Information insecurity is present in all sectors of technologies that handle information electronically, the list of threats is headed by viruses, a potentially harmful element in terms of information theft.By Osvaldo Callegari*
At present, individuals retain a particular innocence regarding the personal use of information. That is why there are tools to increase safety when traveling or moving from one place to another.
ePass is a user authentication device and portability of digital certificates, plug and play, lightweight, portable, small, which provides the best security at the lowest cost and connects to the USB port (Universal Serial Bus) of any PC. To work with it does not require any additional power source, or reader, or any other type of device.
ePass Device
The ePass USB Token supports a 2-factor authentication security procedure: "the ePass" something the user has and "the password" something the user knows and needs, to have access to any application, digital certificate or system that is validated through the device.
Applications can benefit from the chip it contains internally, providing a robust mechanism for authentication services. This "challenge/response" authentication model is more secure than the traditional "user and password" model because the challenge/response model uses the "shared secret" and is never exposed during the authentication process.
As the concept of "shared secret" is defined:
In this scheme, both parties (the one validating the authentication and the one who wants to authenticate) share a common secret, for example a situation known to both parties but never exposed. The big difference with traditional password authentication is that it is exposed when the user is asked to enter it, and this entry is compared in a database to corroborate its authenticity.
With the concept of Shared Secret in this scheme the password is never requested. Instead, some processing is done with the password and what is transmitted is the result of having performed that processing. In fact, the response sent may never be the same as one sent previously.
For its part, the application performs the same processing with the key it knows (since the key is shared), and compares the result it obtained with the result sent by the client.
For example, suppose two people want to confirm that they know each other by having met on some occasion in a certain place. In this case, what both people share is the fact that they have been in the same place. If person "A" wants to corroborate that he knows person "B" from that particular place, he could ask him several different details of the time they met, instead of directly asking him "where do I know you from?". This way, you could ask him what table they sat at, what they asked to drink, who attended them, how he was dressed, what time it was, etc. This authentication process is always different, because the answers are different each time, but they are associated with the same shared secret that acts as the seed of this entire validation process.
ePass is a solution aimed at securely storing sensitive information, such as:
-Credentials for Homebanking
-Digital certificates
-Private keys
-Passwords
-Credit card numbers and other private credentials
Everything is stored securely and conveniently in the ePass Token USB and can be transported on a keychain wherever you go.
Applications involving ePass 2000
1. Security on the PC and on the network through the smartcard logon of Windows 2000, Windows Server 2003 and Windows Server 2008.
2. Email signature and encryption with Microsoft Outlook/Outlook Express, Windows Mail, Mozilla ThunderBird, Mozilla Firefox, Internet Explorer and Netscape Messenger, etc.
3. SSL secure access to the Web via Microsoft Internet Explorer, Netscape Navigator and Mozilla Firefox, etc.
4. PKI compatibility with Windows 98 onwards including Windows 7, Microsoft Internet Explorer, Mozilla Firefox and Netscape Communicator, etc.
5. Network Logon Secure.
6. Security in communications via email.
7. Secure Remote Authentication via RAS Server.
8. Secure Remote Access via Terminal Server and Remote Desktop
9. Secure access to VPN Microsoft, Checkpoint, Cisco, Fortinet, Astaro, OpenVPN, Sonicwall among others.
10. Secure access via SSLVPN with Checkpoint, Cisco, Fortinet, Watchguard, among others.
11. Secure Access for Extranet and Intranet.
12. Security on your PC (file & folder encryption – boot protection).
E-Business Applications
1. Applications for HomeBanking
2. B2B, B2C Transactions
3. Secure Transactions for Stock Exchange Agents and Traders
4. Secure Transactions for Insurance Producers
5. Health Care - HIPAA
6. Service Application Providers (ASP)
7. On-line subscriptions for magazines and newspapers
8. Collections: Tele-ticket, tolls and parking
9. On-line Government; Driver's Licenses, Vehicle Registration, Identification; Visa, Military ID and more
Features of the ePass 2000
The On board generation of keys and digital certificates is highly secure. ePass2000 uses smartcard technology to enable the generation of public and private keys within the hardware. Private keys are never exposed to the hostile environment of the PC.
1. It is Plug and Play, portable as it can be carried on a keychain, just disconnect it from the USB port and take with you the critical information and your credentials.
2. Secure storage: in the storage of personal data and digital certificates and credentials. They should not be stored in the insecure environment of the PC.
3 The operating system and authentication mechanisms it possesses determines that personal data and private credentials are stored inside the device securely, out of reach of hackers, viruses and other threats.
4. Low cost: it can be used to replace smartcards in existing PKI applications, with a differential advantage: it does not require any type of reader (smartcard Reader).
5. Ease of use: Interface in Spanish. No special development or complex integration is required for it to interact with Internet Explorer, Outlook, Outlook Express, Mozilla ThunderBird, Mozilla Firefox, and Netscape Communicator.
6. Easy to integrate: The integration does not require any development, configuration or special installation, supports applications through MS CAPI, PKCS #11 standards as well as PC/SC compatible applications.
7. Multi-use: can be configured to support multiple keys and applications.
8. Two-factor authentication: Security can be increased by requiring the user to enter an authentication PIN when they need to access the device. The pin represents what I know (password) and the ePass what I own, we call this two-factor authentication.
9. Password management: can store many passwords; the user only needs to remember the authentication PIN to the device.
When one delves into the concepts of encryption, its conceptuality is usually cumbersome, so we will try to use simple terms for the simplicity of its understanding.
Truecrypt
Truecrypt is an application that allows the user to create encrypted virtual volumes, which can be used as if they were real physical drives but with the possibility of transporting them easily. On the other hand it allows the encryption of devices and physical drives such as a hard disk or a USB flash drive.
These processes are performed "On-the-fly" this means that the encryption and decryption processes are carried out automatically in the background without user intervention.
The information stored on an encrypted volume can be read (decrypted) only with the "password/Keyfile".
In addition to the password, there is the option to use a "keyfile" key file that is, select one of the thousands of files on the computer as a second password. If file and password match, the volume is mounted and made available as a standard disk drive. It is important to keep in mind that this file must be immutable. If your content changes, TrueCrypt will not recognize it as the correct "key file" and will deny access to the encrypted volume.
The entire file system is encoded (for example, file names, folders, the contents of each file, free space, meta data, etc.).
Files can be copied from a mounted TrueCrypt volume just as they are copied from any normal disk (for example, drag and drop). Files are automatically decrypted on the fly (in memory/RAM), while being read or copied from a volume encrypted by TrueCrypt.
Similarly, files that are written or copied to the TrueCrypt volume are automatically encrypted on the fly (before they are written to disk) in RAM.
You as a user can suffer the theft of a personal computer, access to the sensitive data of your PC is guaranteed by the encryption system used TrueCrypt with ePass, this solution is robust in its double combination.
The personal identification segment in the security industry has long sought to improve the use of the identifier and password as a means of user authentication in an IT service.
The problems of managing password-based systems, their weaknesses, and the (now) classic ways of attacking or destroying, are well documented and do not need to be considered here.
It is often said that simple authentication measures must be strong and refer to multi-factor authentication, based on:
The introduction of advanced security techniques such as public key cryptography (better known as PKI - Public Key Infrastructure) which has increased the need to store secret information (private key), since a user could not remember a random password, reconstruct a string of a length, RSA 2048 would require remembering only 256 characters of the value of the information.
The rapid increase in fraud, and in particular that of credit card fraud, promises an expansion of security methods for a greater number of magnetic stripe cards and more offer of digital handwritten signature. This has been seen in many chip card issuers or smart cards, which require a password (commonly a four-digit PIN) before they can be used.
For more information on encryption you can visit www.macroseguridad.org or www.articsoft.com
Product and brand data are registered brands and products of your own companies.
*For more information about the recent article you can write to the author at [email protected]
