vasco - dss @vilnius 2010
TRANSCRIPT
VASCO Data Security 1
Hans LiljedahlChannel Manager
Nordic & Baltic RegionVASCO Data Security
”Psst…I know your password”
VASCO Data Security 3
VASCO update
VASCO, the Full Option, All-Terrain Authentication Company
VDSI - Financially healthy & profitable. Top-100 fastest growing IT-
companies in the world.
VASCO Data Security 5
Full option, All terrain
Verticals & segments
VASCO Data Security 6
Full Option & All-Terrain
All-Terrain = All applications/technologies
E-bankingE-brokerage
Online gaming
Automotive
E-government
Healthcare B-to-B
E-commerce
Social Security
EducationPublishing Industry
VASCO’s products are used in over 50 applications
VASCO Data Security 7
• Over 1500 international financial institutions put their trust in VASCO’s solutions & deployments.
Banking References
VASCO Data Security 14
42% used lowercase letters from "a to z“
only 6% mixed alpha-numeric and other characters
many of the top 20 passwords used were names
nearly 2,000 of the passwords were only 6 characters long
the longest password was 30 characters –“lafaroleratropezoooooooooooooo”
Human Behaviour…
VASCO Data Security 19
High Tech Fraud Schemes
On the global black market (Symantec, accounts.com):• Your e-mail password is worth $4.00
• Your credit card number is worth $0.40 • Your social security number is worth $1.00
• Your bank account is worth $10.00 • Your level 70 undead rogue with quest blues and a flying mount is worth $425.00
VASCO Data Security 21
QUIZ
• Do you recognize this?
• How many (different) passwords do you have to remember?
• Do you write down your passwords (or keep them in a file)?
• Is your static password at least 8 characters long ?
is it a combination of numbers, symbols and letters?
• How often do you (have to) change your passwords?
• Have you ever given your password to someone else?
• Passwords can be guessed, stolen, hacked, …
• Password Sharing, Shoulder Surfing......
• How can I be sure that you are really the one you say you are?
VASCO Data Security 22
PASSWORD CHECKER
http://www.howsecureismypassword.net
rTyx*pK2%9
VASCO Data Security 23
rTyx*pK2%9
Cheapest solution...
I’m safe for 17.000 years….
my password is
invented by xxx today
forgotten by xxx tomorrow
So, call help desk…or use smart technology
VASCO Data Security 25
The Password Challenge
User 1:
“I have to remember about 20 passwords…”
User 2:
“I have to change them every 30 days”
User 3:“All should be different so if one password is
compromised all others are not.”
VASCO Data Security 26
The Staff Authentication Challenge:
CEO:
„Employees use passwords of their colleagues to get access to information they are not
entitled to see!“
VASCO Data Security 27
The Mobile Staff Authentication ChallengeSales Director:
„My team needs access to the corporate network and their e-mail wherever they are.
It should be very efficient when they are in the office and very safe when they are somewhere
out, especially when using an Internet Cafe.”
The Staff Authentication Challenge:
VASCO Data Security 28
The Data Protection and Access ChallengeGeneral Manager:
„The laptop of my closest staff member was stolen out of the car recently. I‘m extremely alarmed
that the sensitive data on it finds its way to our competition.”
The Staff Authentication Challenge:
VASCO Data Security 29
The Cloud Authentication ChallengeMarketing:
„We need to reliably authenticate our customers when they access our online services. “
The Staff Authentication Challenge:
VASCO Data Security 30
The weakest link….CTO
„We have invested $$ in Firewalls, VPN, SSL-VPN, online applications, anti spam, anti-virus, content filtering, web traffic management tools, etc…
But the weakest link is the colleague ! “
The Staff Authentication Challenge:
VASCO Data Security 31
Why are you a potential cybercrime victim?
You are connected and as a consequence you have:
• an infrastructure to test a virus
• a server connected to the web for storage of illegal content
• a temporary system for illegal activities (spamming, botnet, …)
• bandwidth to share
• information which is valuable on the black market
(Personal, financial or business info)
VASCO Data Security 35
1000x login screens…
• Whenever you need to type username and password, replace it by a better solution!
VASCO Data Security 36
Replacing static passwords with OTP
HANS LILJEDAHL
blacky1r\°5w^Tyx*pK2%9PIN + 342601
VASCO Data Security 38
OTP generation: HOW?
DES/3DES/AES
Kdp
Time
Kdp
Time
872003
VASCO Data Security 39
•Digipass calculates One Time Passwords (OTP)
•One time passwords cannot be reused, stolen or hacked
The concept: GENERATION of OTP
Encryption Algorithm
Key
OTP
Time
VASCO Data Security 40
The concept: VALIDATION of OTP
Client Side Server Side
Internet
Encryption Algorithm
Key Time
• Need for Secure Transport & Secure Storage of secret key• Need for Synchronization of time
Encryption Algorithm
Key Time
VASCO Data Security 41
•Digipass calculates Electronic Signature
•MITMA countermeasure
Encryption Algorithm
Key
OTP
Time Data fields
The concept: GENERATION of Electronic Signatures
VASCO Data Security 42
Authentication – It’s a trade off…
User Friendliness
User AcceptancePortability
Customer type
StandardsOTP / Signature
Procedures
DeploymentHelpdesk
Price
VASCO Data Security 43
IDENTIKEY Server- The Brain & the Heart
Front-End Integration
PostgreSQL
Back-EndAuthentication
Web-based Administration• User & DIGIPASS
Administration • Reporting
SOAP
SEAL
RADIUS
SOAP
IIS WebApplications
Customer Web Applications
RADIUS Client
RADIUSLDAP
via Windows APIvia Custom API
Datastore
Apache Tomcat Webserver
ODBC
Directory
AD
LDAP/LDAPS
CommandLine TCL
AD U&C
SEAL
Windows Desktop Login
ConnectedUnConnected Server Login Terminal Server Login
SEAL-S
VASCO Data Security 44
Remote Site: Server Solutions
Vasco has multiple solutions to protect your network and applications:
SOFTWARE HARDWARE SERVICES
Plugins:•Microsoft IAS•Juniper SBR•Novell NMAS•Imprivata•AEP•RACF•Siteminder
VASCO Data Security 45
DIGIPASS AS A SERVICE
DIGIPASS as a Service is a managed authentication solution
DIGIPASS as a Service offers security for multiple applications:•SaaS solutions•online gaming•e-learning applications•online subscription services (e.g. magazines and newspapers)•licensed services•e-government applications•e-healthcare systems•e-commerce applications•e-banking applications•online insurances applications•intranet/ extranet
VASCO Data Security 46
CLIENT SIDE: DIGIPASS Factory
DIGIPASS GO range with e-signature capability
DIGIPASS e-signature devices
DIGIPASS Softwarerange
DIGIPASS PKI range for authentication using digital
signatures
DIGIPASS card reader range for authentication using electronic and digital signatures