ANDY DAVIES

1

• ANDY DAVIES
• European Sales Manager

2

21st Century Remote Access

• Laptop
• Home / Other Business PC
• Hotel / Cyber Café / Airport
• Smart Phone / Blackberry

3

Problems With Passwords

• Social engineering
• Finding written password
• Post-It Notes
• Guessing password / pin
• Dog/Kids name/ Birthday
• Shoulder surfing
• Keystroke logging
• Can be resolved with mouse based entry
• Screen scraping (with Keystroke logging)
• Brute force password crackers
• L0phtcrack

4
Two Factor Authentication

• Something you know
• Pin
• Password
• Mothers Maiden Name
• Something you own
• Keys
• Credit Card
• Token
• Phone
• Something you are
• Fingerprint
• DNA
• Two Factor Authentication is Two of the above
• Example Chip Pin
• Something you Know Pin

5
Existing Form Factors

• Smartcards / USB Tokens
• End user must remember to carry the card!
• Smartcards need readers
• Both need software drivers
• Remote Users cant use other PCs or Cybercafés
• Smart phones, Blackberrys, PocketPC etc are
  limited by size
• Requires certificate enrolment and replacement
• Deployment - Remote users must be sent a
  hardware device
• Support Pin Management Failed token must be
  managed

6
Existing Form Factors

• Software Tokens
• Carry and start-up the PC to obtain a passcode
• Token on the same device
• Sticking the keys on the side of the car!
• Commonly use time Sync (RSA SoftID)
• Users flying abroad
• Summer time changes
• Deploying software
• Deploying keys (seed records)
• Rebuilt laptops
• If backed up, duplicate keys create a security
  risk.
• Replacement Software token
• Malicious software may call the tokens API

7
Existing Form Factors

• Hardware Tokens
• End user must remember to carry the token!
• Deployment - Remote users must be sent a hardware
  device
• Token may require resynchronisation
• Support Pin Management Failed token must be
  managed
• Short Term Contractors - Dont always return the
  token
• B2B One to many companies requires many
  identical tokens

8
The Next Generation

• Mobile Phone based Authentication
• Mobile Phones solve all the previous issues
  however
•  Adding Software to a range of Phones is
  difficult to support
•  SMS at peak times sometimes cause delay of
  several minutes

9
The SecurEnvoy Approach

• Pre-loading the next required SMS message after
  each authentication attempt
• Re-usable day or week codes sent at fixed times
• 3 One Time Passcodes in each SMS Message
• Temporary agreed static code for XX days with
  self help

10
Ease Of Use (Cost) Vs Risk
Cost Vs Risk
Expensive / Hard
Tokens / Smartcards
Cost / Use
30 Day Password
Fixed Password
Cheap Easy
Risk
High Risk
Low Risk
11
Live Demonstration
SecurAccess Demonstration
12
Summary
The Next Generation is Mobile Phone Based
AuthenticationUp to 60 cheaper that Hardware
TokensMust Allow for SMS Delays Loss of
SignalMust Be Easy To Use (6 Digit Display On
Phone)Should Re-Use Existing Passwords
(Windows) as the PINShould Directly Integrate
With Microsoft AD or Other LDAP
Servers www.SecurEnvoy.com
13
SecureICE

• Usage In Case of Emergency
• Strikes, disasters, loss of existing access
  method
• Allows for a message to be sent waning staff of
  issue and to be able to work from home securely
• Allows for Occasional use for staff that need
  remote access but rarely

14
SecurMail The diplomatic pouch of email

• The secure delivery of confidential mail to its
  recipient
• Mails are sent secure and encrypted
• Delivery is not authorised until authenticated by
  the passcode that is sent to the mobile phone
• Notification of delivery is sent to the email
  creator

15
Secure Password

• User automated password reset
• User logs into website
• Puts in Employee/pupil/identity number
• SMS is then sent to their pre registered mobile
• Adding the passcode lets the user in to reset
  their password
• Dramatically save support costs time

16
Questions
Questions ?www.SecurEnvoy.com