Best Authentication Technology Company – UK & CV Excellence Award for Cybersecurity - UK Distributed Management Systems Ltd Stockclough Lane, Blackburn, Lancashire, BB2 5JR, United Kingdom Web: www.casque.co.uk Email: firstname.lastname@example.org Tel: 44 1254 208419
Identity Assurance - The Next Generation Dr. Basil Philipsz, the founder of Distributed Management Systems (DMS), a privately owned company based in Lancashire UK, talks to us about the success of the company and their new product called CASQUE SNR. The new CASQUE product is the second generation of authentication technology which has previously been used by G4S, O2 Airwave and UK’s Ministry of Defence. As the inventor, product designer and main driving force behind the success of Distributed Management Systems (DMS), Dr. Basil Philipsz explains how DMS has overcome the current challenges with the cybersecurity industry. Requiring remote users to “have” something (other than knowledge of their passwords) is regarded as essential for sensitive online applications. There is no shortage of product choices that are available in this multi-factor authentication market - expected to reach 9.60 Billion USD by 2020, at an estimated CAGR of 17.7% from 2015 to 2020, according to MarketsandMarkets.com. Techniques that underpin these products are varied: - time based dongles like SecurID; biometrics that utilise some human “fingerprint” like iris pattern; software cryptography like Public Private Key Infrastructure (PKI); out of band communication (sending SMS messages). However, confidence in these current generation technologies has been undermined by exploiting flaws in their foundation architecture. If a manufacturer embeds a key, then compromise within is damaging, as illustrated in the debacle with SecurID’s Headquarters in 2011. If a biometric template is copied and a compromise in security occurs, recovery can be difficult. PKI has been employed in several guises including smartcards and software tokens. If someone knows the private key and it is compromised, then the whole system fails. Also, this may be discovered as factorisation algorithms can be implemented using quantum computing. The validation of certificates is a perennial problem with fake certificates and neglected revocation lookups providing good hacker opportunities. There are two vulnerabilities using SMS messaging to reveal one-off password smartphones: - Firstly, they are not secure and
may be infected with malware, and also the actual communication is not secure as witnessed by the large revenues of companies who sell IMSI catchers to perform man-in-the-middle spying. NIST, the US National Institute of Standards, recent 2016 publication “Digital Authentication Guideline” https://pages.nist.gov/800-63-3/sp800-63b.html (NIST DAG) is an excellent resource describing what should be the determining characteristics of robustness in the various approaches. Biometrics are not tolerated! Out of band communication “is deprecated, and may no longer be allowed in future releases of this guidance”. Aside from the flaws in methodology, the human factor (greed, revenge, ideology) makes breaches by privileged, malevolent “insiders” especially difficult to prevent. Distributed Management Systems, winner of the Best Authentication Technology Company UK & CV Excellence Award for Cybersecurity has successfully navigated these turbid waters by producing four innovations that power their CASQUE SNR product and one of the inventions “Scalable Authentication System” was granted a US Patent (No 9,369,464) this year. Dr. Basil Philipsz, says “The safety of current authentication technologies is based on keeping fixed keys secret. Any compromise may remain undetected, difficult to recover and create significant reputation loss. We change keys dynamically and invisibly, removing fixed targets and so become immune to insider attacks, token clones and manufacturer reveal.” CASQUE SNR is fully self-contained with no third party IP dependencies. The product has its own challenge/response protocol which is cryptographically realised using standard algorithms and provides key generation and key
CV Technology Innovator Awards 2016 l 39
management. Each CASQUE SNR token contains a secure, EAL5+ rated processor. There are two types: - “Optical” with its own rechargeable battery and display and “Smartcard” with both contact and wireless Near-Field Communication (NFC) capability. The optical token is truly client-less whereas the Smartcard requires a client player. Alternatively, the challenge can be presented as a QR code on any screen and “snapped” by an Android smartphone using the CASQUE SNR NFC token. In the NIST DAG document’s terms, CASQUE SNR fulfils the description of a “Multi-factor cryptographic hardware device able to address assurance requirements at Level 3” - the highest security assurance level. CESG, the UK National Technical Authority for Information Assurance, has certified CASQUE SNR under its CAPS scheme and CASQUE SNR can be suitable for use at secret and above. “It is important to have painless deployment options and we were delighted to have been chosen by Pulse Secure (the market leader in mobile VPN) as one of their worldwide technology partners. We work out of the box with Pulse Connect Secure TLS VPN Gateway. Our recent development allows the CASQUE SNR server to act as an identity provider for any web server that implements Open ID Connect”, says Basil Philipsz. CASQUE SNR is relied upon 24/7 by the UK’s Ministry of Defence and is also NATO approved. “We want to broadcast the message that you can have military strength security at commercial prices so there should be no justification for accepting yesterday’s technologies”, says Dr Philipsz.