improving security and access to network with smart badge
DESCRIPTION
Improving Security and Access to Network with Smart Badge. Eril Pasaribu CISA,CISSP Security Consultant. AGENDA. Background Core Technologies Schlumberger Solutions Questions & Answers. Market facts (CSI/FBI). How Does One Authenticate?. One Factor - What you know – Password - PowerPoint PPT PresentationTRANSCRIPT
1 SPD
Improving Security and Access Improving Security and Access to Network with Smart Badgeto Network with Smart Badge
Improving Security and Access Improving Security and Access to Network with Smart Badgeto Network with Smart Badge
Eril Pasaribu CISA,CISSPSecurity Consultant
2 SPD
AGENDAAGENDA
• Background• Core Technologies• Schlumberger Solutions• Questions & Answers
3 SPD
Market facts (CSI/FBI)Market facts (CSI/FBI)
4 SPD
How Does One Authenticate?How Does One Authenticate?
• One Factor - What you know – Password• Two Factors - What you have – Smart card• Three Factors - What you are – Biometric
=> Balance between convenience, privacy, and security
5 SPD
A Corporate Smart Badge?A Corporate Smart Badge?
• Passwords are expensive and provide poor security• Many different standards increase management
complexity and help desk support• Increasing network fraud, poor security around
transactions and messaging• Hard drive based security can be improved
=>One single ID card for both secure physical and =>One single ID card for both secure physical and logical accesslogical access
6 SPD
Smart Cards for Corporate Login
Smart Cards for Corporate Login
0
20
40
60
80
100
2001 2002 2003 2004
Mill
ion
Uni
tsDataquest/Card Technology 5/01
By YE ‘04 33% of W2K/XP users
will login via smart card
(Gartner Group)
7 SPD
CORE TECHNOLOGIESCORE TECHNOLOGIES
• Public Key Infrastructure• Smart Cards• Proximity Cards
8 SPD
PKI Symmetric Model
PKI Symmetric Model
9 SPD
PKI Asymmetric Model
PKI Asymmetric Model
10 SPD
PKI Public Key Cryptography Fundamentals
PKI Public Key Cryptography Fundamentals
• Two keys, one you keep secret (private) and one you let everyone else know (public)
• Important property:– If data is encrypted with a public key, the only way to
decrypt is by having the private key– If data is encrypted with a private key, the only way to
decrypt is by having the public key
• Combined with secret key algorithms provides: authentication, bulk encryption, and integrity
11 SPD
Digital CertificatesDigital Certificates
• Public Keys are distributed in the form of Certificates.– Binding between “identity” and a public key– Digital equivalent of employee badge, drivers license –
universal– Issued by Certificate Authorities (CAs) to clients,
servers, objects– Trust and accreditation of CA is a major component of
Public Key Infrastructure: to what extent can you be sure a certificate truly binds a public key to an entity
• A Digital Certificate contains the sender’s public key, and also the trusted authority’s digital signature.
12 SPD
What’s in a Digital Certificate?
• Defined by ITU standard X.509– supported by Netscape,iPlanet, Entrust, MS IE, MS
IIS, Lotus Domino 5, …
• Certificate typically contain:– Name of owner and their public key– Name and signature of Certificate Authority– Expiration date, serial number– Algorithms used for encryption & signing
• X.509 v3 permits arbitrary attribute-value pairs (e.g. credit card #, access control information, certificate policies….)
13 SPD
Smart Card Overview
Smart Card Overview
• Total sales of 1.5B units in 2000– GSM requires smart card (SIM)– Credit cards, AMEX blue, DoD.
• Already a proven, secure technology• Almost unanimous agreement among analysts and
experts that smart cards are an ideal token for storage of important digital credentials, such as private keys, biometrics, etc.
14 SPD
Reflex 72 Reflex 20
CARD READERS
Middleware
CRYPTO CARD
Cryptoflex
4K, 8K, 16K
JAVA CRYPTO CARDS
Cyberflex Palmera Protect
16K, 32K
Cyberflex Access II
16K, 32K
SLB Smart Card Products
SLB Smart Card Products
15 SPD
e-Gate: the next generatione-Gate: the next generation
• e-Business Smart Card: Access e-Gate– 32K Access II card with embedded USB driver.
– Simple, inexpensive reader plugs directly into USB port
– e-Gate Card+Reader vs. ISO Card+Reader: 30% less
– Electron d’or award, 2000
16 SPD
Smart Card KitsSmart Card Kits
17 SPD
Proximity CardsProximity Cards
• HID Proximity Card– 125 kHz proximity antenna and chip– Popular in the US– Personalize by HID
• MIFARE Contactless Smart Card– 13.56 MHz contactless antenna– Popular outside of the US– Personalize by our CIS
18 SPD
Schlumberger Smart Badge Integration
Network accessSecure log inDigital signaturesWeb authenticationPassword storagePublic key infrastructure
Paymentloyalty programs
Physicalaccess
Corporateidentity
E-commerceentitlement control
• authentication• authorization• accounting
19 SPD
Single Sign-On (SSO)
Single Sign-On (SSO)
• Enable authentication to be managed consistently across the enterprise
• Allow a user to log in just once• Transparent access to a variety of permitted
information systems• Integration of stronger authentication services to
support SSO using the Corporate Badge
20 SPD
Smart LoginSmart Login
• Smart Card based password store for Windows, enabling reduced Sign On.
• Support IE, Netscape, and any Windows Login dialog.
• Windows 2000/NT/9x.• Automatic Login.
21 SPD
DemoDemo
Demonstrate Smart Card Login on Windows 2000And secure screen lock
22 SPD
Demo 1-2Demo 1-2
• After Windows boot, SLB GINA dialog is displayed
• On card insertion, user is prompted for PIN verification
• If successful, access is granted to desktop and related networks
23 SPD
Demo 2-2Demo 2-2
• On card removal (typically when the user walks away from his computer), the computer locks itself automatically
• It is unlocked using the same process as initial logon (PIN verification
24 SPD
SC & ReaderCard Software
Directory CA PolicyServer CMS
Physical Access
TechnicalConsulting
CustomApplications
E-CommerceVPN
Loyalty
Design &Integration
Project ManagementDeploymentTraining24x7 Help Desk
Schlumberger’s total solution
25 SPD
Smart Badge Movie
26 SPD
Q & AsQ & As
Questions and Answers