Guidance for Organizations Concerned With the Vulnerability of Authentication Tokens

Amidst media reports that the nation's largest defense contractor experienced a network intrusion last week allegedly involving the use of RSA SecurID® tokens, organizations using tokens should consider additional measures for safeguarding their information and securing their network infrastructure. Incorporating device identification as a second layer of defense can help to thwart future cyber attacks, according to officials at Wave Systems Corp..

"The Lockheed Martin breach has been a wake-up call for CSOs and CIOs, as this type of breach is a risk for any organization with the same vulnerability," commented Steven Sprague, CEO of Wave Systems, a leading provider of Trusted Computing solutions. "Security in today's IT infrastructure is more about layers than any single point of defense. We believe that organizations should add device identity as an independently managed layer for network access control, where only known devices -- those authorized by the organization -- are granted access to information and sensitive resources. This is device-based security."

TPM Uniquely Suited for Device IdentificationTraditional approaches to device identification center on using MAC addresses and user credentials in software to identify a device on the network. Nevertheless this is subject to security vulnerabilities since MAC addresses and software-based user credentials can be spoofed, so another device can claim the same MAC address, to illustrate.

A better approach for device identification is through the use of the Trusted Platform Module. The TPM is a cryptographic security chip developed using a specification from the Trusted Computing Group. Among its many security features, the TPM has the ability to create, sign and store keys, which can be used to provide strong binding of machines and users to the device. Because the authentication keys are stored and protected within the hardware, they cannot be changed or stolen by malware. Benefits of the TPM include: persistent protection of identity information; broad deployment; and a low total cost of ownership, as there is no additional hardware to acquire or deploy.

Copyright © 2011 Marketwire. All rights reserved. All the news releases provided by Marketwire are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Furthermore distribution of these materials is strictly forbidden, including nevertheless not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Fundamental company data provided by Capital IQ. Historical chart data and daily updates provided by Commodity Systems, Inc.. International historical chart data, daily updates, fundAnalyst estimates data provided by Thomson Financial Network. All data povided by Thomson Financial Network is based solely upon innovation information provided by third party analysts. Yahoo! has not reviewed, and by no means whatsoever endorses the validity of such data. Yahoo! and ThomsonFN shall not be liable for any actions taken in reliance thereon.