What’s in Your BYOD World?

What’s in Your BYOD World?

Biometrics is key to network-centric security

What's in your BYOD world?As network security professionals are acutely aware, they must be continuously vigilant to meet the ever-evolving threats driven by the bring your own device (BYOD) trend that is extending the network outside the office. BYOD-related concerns about mobile security reach across private and public markets. Fortunately, the salvation for security pros can be found in the latest innovations in multifactor authentication using biometrics. By enabling multi-ifactor authentication anywhere, anytime, biometrics allows both security and privacy on the network.

As we all know, mobility is the key trend driving today’s biometrics market. Mobility means putting data and network access everywhere. Long gone are the “good old days” in the enterprise with stationary datacenters or networks confined to the office. Even when people started teleworking, it was relatively easy—compared to the current situation—to secure laptops and the network.

Now we are dealing with a host of BYOD devices, including smartphones and tablets, that are not standardized and much more difficult to integrate. In fact, with so many operating systems and data platforms, it is no longer possible to maintain standard integration and data profiles.

But, as every network security professional knows, the shift in the mobile communications industry toward increased convenience and personalization cannot be stopped. We have to find a way to work across these platforms and tie convenience to security.

Hard Look at Server Access

With illegitimate mobile access becoming the biggest threat to network-centric security, a primary challenge is hardening access to the server by identifying and authenticating the end-point access. To prevent tunneling into our systems and to ensure our data’s integrity, we must make sure those accessing the system are legitimate.

At the same time, we are dealing with a network that has now exploded outside the office. It’s everywhere. Increasingly, data is no longer maintained on the server and is vulnerable to illegitimate access. The threats that can compromise data seem to multiply daily; any number of users could have an infected email client, malware apps could be injected into the network or there could be people on the network who are just plain subversive. So the key becomes authentication of programs on the network and people who are on it.

At the same time, privacy remains a paramount concern. People who are on company-issued mobile devices and have company data running on platforms for personal use want to know how the network can differentiate their private data from company data.

Data integrity is another network-centric security issue. It used to be that data sat on the server. Now it’s sitting on tablets and smartphones. How do we maintain its integrity?

The good news is that all the network-centric security needed for mobile data platforms can be implemented with technology available today. The bad news is that, historically, increased security has usually meant increased inconvenience to the end user.

Nuts and Bolts of Secure Network Access

Experienced network security professionals know that access to the back-end network of the corporate enterprise should always be done through a virtual private network (VPN), the encrypted tunnel running through a hardened conduit called the secure socket layer (SSL). Integrity of the VPN is ensured by the SSL’s encrypted protocols.

On the other end is the user’s tablet, smartphone or other mobile device. Access is enabled by use of certificates as part of a Public Key Infrastructure (PKI), a compilation of hardware, software, individuals and guidelines to develop, manage and disable digital certificates that provide secure network access from a user’s device. The PKI contains a private key that binds the public keys with their correct (and unique) user identities via a certificate authority (CA). The private key is then used only by the user based on his or her secret code or password, and the PKI operates as the authentication channel that binds to a registration authority (RA) to ensure the public key correlates directly to the user’s identity to allow the user secure network access.

The next layer of network-centric security issues is presented by the device themselves. Delivery of secure access and services to mobile devices depends on application of strong multifactor user authentication. Proof-positive authentication should comprise some combination of what you know (password or PIN), what you have (ID card or token) and who you are (biometrics). The more factors, the better.

Passwords alone are never adequate because they can be easily compromised. While solutions combining password/PIN and ID card/token are often considered strong enough, only biometrics can provide absolute proof that a person is who he or she claims to be.

Biometrics Basics

Biometrics is perhaps the most innovative approach to implementing security on mobile devices. Fingerprinting, the most common and most secure biometric, is strongly supported by standards developed by the National Institute of Standards and Technology (NIST).

Biometrics not only provides convenient security, but incorporating multimodal biometrics can make the network practically impenetrable by unauthorized threats. Fingerprinting can be supplemented by iris recognition, face recognition and a series of less common modalities.

Anywhere, Anytime Authentication

Introduced by Precise Biometrics in June 2012, the Tactivo casing for smartphones and tablets enables multilevel authentication for mobile devices, anywhere and anytime.

This is a combination smartcard and fingerprint reader for the iPhone 4 and 4S, as well as the iPad. Connected directly to the device and designed specifically to complement the Apple design, the case provides both a smartcard and fingerprint reader to protect against unauthorized application access. Together with special-purpose apps, Tactivo enables companies and government agencies to maintain a high level of authentication and security when employees use mobile devices to access sensitive information.

Tactivo enhances the security features already available in iPhone and iPad devices. For example, using the BioSecrets app, Tactivo is able to store passwords and other sensitive information within a biometrically secured container on the iPhone 4S, iPhone 4, iPad 2 and the new third-generation iPad.

How IT Works

Tactivo makes the end point—smartphone, tablet or other mobile device—a trusted access point. It enables convenient security, making it easy to pick up the iPhone or iPad, swipe your finger and authenticate the device. By using PKI and a smartcard certificate, the app provides the strong front-end authentication needed to establish a secure session through the SSL, enabling access to the network datacenter via the VPN.

It provides two-factor authentication with biometric and smartcard/ hardware security modules. Smartcards, with their integrated circuit chip, can be used to perform the biometric authentication directly on the card. By doing that, it gets behind its own firewall and is impervious to malicious code or attacks without compromising personal biometric data.

In addition, the app is supported by a portal called idApps.com that provides information on a growing directory of available apps. At the same time, the iOS toolkit will expand to support a variety of biometrics to continue to be convenient and easy to use.

The iOS toolkit enables developers to implement self-contained authentication or integrate with third-party identity managers and service providers. As a result, the app can be used with a virtually unlimited number of apps.

The Precise iOS toolkit enables iOS app developers to integrate smartcard or fingerprint authentication, or both. Smartcard and fingerprint functionality can be integrated separately or together to replace passwords or PINs, enhancing convenience and increasing security. App developers also can combine these authentication methods with other iPhone and iPad features such as GPS.

The iOS toolkit is designed to make integration as straightforward as possible. It has a simple API and, to ensure short development time, sample implementations for smartcard integration and fingerprint enrollment/verification are included. This functionality can be directly integrated into other apps.

Supported by the iOS toolkit, Tactivo has the potential to evolve with and adapt to changing market needs. For example, solutions can be developed to verify card integrity and authenticity; verify cardholder identity; control access to applications or application data stored locally on the device; and facilitate access to Web and cloud services. In addition, because Tactivo supports government smartcard credentials including CAC, PIV, PIV-I and TWIC, the iOS toolkit is well-suited for developers targeting the government segment.

This article originally appeared in the May 2013 issue of Security Today.

Featured

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Only 35 Percent of Companies Include Cybersecurity Teams When Implementing AI

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

  • Stay Secure in 2024: Updated Cybersecurity Tips for the Office and at Home

    Cyber criminals get more inventive every year. Cybersecurity threats continue to evolve and are a moving target for business owners in 2024. Companies large and small need to employ cybersecurity best practices throughout their organization. That includes security integrators, manufacturers, and end users. Read Now

Featured Cybersecurity

Webinars

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3