Lucent Offers Novel Authentication Tool

Experts say the new technology could greatly improve the security of enterprise networks.

Researchers at Lucent Technologies Inc.s Bell Labs have developed a new authentication technology that experts say could greatly improve the security of enterprise networks.

The software comprises two pieces, known as Secure Store and Factotum, and is unique in that it doesnt store usernames and passwords on client machines. All user credentials are stored on the network, and users access them as needed via their PCs or other devices.

The software was originally written for Bell Labs own Plan 9 operating system, but researchers say they can port it easily to other platforms, including Windows, Solaris, Linux and Unix.

To set up the services, users type into Secure Store all of their various usernames and passwords for the Web sites that they frequent, such as online banking sites. This data is protected through the use of AES encryption and is then stored on the network.

To retrieve any of this data, users enter a password in the Factotum software, which runs on their client machines. Using a new protocol Bells Labs developed, called Password Authenticated Key Exchange, the software then retrieves the requested key from the network.

Once on the users machine, the keys are stored in RAM rather than on the hard drive and are deleted as soon as the machine is switched off.

"Bell Labs design recognizes rightly that identity and the authentication of identity are the heart and soul of security," said David Nicol, professor of computer science at Dartmouth College in Hanover, N.H., and director of research and development at Dartmouths Institute for Security Technology Studies.

Bell Labs officials say they dont have any plans to sell the software at this point and are instead making it available for free. Enterprises could implement the technology as a single sign-on solution for all of the companys applications, suggested Eric Grosse, director of networked computing research at Bell Labs in Murray Hill, N.J.

"The main thing is, we have a scheme that doesnt require massive deployment," Grosse said. "You could deploy it on the department level and move on incrementally from there."

Grosse and some of his colleagues from Bell Labs and the Massachusetts Institute of Technology unveiled the new software during a talk Wednesday at the Usenix Security Symposium in San Francisco.

Related Stories:

  • The Problems With Identities
  • More Security Coverage