Msk security non linear authenticaiton

1,101 views

Published on

2FA, Non Linear Authentication, MSK Security, Security for the Cloud on the Cloud
2 Factor authentication, SSO, IAM, HASP and Compliance
Hippa compliance Saas Hippa, Cloud Hippa, cloud secuirty, saas security, MSK Security, Cloud SSO, 2 factor authentication, HASP, Cloud computing, google apps security, Single Sign on, MITB, Man in the browser, Zeus malware, clampi trojan, clampi malware, zeus malware, msk security, non linear authentication,
urlzone malware, urlzone trojan, free two factor authentication, free password manager, free sso, free single sign on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,101
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Msk security non linear authenticaiton

  1. 1. Non Linear Authentication SM Non Linear Authentication SM By MSK Security Version 1.0.20100308 Patent Pending Prepared by: Shahram Karimian Raymond Gallagher 3/9/2010 Page 1 of 12 © Copyright 2010 MSK Security
  2. 2. Non Linear Authentication SM Table of Contents Non Linear Authentication SM ..................................................................1 By MSK Security ..................................................................................1 Version 1.0.20100308.....................................................................1 Patent Pending ..............................................................................1 Table of Contents .................................................................................2 Executive Summary..............................................................................3 Non-Linear Authentication SM..................................................................5 Linear Authentication ......................................................................5 Non-Linear Authentication SM............................................................5 How the MSK Digital IDTM isolates and protects.........................................6 Out of Band Transactional Verification for Banking .................................7 Isolation through HASP ......................................................................8 Data Protection:.............................................................................8 System Protection: .........................................................................8 MSK Digital IDTM Smart Token – .............................................................9 System requirements............................................................................9 Implementation .............................................................................9 Proven technologies and best practices .............................................. 10 Appendix A........................................................................................ 11 How the Security Token communicates ........................................... 11 How the Authentication Server communicates .................................. 11 3/9/2010 Page 2 of 12 © Copyright 2010 MSK Security
  3. 3. Non Linear Authentication SM Executive Summary MSK Security is designed to allow secure logins, transaction verification, payment processing and Digital Signatures, in a WAN environment and to remove the possibility of non-authorized activity interfering with these processes. MSK Security has invented “Non-Linear Authentication SM” (Patent Pending) and has a proven implementation of it in our (MSK Web Management 2008 system our 3rd generation management system). Some of the aspects that come out of MSK Security’s implementation of “Non-Linear Authentication SM” are Bidirectional Authentication, Two-Factor Authentication and Out-of-Band Authentication. There has been a lot of discussion about Multi-factor Authentication but little attention has been spent on the aspects of authentication. Non-Linear Authentication SM is, in its own right, a new aspect of authentication and by default exhibits characteristics from many other techniques. This is due in part by the nature of Non-Linear Authentication SM and in part to the powerful way in which MSK Security has implemented it. Many security systems and techniques have failed not because of security but because of usability. From the End-Users perspective, using the security token is no more difficult than the current username/password combination and in some respects (especially across multiple enabled systems) is considerably easier. Two-factor Authentication There are only three possible factors for authentication, something you know, something you have and something you are: 1. Something you know such as a Password, Image, Pattern, Answers to questions are just forms of single-factor authentications. 2. Something you have such as Unique Client Programs, OTP Tokens, Computer hardware, Smart Cards and Keys would also be considered single-factor unless you combine it with something you know. Something you have by its self is still stronger than just something you know. 3. Something you are (the strongest single factor for authentication) such as a Finger Print, Retina, DNA, Picture ID from a trusted source. 3/9/2010 Page 3 of 12 © Copyright 2010 MSK Security
  4. 4. Non Linear Authentication SM What are aspects of authentication? The aspect of authentication is a high level implementation of authentication. It answers the questions “Who has to authenticate?” “Who is trusted?” “How are credentials transmitted?” “What factors of authentication are going to be used?” Almost all websites use single factor unidirectional authentication. Bidirectional Authentication Bidirectional authentication is where the service authenticates to the end- user and the end-user authenticates to the service. This has been implemented by displaying a secrete pass-phrase or picture on the webpage after the end-user puts in their username but before they enter their password. Bidirectional Authentication is an aspect of authentication. User Server/Service Out-of-Band Authentication Out-of-Band Authentication is where part of the communication with a service is done outside the line of communication. This has been implemented by sending an email or making a phone call with a password when the end-user attempts to login. Out-of-Band Authentication is an aspect of authentication. User Server/Service E-mail/Phone 3/9/2010 Page 4 of 12 © Copyright 2010 MSK Security
  5. 5. Non Linear Authentication SM Non-Linear Authentication SM Non-Linear Authentication SM has three players the End-User, the Service or (an agency’s internal network and business applications) and the Authentication-Service or (Auth Server). Non-Linear Authentication SM is where both the End-User and the Service have to authenticate to the Auth Server. The End-User first picks a Service to login to; the Service then authenticates itself to the Auth Server; next the End-User authenticates to the Auth Server; finally the End-User logs in and it is at this point that the Service checks independently with the Auth Server to see if the End-User has authenticated. This is also the point at which the End-Users receive their access rights. Linear Authentication User Server/Service User Authentication Server/Service server/service Server/Service1 User Authentication server/service Server/Service 2 Server/Service 3 Non-Linear Authentication SM Server User 1 Out-of-Band Credentials Server Server 3 2 Authentication server/service Secure Information 3/9/2010 Page 5 of 12 © Copyright 2010 MSK Security
  6. 6. Non Linear Authentication SM How the MSK Digital IDTM Works All businesses and agencies have sensitive data and must simultaneously protect it and provide access to it. To effectively do this, a proven system for user authentication is required. The ideal system provides top-level security with cost-effective deployment and maintenance as well as ease of use. MSK offers identity and access management solutions that meet these requirements. MSK delivers enterprise-grade user authentication that is more powerful than existing PKI technologies without the complexity, overhead and risk associated with these solutions that require key management and storage. To deliver powerful authentication with minimal overhead, MSK takes the proven two-factor method to a new level of ease of use and security. MSK also adds another level of security by having users’ authentication done directly between the smart security token and the authentication server. This direct connection allows the token to have Bi- directional authentication and Out-of-Band authentication at the same time. Example: Banking Site Login Bi-Directional Authentication First Factor Something you know Second Factor Something you have Second Factor If you are not on an authorized PC 3/9/2010 Page 6 of 12 © Copyright 2010 MSK Security
  7. 7. Non Linear Authentication SM Transactional Verification for Banking Account where funds are coming from Amount and where the funds are going Payment processing Digital Signatures 3/9/2010 Page 7 of 12 © Copyright 2010 MSK Security
  8. 8. Non Linear Authentication SM HASP (Hardware Against Software Piracy) MSK Digital ID™ has an optional HASP feature that allows Software on Demand from a specific machine or a pre determined network of machines; this guarantees the highest level of controlled access. Users can be limited to a specific machine or group of machines preventing password sharing. All of this is accomplished without the need to install cumbersome software or hardware. - Provides a better way to meet compliance - Enables more control over use of service - Ensures controlled access to sensitive data From the Point of Authentication: Data Protection: Unauthorized Users: • Phishing • Man-in-the-Middle • Key Loggers • Password Sharing MSK Security will protect you from all of these attacks. Insider Threats: • Audit Trails • Identity and Access Management MSK Web Management TM solution includes full audit trails granular to any machine that attempts to login. The solution includes a single point provisioning and single click removal or de-provisioning. System Protection: Injection attacks: • SQL-Injection • Cross-site-scripting Injections into the Buffer fields like (username and password fields) can damage a system. MSK removes the buffer fields; this reduction of the attack surface eliminates injection attacks. 3/9/2010 Page 8 of 12 © Copyright 2010 MSK Security
  9. 9. Non Linear Authentication SM MSK Digital IDTM Smart Token – System requirements The Security Token runs under Microsoft .NET Framework v1.1.4322 and above. The .NET Framework is included on Windows XP service pack 2 and is part of the OS for Windows Vista and Windows 7. The MSK Security Smart Token requires no installation it is a stand alone executable that will just run if double clicked. Fully testing has been done on Window 2000, Windows XP, Windows Vista, Windows 7 and Windows 2003 Server. The Security Token will recognize Fire Fox 2.0 and earlier; the most common implementation is under Internet Explorer 5.0 and above this includes the latest version of Internet Explorer 8.0 Testing has also include MAC computers running Virtualized versions of the Windows OS. Implementation There are two way to implement MSK Digital ID first is our SAAS model second is a self hosted model. Our SAAS model has only a small a per-set license. The self hosted model will require a Secure MSK Security Authentication Server and will require Branded Smart Tokens that will only communicate with the self hosted Authentication Server. The requirements of the physical server are Windows 2003 Server other requirement will vary depending on implementation (Firewalls, Proxies, Monitoring Services, Secure Hosting Services i.e. SAS 70 Datacenter). Our SAAS (Software-As-A-Service) model is by far the most robust and is the far less costly option. Traditional two factor solutions require distribution and life cycle management of expensive hardware tokens that need to be synchronized with expensive on premise authentication servers that require expensive on premise maintenance. Distribution of the MSK Security Smart Token is quick and easy. The MSK Web Management TM system is included as part of the service not an extra piece of software that needs to be installed and maintained or licensed. The optional HASP (Hardware Against Software Piracy) feature is included as part of the offering. The Smart Tokens can be married to 1 or more computers preventing them from being used on non-authorized computers. Scalability is quick and limitless. With traditional systems this process can be very painful and expensive. 3/9/2010 Page 9 of 12 © Copyright 2010 MSK Security
  10. 10. Non Linear Authentication SM Proven technologies and best practices Proven technologies included with the system are as fallows • 128-bit SSL (Secure Socket Layer) • 256 or 512-bit SHA (Secure Hash Algorithm) • One time only Salted SHA (Random Data added to a Hash to prevent Rainbow table collision attacks) • .NET (Managed Software Framework that is keep up-to-date) • SQL (Structured Query Language) used for high performance data management • Windows Server 2003 • SAS 70 Type II Data Center 3/9/2010 Page 10 of 12 © Copyright 2010 MSK Security

×