Softex Omnipass by dwc20915

VIEWS: 31 PAGES: 24

More Info
									Securing the Desktop
  with Biometrics
      Dan Sanderson
    SafeLive Corporation
     New Richmond, WI
             Desktop Security Overview

  •   Desktops – the virtual work environment
  •   Security weakness at the desktop
  •   Current desktop security techniques
  •   What do we mean by securing our desktops?
  •   Factors of authentication
  •   Biometrics
  •   Example products: WEB-key, SendItSecure


SafeLive Corporation                              Page 2
    Desktops – the Virtual Workplace

  We use our desktops/laptops as a window to our work
    world:
  • E-mail
  • Personal productivity applications
  • Enterprise applications
  • Web applications
  • Instant messaging
  What if someone took away your computer?

SafeLive Corporation                               Page 3
         Desktop Security Weaknesses
  We’re getting better at perimeter-based security
     (firewalls, encrypted connections, anti-virus, anti-
     spam)
  Internal threats are often underestimated
  • Account break-ins/unauthorized access by trusted
     employees
  • Careless exposure of data and applications
  • Unpatched operating systems and applications
  • Inadequate backup and recovery procedures

SafeLive Corporation                                    Page 4
               Current Desktop Security
                     Techniques
  •   Username/password is the most common
  •   Token-based security (e.g., Xyloc)
  •   Biometrics
  •   No security




SafeLive Corporation                         Page 5
           What Needs to be Secured?

  • System/network access
  • E-mail (send/receive)
  • Enterprise applications (e.g., accounting apps,
    inventory control apps, etc.)
  • Web-based applications
  • Instant Messaging




SafeLive Corporation                                  Page 6
     Carelessness in Desktop Security

  • It’s inconvenient to be secure.
  • We forget to be secure.
  • We let the “system” take care of security (e.g.,
    cached passwords).




SafeLive Corporation                                   Page 7
                       Purpose of Security

  • Protect our data
  • Authenticate users




SafeLive Corporation                         Page 8
                 Factors of Authentication
             Something you HAVE              Something you KNOW            Something you ARE
  Natural                                           PIN
                 Drivers License                                             Face
and Easy
                   Magnetic Stripe                        Password
                                                                               Voice      Fingerprint
                         Photo ID                         Challenge-
                                                          Response
                          Holograph
                           Smart Card                         Encryption

                            Proximity Card                       Digital                      Iris
                                                              Signature
               More Difficult                More Difficult                Handprint
Obtrusive      To Counterfeit                To Appropriate
      and                                                                                 Retina
 Difficult                                                                                    DNA

             Low Security                                                              High Security
             Low Accuracy                                                              High Accuracy
  SafeLive Corporation                                                                       Page 9
                       Biometrics Overview
  • “Measurement of Life”
  • Using a unique physical characteristic to authenticate
    a person’s identity
  • Types:
     – Behavioral (requires several samples taken over
       time, e.g., voice, keystroke analysis, gait)
     – Biological (requires a single sample, e.g.,
       fingerprint, facial, hand geometry, iris, DNA)
  • Matching two samples requires complex analysis
  • Computers make this analysis feasible and accurate



SafeLive Corporation                                  Page 10
                       Evaluating Biometrics
  • Level of security required: How critical is the data
    or application to the core business of the
    organization? What are the consequences of
    security breaches?
  • Accuracy within the environment: Is the
    technology trustworthy and can it be deployed within
    the environment in a reliable manner?
  • User acceptance: What are the training issues?
    Will users find the technology inconvenient?
  • Cost: What are the initial hardware and software
    costs, and what are the ongoing costs for
    maintenance and upgrades?


SafeLive Corporation                                 Page 11
     Using Biometrics on the Desktop
  • Network logon: Locally stored biometric data (e.g.,
    Softex Omnipass) or enterprise solutions
    (SAFsolution from IdentiPHI)
  • Enterprise applications: Very few of these are
    protected by biometrics
  • E-Mail: Authentication of senders and receivers
    (e.g., SendItSecure)
  • Web Access: Replaces username/password for web
    site access. Local “password vault” solutions (e.g.,
    APC BIOPOD) and centrally managed solutions (e.g.,
    BIO-key’s WEB-key)



SafeLive Corporation                                Page 12
           Is Biometrics Really Secure?
  • No security technique is 100% guaranteed.
  • Don’t get caught up in the Myth Busters stories.
  • The accuracy of biometrics can be measured by:
        – False accepts (bad)
        – False rejects (inconvenient)
  • Choose solutions that are non-intrusive or else they
    won’t be used.
  • Consider multi-factor authentication schemes
    (biometric + password, biometric + token)
  • Choose solutions that protect against attacks, such
    as image injection/replay, latent fingerprints, fake
    fingerprints

SafeLive Corporation                                   Page 13
 Practical Examples of Biometrics on
             the Desktop
  • WEB-key (BIO-key International)
  • SendItSecure (SafeLive Corporation)




SafeLive Corporation                      Page 14
                            WEB-key
  • Product is an SDK (must be integrated into your web-
    based application)
  • N-tiered architecture:
        – Client plug-in for browser
        – Application server
        – Back-end authentication server and biometric database
  • Can be used for 1-to-many identification or 1-to-1
    verification
  • Very scalable
  • Client tier must be Windows; other tiers can be
    Windows or Linux


SafeLive Corporation                                              Page 15
                           WEB-key

         Client            App server     WEB-key
                                          server
             Browser         Web app      Authentication
         WEB-key plug-in    WEB-key API    Session Mgmt




                                          Biometric
                                          Database


SafeLive Corporation                                       Page 16
                       WEB-key
  • Demo




SafeLive Corporation             Page 17
                       SendItSecure
 • E-mail “extra-structure” that makes ordinary e-mail
   highly secure
 • Service-based architecture
 • Integrates with Outlook
 • Can be used with web mail or other e-mail clients




SafeLive Corporation                                     Page 18
                       SendItSecure
 • Authentication:
    – Identity of sender authenticated (receiver knows
      for sure who sent the e-mail – non-repudiation)
    – Identities of receivers are authenticated (sender is
      assured only recipients can read the e-mail)
 • Confidentiality:
    – Contents of e-mail are encrypted en route and can
      only be decrypted by authorized receivers



SafeLive Corporation                                   Page 19
                       SendItSecure
• Strong authentication (beyond passwords)
• Strong encryption (end-to-end)
• Easy to use, non-obtrusive
• Leverages existing e-mail infrastructure
• Easy to administer (biometrically protected web site)
• Cost effective (hardware and software)
• “Message pickup” feature for sending to non-enrolled
  users
• Support for very large attachments

SafeLive Corporation                                 Page 20
              SendItSecure Architecture




SafeLive Corporation                      Page 21
                         SendItSecure
• Applications:
      – Transmittal of sensitive company documents and messages
      – Employees working from remote locations (telecommuting,
        travel)
      – Communications with suppliers and partners
      – Improved customer service
• Industries:
      –   Health care
      –   Banking
      –   Law enforcement
      –   Professional firms
SafeLive Corporation                                         Page 22
                       SendItSecure
 • Demo




SafeLive Corporation                  Page 23
                       Contact Information

                         Dan Sanderson
                          715-246-5808
                  dsanderson@SendItSecure.com
                       www.SafeLive.com




SafeLive Corporation                            Page 24

								
To top