Improving Security and Access to Network with Smart Badge

1 SPD

Improving Security and Access Improving Security and Access to Network with Smart Badgeto Network with Smart Badge

Improving Security and Access Improving Security and Access to Network with Smart Badgeto Network with Smart Badge

Eril Pasaribu CISA,CISSPSecurity Consultant

2 SPD

AGENDAAGENDA

• Background• Core Technologies• Schlumberger Solutions• Questions & Answers

3 SPD

Market facts (CSI/FBI)Market facts (CSI/FBI)

4 SPD

How Does One Authenticate?How Does One Authenticate?

• One Factor - What you know – Password• Two Factors - What you have – Smart card• Three Factors - What you are – Biometric

=> Balance between convenience, privacy, and security

5 SPD

A Corporate Smart Badge?A Corporate Smart Badge?

• Passwords are expensive and provide poor security• Many different standards increase management

complexity and help desk support• Increasing network fraud, poor security around

transactions and messaging• Hard drive based security can be improved

=>One single ID card for both secure physical and =>One single ID card for both secure physical and logical accesslogical access

6 SPD

Smart Cards for Corporate Login

Smart Cards for Corporate Login

0

20

40

60

80

100

2001 2002 2003 2004

Mill

ion

Uni

tsDataquest/Card Technology 5/01

By YE ‘04 33% of W2K/XP users

will login via smart card

(Gartner Group)

7 SPD

CORE TECHNOLOGIESCORE TECHNOLOGIES

• Public Key Infrastructure• Smart Cards• Proximity Cards

8 SPD

PKI Symmetric Model

PKI Symmetric Model

9 SPD

PKI Asymmetric Model

PKI Asymmetric Model

10 SPD

PKI Public Key Cryptography Fundamentals

PKI Public Key Cryptography Fundamentals

• Two keys, one you keep secret (private) and one you let everyone else know (public)

• Important property:– If data is encrypted with a public key, the only way to

decrypt is by having the private key– If data is encrypted with a private key, the only way to

decrypt is by having the public key

• Combined with secret key algorithms provides: authentication, bulk encryption, and integrity

11 SPD

Digital CertificatesDigital Certificates

• Public Keys are distributed in the form of Certificates.– Binding between “identity” and a public key– Digital equivalent of employee badge, drivers license –

universal– Issued by Certificate Authorities (CAs) to clients,

servers, objects– Trust and accreditation of CA is a major component of

Public Key Infrastructure: to what extent can you be sure a certificate truly binds a public key to an entity

• A Digital Certificate contains the sender’s public key, and also the trusted authority’s digital signature.

12 SPD

What’s in a Digital Certificate?

• Defined by ITU standard X.509– supported by Netscape,iPlanet, Entrust, MS IE, MS

IIS, Lotus Domino 5, …

• Certificate typically contain:– Name of owner and their public key– Name and signature of Certificate Authority– Expiration date, serial number– Algorithms used for encryption & signing

• X.509 v3 permits arbitrary attribute-value pairs (e.g. credit card #, access control information, certificate policies….)

13 SPD

Smart Card Overview

Smart Card Overview

• Total sales of 1.5B units in 2000– GSM requires smart card (SIM)– Credit cards, AMEX blue, DoD.

• Already a proven, secure technology• Almost unanimous agreement among analysts and

experts that smart cards are an ideal token for storage of important digital credentials, such as private keys, biometrics, etc.

14 SPD

Reflex 72 Reflex 20

CARD READERS

Middleware

CRYPTO CARD

Cryptoflex

4K, 8K, 16K

JAVA CRYPTO CARDS

Cyberflex Palmera Protect

16K, 32K

Cyberflex Access II

16K, 32K

SLB Smart Card Products

SLB Smart Card Products

15 SPD

e-Gate: the next generatione-Gate: the next generation

• e-Business Smart Card: Access e-Gate– 32K Access II card with embedded USB driver.

– Simple, inexpensive reader plugs directly into USB port

– e-Gate Card+Reader vs. ISO Card+Reader: 30% less

– Electron d’or award, 2000

16 SPD

Smart Card KitsSmart Card Kits

17 SPD

Proximity CardsProximity Cards

• HID Proximity Card– 125 kHz proximity antenna and chip– Popular in the US– Personalize by HID

• MIFARE Contactless Smart Card– 13.56 MHz contactless antenna– Popular outside of the US– Personalize by our CIS

18 SPD

Schlumberger Smart Badge Integration

Network accessSecure log inDigital signaturesWeb authenticationPassword storagePublic key infrastructure

Paymentloyalty programs

Physicalaccess

Corporateidentity

E-commerceentitlement control

• authentication• authorization• accounting

19 SPD

Single Sign-On (SSO)

Single Sign-On (SSO)

• Enable authentication to be managed consistently across the enterprise

• Allow a user to log in just once• Transparent access to a variety of permitted

information systems• Integration of stronger authentication services to

support SSO using the Corporate Badge

20 SPD

Smart LoginSmart Login

• Smart Card based password store for Windows, enabling reduced Sign On.

• Support IE, Netscape, and any Windows Login dialog.

• Windows 2000/NT/9x.• Automatic Login.

21 SPD

DemoDemo

Demonstrate Smart Card Login on Windows 2000And secure screen lock

22 SPD

Demo 1-2Demo 1-2

• After Windows boot, SLB GINA dialog is displayed

• On card insertion, user is prompted for PIN verification

• If successful, access is granted to desktop and related networks

23 SPD

Demo 2-2Demo 2-2

• On card removal (typically when the user walks away from his computer), the computer locks itself automatically

• It is unlocked using the same process as initial logon (PIN verification

24 SPD

SC & ReaderCard Software

Directory CA PolicyServer CMS

Physical Access

TechnicalConsulting

CustomApplications

E-CommerceVPN

Loyalty

Design &Integration

Project ManagementDeploymentTraining24x7 Help Desk

Schlumberger’s total solution

25 SPD

Smart Badge Movie

26 SPD

Q & AsQ & As

Questions and Answers