What’s in Your BYOD World?

What’s in Your BYOD World?

Biometrics is key to network-centric security

What's in your BYOD world?As network security professionals are acutely aware, they must be continuously vigilant to meet the ever-evolving threats driven by the bring your own device (BYOD) trend that is extending the network outside the office. BYOD-related concerns about mobile security reach across private and public markets. Fortunately, the salvation for security pros can be found in the latest innovations in multifactor authentication using biometrics. By enabling multi-ifactor authentication anywhere, anytime, biometrics allows both security and privacy on the network.

As we all know, mobility is the key trend driving today’s biometrics market. Mobility means putting data and network access everywhere. Long gone are the “good old days” in the enterprise with stationary datacenters or networks confined to the office. Even when people started teleworking, it was relatively easy—compared to the current situation—to secure laptops and the network.

Now we are dealing with a host of BYOD devices, including smartphones and tablets, that are not standardized and much more difficult to integrate. In fact, with so many operating systems and data platforms, it is no longer possible to maintain standard integration and data profiles.

But, as every network security professional knows, the shift in the mobile communications industry toward increased convenience and personalization cannot be stopped. We have to find a way to work across these platforms and tie convenience to security.

Hard Look at Server Access

With illegitimate mobile access becoming the biggest threat to network-centric security, a primary challenge is hardening access to the server by identifying and authenticating the end-point access. To prevent tunneling into our systems and to ensure our data’s integrity, we must make sure those accessing the system are legitimate.

At the same time, we are dealing with a network that has now exploded outside the office. It’s everywhere. Increasingly, data is no longer maintained on the server and is vulnerable to illegitimate access. The threats that can compromise data seem to multiply daily; any number of users could have an infected email client, malware apps could be injected into the network or there could be people on the network who are just plain subversive. So the key becomes authentication of programs on the network and people who are on it.

At the same time, privacy remains a paramount concern. People who are on company-issued mobile devices and have company data running on platforms for personal use want to know how the network can differentiate their private data from company data.

Data integrity is another network-centric security issue. It used to be that data sat on the server. Now it’s sitting on tablets and smartphones. How do we maintain its integrity?

The good news is that all the network-centric security needed for mobile data platforms can be implemented with technology available today. The bad news is that, historically, increased security has usually meant increased inconvenience to the end user.

Nuts and Bolts of Secure Network Access

Experienced network security professionals know that access to the back-end network of the corporate enterprise should always be done through a virtual private network (VPN), the encrypted tunnel running through a hardened conduit called the secure socket layer (SSL). Integrity of the VPN is ensured by the SSL’s encrypted protocols.

On the other end is the user’s tablet, smartphone or other mobile device. Access is enabled by use of certificates as part of a Public Key Infrastructure (PKI), a compilation of hardware, software, individuals and guidelines to develop, manage and disable digital certificates that provide secure network access from a user’s device. The PKI contains a private key that binds the public keys with their correct (and unique) user identities via a certificate authority (CA). The private key is then used only by the user based on his or her secret code or password, and the PKI operates as the authentication channel that binds to a registration authority (RA) to ensure the public key correlates directly to the user’s identity to allow the user secure network access.

The next layer of network-centric security issues is presented by the device themselves. Delivery of secure access and services to mobile devices depends on application of strong multifactor user authentication. Proof-positive authentication should comprise some combination of what you know (password or PIN), what you have (ID card or token) and who you are (biometrics). The more factors, the better.

Passwords alone are never adequate because they can be easily compromised. While solutions combining password/PIN and ID card/token are often considered strong enough, only biometrics can provide absolute proof that a person is who he or she claims to be.

Biometrics Basics

Biometrics is perhaps the most innovative approach to implementing security on mobile devices. Fingerprinting, the most common and most secure biometric, is strongly supported by standards developed by the National Institute of Standards and Technology (NIST).

Biometrics not only provides convenient security, but incorporating multimodal biometrics can make the network practically impenetrable by unauthorized threats. Fingerprinting can be supplemented by iris recognition, face recognition and a series of less common modalities.

Anywhere, Anytime Authentication

Introduced by Precise Biometrics in June 2012, the Tactivo casing for smartphones and tablets enables multilevel authentication for mobile devices, anywhere and anytime.

This is a combination smartcard and fingerprint reader for the iPhone 4 and 4S, as well as the iPad. Connected directly to the device and designed specifically to complement the Apple design, the case provides both a smartcard and fingerprint reader to protect against unauthorized application access. Together with special-purpose apps, Tactivo enables companies and government agencies to maintain a high level of authentication and security when employees use mobile devices to access sensitive information.

Tactivo enhances the security features already available in iPhone and iPad devices. For example, using the BioSecrets app, Tactivo is able to store passwords and other sensitive information within a biometrically secured container on the iPhone 4S, iPhone 4, iPad 2 and the new third-generation iPad.

How IT Works

Tactivo makes the end point—smartphone, tablet or other mobile device—a trusted access point. It enables convenient security, making it easy to pick up the iPhone or iPad, swipe your finger and authenticate the device. By using PKI and a smartcard certificate, the app provides the strong front-end authentication needed to establish a secure session through the SSL, enabling access to the network datacenter via the VPN.

It provides two-factor authentication with biometric and smartcard/ hardware security modules. Smartcards, with their integrated circuit chip, can be used to perform the biometric authentication directly on the card. By doing that, it gets behind its own firewall and is impervious to malicious code or attacks without compromising personal biometric data.

In addition, the app is supported by a portal called idApps.com that provides information on a growing directory of available apps. At the same time, the iOS toolkit will expand to support a variety of biometrics to continue to be convenient and easy to use.

The iOS toolkit enables developers to implement self-contained authentication or integrate with third-party identity managers and service providers. As a result, the app can be used with a virtually unlimited number of apps.

The Precise iOS toolkit enables iOS app developers to integrate smartcard or fingerprint authentication, or both. Smartcard and fingerprint functionality can be integrated separately or together to replace passwords or PINs, enhancing convenience and increasing security. App developers also can combine these authentication methods with other iPhone and iPad features such as GPS.

The iOS toolkit is designed to make integration as straightforward as possible. It has a simple API and, to ensure short development time, sample implementations for smartcard integration and fingerprint enrollment/verification are included. This functionality can be directly integrated into other apps.

Supported by the iOS toolkit, Tactivo has the potential to evolve with and adapt to changing market needs. For example, solutions can be developed to verify card integrity and authenticity; verify cardholder identity; control access to applications or application data stored locally on the device; and facilitate access to Web and cloud services. In addition, because Tactivo supports government smartcard credentials including CAC, PIV, PIV-I and TWIC, the iOS toolkit is well-suited for developers targeting the government segment.

This article originally appeared in the May 2013 issue of Security Today.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.