Examining device-based authentication

Combining device-based authentication technology with existing user-based authentication would be appealing for many organizations, but technical details remain unclear.

This article can also be found in the Premium Editorial Download: Information Security magazine: IPSec vs. SSL VPNs: Which cures your remote access ills?:

Driving the authentication down toward Layer 2 of the network invokes the question, "Can we authenticate the machine as well as the user?"

Here's the idea: Using a unique footprint or ID from the machine itself provides a reliable way to control access, because it enables companies to lock out any unauthorized machine. Steal the machine but don't know the password? The machine gets cut off from network access. Steal the password but not the machine? Again, no access. So, when used together, passwords and machine IDs give companies strong security without the need deploying smart cards, tokens or other devices that users can misplace or break.

As appealing as this solution is, the offerings in the market for it are still quite new. But with major players such as Microsoft, Intel, Hewlett-Packard and IBM involved, it may gain traction. These companies, with others, formed the Trusted Computing Group (TGC) in April to "develop and promote open industry standard specifications for trusted computing hardware building blocks and software interfaces across multiple platforms, including PCs, servers, PDAs and digital phones. This will enable more secure data storage, online business practices and online commerce transactions, while protecting privacy and individual rights."

While the details are still emerging as to what TCG will actually provide, it's planning to embed crypto keys in the secure platform and chips. Since the keys will be linked to the chip, they will, in essence, become a piece of the hardware itself and able to provide machine authentication.

Diana Kelley is a partner with consultancy SecurityCurve.

This was first published in August 2003

Dig deeper on Client security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close