy Solution
No schema change required
Data Encrypted with 128 bit AES
Re-enter user information
http://www.securenvoy.com/http://www.securenvoy.com/8/13/2019 Secur Access
13/14
SecurAccess Authentication
SecurAccess Authentication
Enter 6 Digit Number from Mobile Phone
Something You Know
Something You Own
Andyk
P0stcode
234836
Passcode
573921
http://www.securenvoy.com/http://www.securenvoy.com/8/13/2019 Secur Access
14/14
The Next Generation is Mobile Phone Based Authentication
Up to 60% cheaper that Hardware Tokens
No Software on the phone
Must Allow for SMS Delays & Loss of Signal
Must Be Easy To Use (6 Digit Display On Phone)
Should Re-Use Existing Passwords (Windows) as the PIN
Should Use LDAP as the Database
www.SecurEnvoy.com
Summary
http://www.securenvoy.com/