What’s in Your BYOD World?

What’s in Your BYOD World?

Biometrics is key to network-centric security

What's in your BYOD world?As network security professionals are acutely aware, they must be continuously vigilant to meet the ever-evolving threats driven by the bring your own device (BYOD) trend that is extending the network outside the office. BYOD-related concerns about mobile security reach across private and public markets. Fortunately, the salvation for security pros can be found in the latest innovations in multifactor authentication using biometrics. By enabling multi-ifactor authentication anywhere, anytime, biometrics allows both security and privacy on the network.

As we all know, mobility is the key trend driving today’s biometrics market. Mobility means putting data and network access everywhere. Long gone are the “good old days” in the enterprise with stationary datacenters or networks confined to the office. Even when people started teleworking, it was relatively easy—compared to the current situation—to secure laptops and the network.

Now we are dealing with a host of BYOD devices, including smartphones and tablets, that are not standardized and much more difficult to integrate. In fact, with so many operating systems and data platforms, it is no longer possible to maintain standard integration and data profiles.

But, as every network security professional knows, the shift in the mobile communications industry toward increased convenience and personalization cannot be stopped. We have to find a way to work across these platforms and tie convenience to security.

Hard Look at Server Access

With illegitimate mobile access becoming the biggest threat to network-centric security, a primary challenge is hardening access to the server by identifying and authenticating the end-point access. To prevent tunneling into our systems and to ensure our data’s integrity, we must make sure those accessing the system are legitimate.

At the same time, we are dealing with a network that has now exploded outside the office. It’s everywhere. Increasingly, data is no longer maintained on the server and is vulnerable to illegitimate access. The threats that can compromise data seem to multiply daily; any number of users could have an infected email client, malware apps could be injected into the network or there could be people on the network who are just plain subversive. So the key becomes authentication of programs on the network and people who are on it.

At the same time, privacy remains a paramount concern. People who are on company-issued mobile devices and have company data running on platforms for personal use want to know how the network can differentiate their private data from company data.

Data integrity is another network-centric security issue. It used to be that data sat on the server. Now it’s sitting on tablets and smartphones. How do we maintain its integrity?

The good news is that all the network-centric security needed for mobile data platforms can be implemented with technology available today. The bad news is that, historically, increased security has usually meant increased inconvenience to the end user.

Nuts and Bolts of Secure Network Access

Experienced network security professionals know that access to the back-end network of the corporate enterprise should always be done through a virtual private network (VPN), the encrypted tunnel running through a hardened conduit called the secure socket layer (SSL). Integrity of the VPN is ensured by the SSL’s encrypted protocols.

On the other end is the user’s tablet, smartphone or other mobile device. Access is enabled by use of certificates as part of a Public Key Infrastructure (PKI), a compilation of hardware, software, individuals and guidelines to develop, manage and disable digital certificates that provide secure network access from a user’s device. The PKI contains a private key that binds the public keys with their correct (and unique) user identities via a certificate authority (CA). The private key is then used only by the user based on his or her secret code or password, and the PKI operates as the authentication channel that binds to a registration authority (RA) to ensure the public key correlates directly to the user’s identity to allow the user secure network access.

The next layer of network-centric security issues is presented by the device themselves. Delivery of secure access and services to mobile devices depends on application of strong multifactor user authentication. Proof-positive authentication should comprise some combination of what you know (password or PIN), what you have (ID card or token) and who you are (biometrics). The more factors, the better.

Passwords alone are never adequate because they can be easily compromised. While solutions combining password/PIN and ID card/token are often considered strong enough, only biometrics can provide absolute proof that a person is who he or she claims to be.

Biometrics Basics

Biometrics is perhaps the most innovative approach to implementing security on mobile devices. Fingerprinting, the most common and most secure biometric, is strongly supported by standards developed by the National Institute of Standards and Technology (NIST).

Biometrics not only provides convenient security, but incorporating multimodal biometrics can make the network practically impenetrable by unauthorized threats. Fingerprinting can be supplemented by iris recognition, face recognition and a series of less common modalities.

Anywhere, Anytime Authentication

Introduced by Precise Biometrics in June 2012, the Tactivo casing for smartphones and tablets enables multilevel authentication for mobile devices, anywhere and anytime.

This is a combination smartcard and fingerprint reader for the iPhone 4 and 4S, as well as the iPad. Connected directly to the device and designed specifically to complement the Apple design, the case provides both a smartcard and fingerprint reader to protect against unauthorized application access. Together with special-purpose apps, Tactivo enables companies and government agencies to maintain a high level of authentication and security when employees use mobile devices to access sensitive information.

Tactivo enhances the security features already available in iPhone and iPad devices. For example, using the BioSecrets app, Tactivo is able to store passwords and other sensitive information within a biometrically secured container on the iPhone 4S, iPhone 4, iPad 2 and the new third-generation iPad.

How IT Works

Tactivo makes the end point—smartphone, tablet or other mobile device—a trusted access point. It enables convenient security, making it easy to pick up the iPhone or iPad, swipe your finger and authenticate the device. By using PKI and a smartcard certificate, the app provides the strong front-end authentication needed to establish a secure session through the SSL, enabling access to the network datacenter via the VPN.

It provides two-factor authentication with biometric and smartcard/ hardware security modules. Smartcards, with their integrated circuit chip, can be used to perform the biometric authentication directly on the card. By doing that, it gets behind its own firewall and is impervious to malicious code or attacks without compromising personal biometric data.

In addition, the app is supported by a portal called idApps.com that provides information on a growing directory of available apps. At the same time, the iOS toolkit will expand to support a variety of biometrics to continue to be convenient and easy to use.

The iOS toolkit enables developers to implement self-contained authentication or integrate with third-party identity managers and service providers. As a result, the app can be used with a virtually unlimited number of apps.

The Precise iOS toolkit enables iOS app developers to integrate smartcard or fingerprint authentication, or both. Smartcard and fingerprint functionality can be integrated separately or together to replace passwords or PINs, enhancing convenience and increasing security. App developers also can combine these authentication methods with other iPhone and iPad features such as GPS.

The iOS toolkit is designed to make integration as straightforward as possible. It has a simple API and, to ensure short development time, sample implementations for smartcard integration and fingerprint enrollment/verification are included. This functionality can be directly integrated into other apps.

Supported by the iOS toolkit, Tactivo has the potential to evolve with and adapt to changing market needs. For example, solutions can be developed to verify card integrity and authenticity; verify cardholder identity; control access to applications or application data stored locally on the device; and facilitate access to Web and cloud services. In addition, because Tactivo supports government smartcard credentials including CAC, PIV, PIV-I and TWIC, the iOS toolkit is well-suited for developers targeting the government segment.

This article originally appeared in the May 2013 issue of Security Today.

Featured

  • Survey Shows Election Anxiety Crosses Party Lines

    New reports of election worker intimidation are raising concerns about election interference. A majority of Americans (71%) are worried about voter intimidation or safety at the polls, and 75% want security cameras at their voting place, according to a new national survey. Read Now

  • 66 Percent of Cybersecurity Pros Say Job Stress is Growing

    Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • Live from GSX 2024: Post-Show Recap

    Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now

    • Industry Events
    • GSX
  • Research: Cybersecurity Success Hinges on Full Organizational Support

    Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3