|
|
||
|
Bell Labs Software Secures, Eases authenticationBy Bernard Cole Murray Hill, N.J. --- Lucent Technologies' Bell Labs has designed new network security software that makes the process of logging into network-based services and applications easier and more secure without sacrificing user privacy. The new security software consists of two complementary programs, called Factotum and Secure Store that work together to prove a user's identity when he or she attempts to access a secure service or application such as online banking or shopping. In contrast to some commercially available approaches where a company or third party is in control of user information, this approach puts the user in control of their personal information. Furthermore, it is an open platform that could authenticate a user with any website without requiring a website to adopt any single sign-on standard. Secure Store acts as a repository for an individual's personal information, while Factotum serves as an agent that handles authentication on the user's behalf in a quick, secure fashion. This approach tackles the problem of how to conveniently hold and use a diverse collection of personal information such as usernames, passwords and client certificates, for authenticating users to merchants or other services. "This model for doing authentication is inherently more secure because users control their information, and personal information is stored on the network not on a device," said Al Aho, professor of Computer Science at Columbia University and former Bell Labs vice president of Computing Sciences Research. "Additionally, it's incredibly convenient because these applications eliminate the need for users to type the same information over and over, or to remember multiple passwords for each service they wish to access." While Factotum and Secure Store were both written for the Plan 9 operating system, an open-source relative of Unix developed at Bell Labs, they can be ported to other operating systems, including Linux, Windows, Solaris and Unix. To set up the Factotum and Secure Store services, a user would first enter all of his or her usernames and passwords for the various websites they subscribe to -- online banking, web mail, shopping, etc. into the Secure Store. The Secure Store server on the network protects this information using state-of-the art cryptography and the Advanced Encryption Standard (AES). To retrieve key files for Factotum, running on a local device like a laptop or PDA, users only need to provide a password to prove their identity, thanks to a new, advanced security protocol created by Bell Labs for doing password-authenticated key exchange, called PAK. This approach thwarts the most common security threats, like so-called "dictionary attacks" on the password, by making it impossible for someone to eavesdrop in on the challenge-and-response approach used in most password schemes. When Factotum accesses a user's keys, it stores the information in protected random access memory (RAM), and keeps it there for a short period of time. This is an improvement over today's common method of storing passwords on a user's hard drive, which is insecure. Factotum only holds user information in memory when the machine is running, and when the machine is off, the secrets are only kept in Secure Store. The final security precaution designed into the new architecture is that Secure Store is located on the network, not on the user's PC, so even if a user's machine is hacked or stolen, the information stored in Secure Store is safe Both applications are currently available in source code form to industry and academia at http://plan9.bell-labs.com/plan9 For more information, go to http://www.bell-labs.com. |
|
||||||||
Terms and Conditions Privacy Statement |