There is no debate that companies large or small are more or less have put a lot of efforts in protect digital security and privacy with “best practice” recommendations, often use solutions from branded security vendors or built by best in-house/outsourced experts, yet they are falling prey of cyber and insider attacks, because “compliance” or “best practice” do not equal to security. The reality has shown us that traditional security approaches have fall behind the increased system complexity and advanced technical capabilities that have been mastered by adversaries.
The key weakness in our security defenses lies with the weakness of digital identities systems have been used to authenticate users (no system could defends against attacker impersonates legitimate user); follow by inability to validate the authenticity and integrity of communication (If attacker can temper with the data freely, then no need to crack the one time password) and finally incapable of protecting information from unauthorized accesses in an event of inevitable security breach because unknown system or application security vulnerabilities.
FrontOne’s information security solution addresses all security weakness listed above:
First, FrontOne uses its own digital identity that is harden to withstand advanced hackers using sophisticated real time attacks and help all its users from falling prey of identity thieves from phishing and malware attacks at client side to advanced persistent threats at the server side, because FrontOne’s digital identity is dynamic and non-transferable.
Second, FrontOne provides 100% message integrity by using dedicated and destination aware messaging system and ensure each and every message is completely unique; reducing the chance of attackers from being able to identifying and manipulating it for their benefit.
Finally, FrontOne uses its own method of protecting information at rest, in transit or in use, by focusing our innovation at the security and integrity of encryption key while using industry standardized cryptography. FrontOne’s user centric data protection solution uses dual control for its encryption keys. Random encryption key is protected with security key that has two parts, one part from the client side and other from the centralized key server. This arrangement ensures that access to protected data is available with the presence of the user device of the authorized user.
The security approaches FrontOne have taken above are further strengthened with its own patented technologies that introduce a dynamic element is each and every message and transaction, mutually authenticate both parties before a request is served and providing user with ultimate control that is not accessible digitally.
2. Digital Risks&Opportunities
Risks Opportunities
Electronic & Identity Fraud New & Secure Digital Identity
New Hack-Resistant Security
Cyber Attacks, Espionage
Platform
Rapidly Changing Business Protects: Users Transactions;
Environments Communications and Digital
Assets
Competitive Landscape
Built-in Security: Apps; Cloud
Services;Internet &Mobile
Payments…etc
3. The Whole Solution
• FrontOnetakes care of security across all layers and
all components facilitating a digital exchange under
one unified platform.
• Digital Identity: Dynamic; Non-Transferable
• Authentication: Continuous Mutual Authentication
• Data Verification: Device Centric Digital Signature – Offers
of a physical element activated by user action.
• Data Protection: Encryption key is unique for each dataset.
Access to protected data is bi-directional requiring action
from both server and client. Add our patented 3A-Key for a
true end-to-end security solution that is hard to match.
4. Digital Identity
• Others
• Static Identities: Password or One Time Password
• Vulnerabilities:Phishing, Malware, etc
• Fact:Cyber Criminals – HAVE MASTERED THE ART OF
STEALING DIGITAL IDENTITIES.
• FrontOne
• Dynamic Identity: PHISHING & MALWARE - DEFEATED
5. Authentication
• Others
• Login – One Time User Authentication
• Vulnerabilities:Authenticated Session - HIJACKED
• Fact: HACKERS CIRCUMVENT TWO-FACTOR STRONG
AUTHENTICATION – WITH EACH PASSING DAY TWO-
FACTOR AUTHENTICATION BECOMES INCREASINGLY
LESS SECURE.
• FrontOne
• Continuous Mutual Authentication: MAN IN THE MIDDLE, MAN
IN THE BROWSER - DEFEATED
6. Data Verification
• Others
• Out Of Band Verification
• Vulnerabilities:Data Leaks, Vishing, Man In The
Mobile, etc.
• Fact:ZeuS, SpyeyeMitmo found in the wild, attack banks
• FrontOne
• User Authorization At Personal Device: NO DATA LEAKS -
VISHING &MITMo - DEFEATED
7. Data Protection
• Others
• Transparent Data Encryption
• Vulnerabilities:Level 7 Attacks and Security Breaches
• Consensus:IF YOU ARE TARGETED YOU WILL BE
BREACHED
• FrontOne
• Dynamic, User Centric Security Key Management
&Controls:Systematic Failure Is Prevented – The Risks Of
Security Breaches Are Mitigated
8. Secure End to End
• User End
– 3AKey: USB HID Key (no storage)
– Smartphone App (Virtual Connection)
• Application Server End
– Zero Knowledge proof API
• JANUS Server/Service End
– Random, Dynamic Element
– User Centric Data Protection
9. FrontOne Innovations
• “Future Proofs” its solutions by introducing a dynamic elementinto
every transaction thereby outmaneuvering adversaries.
• Provides a secure conduit between a user, FrontOne‟s Server
and Content/Service Provider that allows a „zero knowledge‟
digital exchange to be complete with a high level of security and
confidentially.
• Mitigates the risks of unauthorized access to protected data by
introducing user/device centric key management.
• FrontOne empowers organizations and users to take charge and
be in control of digital identities, assets and transactions.
10. FrontOne Digital Signature
Cert
SID
ADynamic Element In
Hash Every Transaction –
Outmaneuvers Adversaries
FrontOne
Message Dynamic Hash Digital
Key Signature
Important note: The data may be the same but our digital signature is not!
11. Privacy Preserving Identification
Application JANUS
business API
logic
Service
Provider
Zero
Knowledge
Proof
User/
JANUS
3AKey
Ea:>> Identity Token
Secure signaling path
(if & when required)
12. The Why, What and How
• Why We Need Something Better
1. Identity Theft:Phishing, Key-Logger, Malware …
2. Financial Fraud - Financial Malware,MITM, MITMO…
3. IP and Data Theft - APT, Zero Days, Insider…
4. Commercial Espionages and Economic Terrorists …
• What We have Done and How
13. Security Feature Comparison
Product Name/ 3AKEY or Smartcard OTP PKI
Feature Description SmartKey USB PKI Token Certificate
Strong Authentication (2FA) Y Y Y
Multiple Credential Support Y Y
Two-Way Authentication Y Y Y
Protect Against Client Side Attacks Y
Offline Mutual Authentication Y
Transaction Signing Y Y Y
Transaction Verification Y
Server Task Authorization Y
User-Centric Key For Data Protection Y
Device ID& Verification Y
Physical Control (not accessible Y
digitally)
14. Applications
• FrontOne‟s Dynamic Digital Identity (ZERO KNOWLEDGE) –
With simplistic user controls, here is the value proposition:
1. New hack-resistant digital identities for cloud and enterprise
applications.
2. Advanced transaction security in internet banking and “card not
present” transactions.
3. Advanced Data Protection for Enterprise &The Cloud
4. Advanced Mobile Payment Solution
5. Secure Electronic Voting
6. Many other digital security, privacy compliance and risk mitigation
applications
15. FAQ - 1
• How is your solution compared with others?
Traditional layered security has limited effectiveness
against new and emerging threats as attackers exploit
weaknesses between uncoordinated layers to steal
data or modify transactions.
FrontOne provides a unified security platform that delivers
true end-to-end security. It starts by providing a secure
digital credential, followed by continuous authentication
with device centric data protection ultimately giving a
user the final say in authentication.
16. FAQ - 2
• Will your solution protect users and transactions if a
system is already infected?
1. Yes.
2. FrontOne provides true end-to-end security without being
dependent. It has been designed with the assumption
that a user‟s computer has been compromised with
unknown malware or may be at a future date.
3. Our solution provides a secure transaction environment
for a broad range of applications.
17. FAQ - 3
• What about x.509 or PKI, isn‟t it the best?
1. This technology is based on trust whereas FrontOne‟s solution
takes trust out of the equation. Our solution returns security
and control to our clients.
2. Compliance is not equal to security.Most if not all companies
that suffered security breaches were in “compliance” before
falling victim to attacks.
3. Both x.509 are PKI are dumb in that they react to commands.
There is no active authentication.
4. Extremely vulnerable to padding oracle attacks (recovers
private certificate from physical device).
Are we finally ready to accept that the certificate system is completely broken?
This diagram show the composition of message used for the purpose of secure identification.
This diagram illustrate the paths and signals in completing a zero knowledge digital transactions.
The hardware security devices market has been dominated by Onetime password device for some time, but the wide spread of Malware has changed that. In the past couple of years, we saw the increasing adoption of USB token and Smartphone based App, with the goal of better integration with the application to enhance transaction security. Most of these products and solution are based on smartcard and PKI technology. There is no question that these devices and solution increased the barrier of attack. However, it remain vulnerable to attacks as because the system is based on blind trust, and the system is very complicated, therefore most implementation does not include real time certificate verifications. As the result, we have seen report on Trojan in the wild already able to compromise PKI based authentication. It come as no surprise from a technological perspective, the system has designed to operates with or without user, certainly, does not consider user control as a security criteria. Thus resulting a fatal flaw, because it can not provide a physical component that is not accessible digitally.This comparison table also illustrate the many addition security features that are absent from other hardware security devices but is critical for providing a secure transaction environment for all kind of digital exchanges.