Authenticating Remote User Identity With CASQUE SNR
A long time ago, Basil Philipsz has founded Distributed Management Systems (DMS), which started originally as a software house doing small jobbing contracts. One of those projects was a physical access control system in which they were successful at protecting the Port of Dover by setting up a system of magnetic stripe cards for internal Users, such as the Police and Customs authority, to access the port. That triggered his interest in access security, so he embarked on a set of inventions, 4 of which particularly underpin the CASQUE SNR technology. In this interview Basil Philipsz reveals the ins and outs of this operation. Share
What makes CASQUE SNR unique?
The whole point of our approach was to answer the question: how do you confirm the identity of a remote user coming to a data network?
There are many possible solutions to this problem: passwords, biometrics, PKI certificates, one time passwords, SecureID Tokens etc.
The problem with these techniques is that they rely on fixed secrets: a private key in a PKI Infrastructure, a biometric template, attestation key in FIDO U2F device etc.
If this fixed secret is discovered by hacking techniques, or if an insider discloses that fixed secret, then the system is busted. Our approach says you should keep changing the fixed secret. We use a secure chip in a variety of different manifestations to store a set of keys, it is called a CASQUE SNR Token which is an active device that resists cloning.
The benefit is that even if an attacker makes a clone of the secure chip, when the key is updated, either the clone gets the update and the “real” Token becomes useless and login is suspended, or the real Token gets the update, in which case the clone doesn’t work.
We have refined this further by ensuring that even if the insider is a privileged user that can access the authentication server and give a copy to his collaborator, the collaborator would not be able to predict the keys. So as well as preventing clones, we have eliminated a major type of attack by a privileged insider.
Our main motivation is the belief that in any large organization has the possibility of a frustrated insider. If we remove that level of threat, then we de-risk the vulnerability of the entire organization.
One of the 4 inventions has granted US and EU patents. Moreover, the latest version has been certified by the UK’s National Cyber Security Center as being suitable for use at the secret level.
As you might expect, our major customer is the UK Ministry of Defense, but currently we are offering our system to a more commercial audience.
How does CASQUE SNR work?
The architecture is based on a Challenge-Response Protocol. Users possess a Token that computes the required response to a given Challenge. Tokens can have a variety of forms including Smartcard (Contact and Contactless), Bluetooth Fob or Optical Token, the latter reading the Challenge directly off the Client Screen. Tokens have their initial set of Keys populated on the Customer’s premises by the Customer so the Manufacturer or System Implementer can never be part of the risk.
The Challenge is generated by the CASQUE SNR Authentication Server. We have variants for Windows or LINUX which can be set on a VM in a Cloud infrastructure and act as an independent Identity Provider. The Challenge only gets decrypted inside the Token and the response also verifies key change success. It is impossible to play back successfully previous Challenges.
The CASQUE SNR Authentication Server Database is copied in real time whenever changes are enacted and updates a remote secure Backup Server allowing instant recovery on any disaster event.
The administration of the CASQUE SNR Authentication Server is provisioned so that different “Grades” of administrators can appropriately update the allocation, suspension and privileges of Users remotely through a web interface after being authenticated by CASQUE SNR.
So, for example, a “Help Desk” Administrator can suspend a reported lost Token whereas a “Supervisor” level Administrator is needed to unsuspend.
There is a capability of the CASQUE SNR Server, through an API, to send short messages to the Token to be revealed to the User. This could be used to distribute part of an encryption key to decrypt previously sent files so obviating the risk of interception and thereby establishing a separate, inviolate private channel. One example of using this feature could be a receipt summarising a transaction just completed.
Can you describe a Case Study?
We have integrated CASQUE SNR with Pulse Connect Secure which provides gateways that enable VPNs. The Pulse Connect Secure refers a User’s access request to the CASQUE SNR Authentication Server and its Challenge-Response interrogation determines whether access is granted or rejected.
Another example is when a Customer wants to use their own web server. We provide a programming interface so the web server can talk directly to CASQUE SNR Server.
We have also integrated CASQUE SNR with the Zimbra Collaboration Suite.
Alternatively, you might be using Amazon Web Services, but instead of the normal login you can use CASQUE SNR for a more secure, non-repudiated authentication.