Embed Size (px)
Citation preview
Using push notifications, inBay’s multi-factor authentication solution is able to protect corporate networks, VPNs, cloud services (private, hybrid, and public), and websites with a passwordless multi-factor authentication service that verifies identity before a user logs in to any system. The two-factor idQ® Trust as a Service (TaaS) solution enables users to quickly and easily access their accounts without worrying about security threats.
PROJECTIn order to evaluate the solution, inBay provided CENGN with its idQ TaaS pluggable authentication module (PAM). CENGN installed the PAM in a Linux server, within a jumpbox container. After installation, the PAM was connected to both CENGN and inBay’s idQ TaaS authentication server, as well as an application account created for CENGN. Next, inBay generated CENGN user accounts to evaluate the PAM solution. Using these accounts, CENGN registered mobile devices on the idQ TaaS service.
With all these elements in place, CENGN developed several different use cases that effectively tested the idQ TaaS solution. With the ability to test the multi-factor authentication and authorization solution as a user, CENGN was able to generate specific feedback that was
INBAY TECHNOLOGIES’ IDQ TRUST AS A SERVICE FOR AUTHENTICATION FOR LINUX
inBay® Technologies Inc. (inBay) focuses on providing passwordless authentication and authorization solutions to enterprises seeking increased security for their systems and accounts. What sets inBay’s new solution apart from others is that it is multi-factor, meaning it uses more than one layer of authentication, that it is easy to use and implement, and is highly scalable. This multi-factor authentication solution for Linux systems uses push notifications on a linked mobile device as an additional layer of security, creating a seamless and secure way for users to access their accounts.
CENGN MEMBERS
MULTI-FACTOR AUTHENTICATION PROJECT
able to assist inBay in qualifying the efficacy of their solution. In addition, CENGN’s feedback will help inBay to make further improvements to their product.
RESULTSThe inBay proof-of-concept proved to be very productive. By demonstrating a variety of different scenarios, the project verified the functionality of the solution while simultaneously providing an in-depth demonstration of how the solution worked in four different use cases. In each scenario, the solution was effective in providing multi-factor authorization and added security while remaining user-friendly and efficient.
Figure 1. Scanning the QR code with the idQ Connect app
SOLUTION
Scenario 4: Blocking an unauthorized user attempting to access a system
This scenario explores what would happen if someone were to get a hold of a user’s access credentials (e.g. username/password). In the event that someone got a hold of a user’s username and password and attempted to gain access to their account in the system, the application would prevent the unauthorized user from entering. When the hacker enters the credentials, a push notification is sent to the user’s designated mobile phone. The user then becomes aware that their credentials were compromised and can deny the authorization request by clicking the ‘Deny’ button (Figure 3). The unauthorized user is blocked access to the system.
In conclusion, the idQ TaaS platform ensures that only authorized users have access to resources in a flexible and user-friendly way while providing an enhanced level of security to the enterprise.
SCENARIOSCENGN tested the following four scenarios to validate inBay’s idQ TaaS multi-factor authentication solution. Each scenario identifies a different way idQ TaaS solution enhances security while providing flexibility for enterprises’ business processes.
Scenario 1: Enhanced security for a system user logging in using an SSH key as a first layer of authentication
To use the idQ TaaS multi-factor authentication system, a user has to create an idQ TaaS account and map the account to their designated device (e.g., mobile phone, tablet). In this scenario, a user logs in to a system for the first time using their SSH private key. While logging in, a QR code is shown on the user’s screen. The user scans the code with their idQ Connect mobile application installed in their phone. The idQ TaaS pluggable authentication module (PAM) maps the user’s phone with their user account (Figure 1). Any user using the idQ TaaS multi-factor authentication solution has to map their idQ TaaS account to their designated device. Next time when the user enters their SSH public key to log in to the system, a push notification is sent to their phone. After the notification is approved by clicking the ‘Accept’ button, the user is logged in to the system.
Scenario 2: Enhanced security for a system user logging in using their username and password as a first layer of authentication
In the next use case, a system user can log in using their username/password as the first layer of authentication. Upon successful verification of their credentials, a push notification is sent to their idQ TaaS registered phone as a second layer of authentication. Once a user approves the push notification, they are logged in to the system.
Scenario 3: Added flexibility enabling a system administrator to use a single layer of authentication
It is not necessary for all users to use the second layer of authentication. For example, a system administrator can skip the second layer of authentication if need be. In this scenario, a system administrator is not added to any of the idQ TaaS user groups. Since the system administrator is not registered to any idQ TaaS user groups, a second layer of authentication is not required for the user to log in. They log in simply by using their username and password.
Figure 3. A hacker is blocked with the idQ Connect appFigure 2. CENGN logs into their system with idQ TaaS
Rick Penwarden, Marketing Manager
https://cengn.ca/projects
Dobrila Moogk, VP Marketing
https://inbaytech.com/CENTRE OF EXCELLENCE IN NEXT GENERATION NETWORKS
