Smartcards can be used to mitigate an advanced persistent threat (APT) due to the security of the physical card.
Speaking to SC Magazine, Hilding Arrehed, director of worldwide professional services at ActivIdentity, claimed that as smartcards are used to login to a PC an attack would require a physical copy of the card.
He said: “Our token is much more secure than [other] tokens, so therefore much more resilient to attacks. You have got to secure internal machines and networks and smartcards is the best way. In order to compromise a user you have got to have the smartcard, as this is a two-factor process.
“It is virtually impossible to clone a smartcard, as an attacker would have to have a card and have a PIN code and this has not been done as it is immensely difficult. If a user loses a card they can revoke it if it is lost. With the RSA attack the attacker got the seed file and the tokens were compromised, with a smartcard there is no seed data and the access keys are generated inside the card.”
ActivIdentity said that too many organisations rely on older-generation perimeter defences and have weak internal authentication, which is why the APT strategy has been so effective. It highlighted three methods to which enterprise security can be improved:
- Utilise far more secure, easily deployable, affordable and convenient smartcard solutions that represent the most logical choice for an authentication device in dealing with most threats.
- Employ stronger one-time-password (OTP) tokens with algorithms based on multiple variables (seed key, time and event counter), which are more resistant to compromise than older traditional tokens, which use fewer variables and hence, less protection.
- Protect OTP token seed files with strong encryption and initialise tokens and smartcard keys locally.
Julian Lovelock, senior director of product marketing at ActivIdentity, said: “While no single solution or practice can protect the enterprise from every attack, the current threat matrix unfolding in headlines across the world validates ActivIdentity's approach in making smartcards readily available through our ActivID CMS appliance.”
The company is launching an appliance-based version of its card management system (CMS) to offer more advanced OTP tokens leveraging three-variable algorithms (seed keys, time and event data).
Arrehed said: “The CMS has been around for years as software and the challenge has been to integrate it into the database. With an appliance version we are removing the complexity, it can house PKI and OTP credentials in context with enterprise security as there are no passwords to steal as the system contains only those credentials.”