Physical and Logical Identity Management: The Good, the Bad and the Ugly. Carolyn Loew The Boeing Company

Transcription

1 Physical and Logical Identity Management: The Good, the Bad and the Ugly Carolyn Loew The Boeing Company Boeing s Global Reach 2006 revenue of $61.5 billion from customers in more than 90 countries International sales accounted for 37 percent of total revenue Direct employment of more than 150,000 people in 49 states and 70 countries Contracts with 22,000 suppliers and vendors in more than 100 countries Research, design and technology development centers and programs in multiple countries Manufacturing, services and technology partnerships with companies around the world One of the largest U.S. exporters Companies Companiesthat thatchange changeand andadapt adaptinin a rapidly rapidlyevolving evolvingglobal global economy economywill willgrow growand andprosper 1

2 Cross organization team was created Physical Security Logical Security Business Unit Representatives The Journey Began in November 2001 Goal: Create a single badge that could be used at all Boeing locations for physical and logical access Remove SSN from barcode and magnetic stripe Update badge pictures Update applications that used barcode and magnetic stripe to use new data format Include a smart chip that would be used for logical authentication Phased Approach Phase I Establish data format standard for magnetic stripe and barcode Develop enterprise badge system Issue proximity badge with updated pictures Phase II Adapt physical access control systems to read new badge Adapt downstream systems to read new data format Deploy proximity readers Phase III Design smart chip infrastructure Evaluate and select vendor for smart chip infrastructure Implement smart chip infrastructure and production processes Implement initial smart chip applications Run pilot test 2

3 What Worked Initial and ongoing executive support Strong program/project management and leadership Capable, dedicated, knowledgeable team members from sustaining organizations Implementing Standard Technologies Communication and strong collaboration between physical security, IT security organizations, business units and vendors Communication to user community Smart Chip Expectations Strengthen authentication to two-factor Eliminate user id and passwords Reduce password reset costs Provide secure mobile container for x.509 certificates Payment or credit card Replace One Time Password for Remote Access Provide single sign on based on how user logged onto Windows 3

4 Where we are today All Boeing employees have a smart chipped badge 15,000 users have initialized their smart chip Web Single Sign-on can automatically authenticate user Smart card readers are standard on all new laptop and desktops Client software is part of standard image Cross-certified medium assurance certificates are on the smart chip Users can use their smart chip to log on remotely over a high-speed connection Key Challenges End user acceptance (ease of use) No mandatory reason to use x.509 certificates Unable to determine if badge was used for authentication to Windows Deploying/maintaining client software Processes for lost and forgotten badges International travel (export regulations) Client Middleware Conflicts 4

5 Key Challenges COTS products unable to authenticate x.509 certificates Unable to use with a dial up connection Shared or kiosk workstations Usability for mobile devices (PDAs, cell phones, data collectors) Unix, Linux (non-windows support) HSPD12 Cost and complexity of future chip upgrades What we are working on Improve usability Release of new user interface Expand usability testing to include user documentation, website and applications using the smart chip Expiring certificate notification 5

6 How we plan to increase usage Increase use of smart chip by starting small 802.1x pilot Proof of Concept for kiosk solution Pre-Boot Authentication with Whole Disk Encryption Increase use of medium assurance certificates Carolyn Loew, CISSP/PMP SecureBadge Project Manager The Boeing Company 6