TrustLeap Multipass - Unbreakable Passwords For Cloud Services


Published on

Multipass is a cost-effective alternative to costly and unsafe RSA dongles.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

TrustLeap Multipass - Unbreakable Passwords For Cloud Services

  1. 1. TrustLeapAuthentication Platform (One-Time Passwords)MULTIPASSwww.trustleap.comUnbreakable Passwords For Cloud ServicesTODAYS STATE OF THE ARTRSA SecurID and VASCO Digipassdongles make 6-digit OTP (One-TimePasswords) for use in Web applications,VPNs, firewalls, servers or to protect rights(multimedia, patents, contracts, etc.).But just looking at these values sent viapublic networks (and exposed on peoplesdesks or belts) makes it possible to identifyeach dongles secret key.With this information, all the passwordsthat a dongle will issue in the future can becalculated in advance.SecurID reverse-engineered in 2000 is"easily breakable" claim experts. Thenewest AES-based SecurID 800 hasbeen cracked in 2012 in... 13 minutes.Some claim that SSL and static PINs makethese exposures impossible or harmless.But SSL delegates the security chain, andthese broken OTP designs were supposedto be safer than static PIN codes.2 AND 3-FACTOR DONE PROPERLYInstead of using leaking hashes made byimperfect encryption, TrustLeap tokens areproven as cryptanalytically unbreakable(safe against unlimited computing power).TrusLeap-secured data cant be attacked:it does not expose enough information tomake it possible to break the encryption.Intercepting tokens cannot help to guessany future values. And altering, hijacking orreplaying sessions will just lead to badpasswords, instantly raising alerts.TrustLeap tokens lifespan is also limited,but this delay cant be used to predictfuture passwords: indistinguishable fromtrue random data, theres nothing to breakas theres no remaining correlation to spot.The RSA SecurID fiasco illustrates howweak technology can cause undetectableharm: all the RSA dongle fraudsters wereproperly authenticated – by systems whichdesign was too weak to be trustworthy.© 2007 - 2013 TrustLeap® / MULTIPASS® – Unbreakable Passwords For Cloud Services 1/4TrustLeap
  2. 2. TrustLeap MULTIPASSMULTIPASS RATIONALERightly, the established practice of usingstatic passwords is discouraged: like usernames, static passwords can too easily beguessed, stolen, reused, or passed on.But passwords can only be safe when theyare (a) confidential, (b) unpredictable and(c) cant be stolen nor replayed.Two-factor authentication vendors haveprovided banks, critical infrastructure, andgovernments with OTP dongles breakingall these three mandatory conditions:To build passwords, RSA dongles andservers must use shared secret keys.Using imperfect encryption schemesmade it possible to recover, break, orbypass these keys. For decades.As similar by-design issues are found inthe PKI used to sign documents and toauthenticate users and hosts, this is awhole generation of trusted solutions whichneeds to be revisited.Regulators incite users to invest in securitysolutions so theres a need for future-prooftechnologies invulnerable by-design.MULTIPASS is a certified FIPS 140-2authentication solution that takes greatcare at not replicating any of the technicalerrors made by the prior generation ofauthentication systems.HOW IT WORKS(1) On TrustLeap servers, mathematically-proven cryptographic tools process securetokens to build personalized OTPs (OneTime Passwords).(2) Users get secure tokens on-demand viatheir preferred OoB (Out-of-Band) channel(SMS, QKD, mail, fax, etc.).(3) Users salt tokens with their secretUserID to access Cloud services which areusing TrustLeap servers for validation.FEATURES• only true random data is transmitted(secret keys are safe by-design);• tokens are IP-based and time-basedbut can be tied to other parameters;• OoB (Out-of-Band) delivery by SMS,QKD, mail, fax, etc.• uncorrelated tokens generated viamathematically-proven unbreakablecryptography (an exclusivity);• safer than RSA dongles that can belost, stolen or broken.BENEFITS• future-proof: unbreakable by-design;• no hardware dongles required;• could be used to secure dongles;• no infrastructure change required;• instantly deployable on-demand;• higher costs/benefits solution;• safe against loss and robbery.TRUSTLEAP SERVERSAs all transactions and user activity arelogged, administrators can audit, invoiceand comply with regulatory constraints.TrustLeap provides by-design unbreakablesecurity without changing users habits,interfaces, or infrastructure. This helps toreduce your operational costs and yourorganizations surface of vulnerability.© 2007 - 2013 TrustLeap® / MULTIPASS® – Unbreakable Passwords For Cloud Services 2/4TrustLeap
  3. 3. ADMINISTRATIONProvisioning users on-demand:1. user asks help desk to register ID2. help desk adds user to its database3. user can reach protected resources.The whole process can be handled in lessthan a minute. De-provisioning users, ordisabling users temporally is even faster.Help desk administrators can also createmany users at once via import interfaces.PASSWORD DELIVERYUsers accessing a protected resource:1. user asks a one-time password (OTP)2. the OTP is sent if credentials are valid3. users salt the OTP with their secretUserID to access protected resources.OTP and UserID are secret as they donttravel on the Internet and both are neededto login successfully. Reply attacks fail aseach OTP is unique. Being uncorrelatedOTPs are also provably unbreakable.Further, authentication services can berestricted by group (or by user) hour byhour, and day by day, all along the week.ALERTS, AUDITS AND REPORTINGReports covering all user, help desk andserver activity can be made by using SQLto query encrypted (read-only) logs:• geo-localization (users IP address)• action time-stamps (vs open-hours)• user provisioning, granted IDs, etc.• authentication/delivery failures.Future-proof solutions protect you againstunknown threats and obsolescence.© 2007 - 2013 TrustLeap® / MULTIPASS® – Unbreakable Passwords For Cloud Services 3/4TrustLeapOTP 75CF-1A63
  4. 4. TrustLeapWorldwide Corporate HQTrustLeapParadiesli 17CH-8842 Unteriberg SZSwitzerlandPhone +41 (0)55 414 20 93Fax +41 (0)55 414 20 67Email info@trustleap.comwww.trustleap.comAbout TrustLeapTrustLeap, the TWD Industries AG security division, protects digital assets with cryptanalyticallyunbreakable technology (safe against unlimited computing power as it is proven mathematicallythat no key leaks can be exploited). The TrustLeap secure platform leverages offers of enterprise,cloud, networking, digital media and financial services in global strategic markets.TrustLeap lets partners and users form dynamic ecosystems where duly accredited strangers cansafely trust each-other. Establishing widespread trust enables organizations to secure theirinfrastructure, raise the value of their offers and safely market their digital assets.© 2007 - 2013 TrustLeap® / MULTIPASS® – Unbreakable Passwords For Cloud Services 4/4TrustLeap