auth shield -mfid – secure access and authentication solution
DESCRIPTION
Auth shield Lab is Providing Effective Two factor authentication solution For Secure Your data informationTRANSCRIPT
MFID – SECURE ACCESS AND AUTHENTICATION
“The threats from within are increasing on a daily basis. 78% of all information security breaches happen internally”
ABOUT INNEFU LABS“Innovation For You”
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
ABOUT US
Research Oriented Information Security Organization
Team – Forty Two B.Tech / M.Tech inclusive of Senior Management consisting of three IIT Alumni
Largest trained manpower for Cyber Intelligence available with a private company in India
More than three years of experience in Cyber Intelligence
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
CONTD.
Patent Pending Technologies –
Cyber Café Surveillance Tactical Internet Monitoring System Two Factor Authentication
Copyrighted Products – Intelinks – Link Analysis and Data Mining for
different sets of Data including CDR’s, Interrogation reports etc
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
TWO FACTOR AUTHENTICATION
Unbreakable security for Mails, financial transactions
99% security from phishing attacks and infections
Only Indian company to have developed indigenous Hard Token
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
INTERNET MONITORING SYSTEM
Indigenously Developed Deployed in UP – Proven to be better than
existing system
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
DATA MINING AND LINK ANALYSIS
Created on lines of i2 Interrogation reports Management System P
rivate
and C
onfidentia
l -INN
EFU
LAB
S
CYBER CAFÉ SURVEILLANCE
Map uses identity to his mobile phone number
Activity monitoring for suspect mobile phones
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
PARTIAL LIST OF CLIENTS
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
AGENDA
Why do we need Two Factor Authentication? What is Two Factor Authentication? Different Tokens with their architecture Different Applications
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
DATA CENTRE ARCHITECTURE (ASSUMPTIONS)
Email Servers
Web and Application Servers – Critical Applications
Database Servers
Firewalls / IPS / IDS / UTM
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
INDIVIDUAL INFORMATION SECURITY - CURRENT
Anti VirusFirewalls
Data Leak prevention / IPS / IDS
People and Processes – Connection to Internet, Barring Pen Drives etc
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
ORGANIZATIONS TODAY ARE USING UTM,
IPS etc FOR COMPREHENSIVE
PERIMETER SECURITY. AS A HACKER,
WHO WOULD YOU IDENTIFY AS THE
WEAKEST LINK IN THE CHAIN?
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Point of Attack
User Name, Pwd
Authentication Response
IDENTITY THEFT
Fastest growing white collar crime
900,000 new victims each year
Cost to businesses more than $50 billion
Cost per incident to company $6,383
Hours spent per victim resolving the problem as shown by identity theft statistics: 30
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
POINT OF ATTACK
Individual Ministry officers
IT Managers of respective departments
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
METHODS OF ATTACK
Targeted Phishing
Worms
Viruses
Trojans
Map the physical identity of the user to the server
A Unique Two Factor Authentication Mechanism
Identify the user based on – Something he knows (user name / password) Something in the users possessions
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
INNEFU’S AUTHSHIELD – OTP GENERATION
Hard Token
E-Token
Smart Phone – BB /iphone / Android
SMS
HARD TOKEN
Security device (Hard Token) given to authorized users
The token generates a new password after every 90 seconds
Each token is unique to the user and synchronized with the AuthShield server based on time
The password is based on a pre defined unbreakable randomized algorithm.
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
HARD TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS KEY
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Client’ s Application Server
Innefu’s AuthShield Server (IAS)
LDAP / MS Active Directory
The architecture may change based on the deployment architecture at the clients end
1. OTP verified by IAS server
2. User Name / Pwd authenticated normally
3. All requests are SSL encrypted
User Name, Pwd and OTP
User Name, OTP
User Name, Pwd
SOFT TOKEN Encrypted request sent to AuthShield server with the User Name
IAS server generates a One Time Password (OTP) and sends it to the registered Mobile Phone Number
The database of numbers may be stored in the IAS server or sent with the request
The user logs in with the OTP provided to him via SMS
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
SSOFT TOKEN – IDENTIFYING THE USER ON THE BASIS OF HIS PHONE
User Name, Pwd
True Authentication
User Name
Authshield Server
OTP Sent via SMS
SMS receiving Capable Device
OTP Verification
True Authentication
MOBILE TOKEN FOR SMART PHONES
Application installed on smart Phones
Application sends a request via GPRS / 3G connection to the IAS
The server generates an OTP and sends it back to the device
Available for all smart phones
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
BB/ iPhone / Android
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
SMOBILE TOKEN – ARCHITECTURE
1). User accesses the token generation application on his BB device
3). Request Forwarded to IAS
3).
2).Request Sent to BES
4). Token Generated
6). Access
BES
IAS
ApplicationUN+PWD+TOKEN
5). Credentials Entered
IAS & AD
AUTHSHIELD - E-TOKEN
Encrypted signature wallet stored on the token Passwords Digital Signatures Certificate Store Online Subscription
credentials
Customized Driver to detect the E-Token
PKCS# Certification compliant
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
SAPPLICATIONS
Continuous Polling to ensure Session Timeout
Disk Encryption – No decryption without Token
Protect Licensed software's
Access to Critical Applications and IT Infrastructure
Encrypted Mails, Messages
FEATURES OS Independent Authentication Mechanism
Seamless Integration with the current business and security architecture
Optional Integration with Risk Based Transaction Algorithm
All logs are stored in a secured database (completely encrypted) for future analysis Date and Time User IP Address
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
MANAGEMENT PANEL
Complete Management control with the Client’s IT Team
Management Portal to Add / Delete users Associate a Token with a User De-associate a Token with a
User Lock a lost Token Transfer a Token to another
User
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
SCASE STUDIES
Web Enabled ApplicationsWindows LogOn with / without Domain
Critical Intranet Applications including Core Banking Solutions
SSL VPN – Juniper / Citrix
Integration with LDAP / MS Active Directory
Mail Solutions
Wireless NetworksServers
WEB ENABLED APPLICATIONS / MAIL SOLUTIONS / CRITICAL APPLICATIONS
Client wanted Two Factor Authentication with – Web Enable Application (PHP Based) Inhouse built Finance Portal Mail Solutions
Source Code available with the Client
Changes made to the Authentication Module of the client application
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
PROCESSUser Name, Pwd, OTP User Name, Pwd
True Authentication
True Authentication User Name, OTP
Access
WINDOWS 7, XP WITH MS AD 2008
Client wanted Two Factor Authentication with – Windows XP with MS Active Directory 2003 Windows Vista with MS Active Directory 2003
Changes made to the Login dll of Windows
Innefu’s server module was installed on Active Directory
Seamless integration done with Active Directory
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
PROCESS
User Name, Pwd
Active Directory
AuthShield Server
True Authentication
True Authentication
User Name, OTP
APPLICATION (MAIL SOLUTION) INTEGRATED WITH LDAP
Client wanted Two Factor Authentication with – Intranet Application (Java Based) Mail Solutions
Both the applications were integrated with LDAP
Source code not available for any of the applications
Innefu’s server module was installed on the LDAP server
No changes were made to the application
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
PROCESS
User Name, Pwd, OTP
User Name, OTPTrue Authentication
User Name, Pwd Authenticated by LDAP
INTEGRATION WITH SSL VPN (JUNIPER)
Client wanted Two Factor Authentication with – SSL VPN (Juniper)
Changes made in Juniper VPN configuration
RADIUS Server was integrated with Juniper VPN
RADIUS Server authentication requests integrated with IAS Server
All requests forwarded to the IAS server which authenticates the request
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
PROCESS
User Name, Pwd
Active Directory
AuthShield Server
True Authentication
True Authentication
User Name, OTP
ADVANTAGES
The User Gets –
No Extra Codes to rememberEasy access to resourcesUse whatever device that is convenient to
the userWorks Worldwide
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
CONTD.
The organization gets –
Zero user administration. Seamless Integration with current setup Simple price set upBetter use of the IT systems already in
place100% control of 'who can access the
system'. Zero maintenance on Identity theft
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
WHAT WE OFFER
Indigenous Technology
Customization to suit specific client requirements
Our Expertise in dealing with various Government Agencies
Unparalleled Support
Competitive Advantage
Robust and Proven Technology
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
SPREVENT IDENTITY THEFT!! –
COUNT ON
THANK YOUQUESTIONS WELCOME
INNEFU LABS PVT. LTD
www.innefu.com
+91-11-47065864 / 66
[email protected], [email protected]
Priv
ate
and C
onfidentia
l -INN
EFU
LAB
S