Product Review: iKey 3000

    Date17 Oct 2003
    CategoryCryptography
    3904
    Posted ByAnthony Pell
    One-factor authentication (user IDs and password) is still the most widely used method, primarily because it is simple, easy and there are no pieces of hardware to configure. But there are many applications where this is just not secure enough. In two-factor authentication, not only do users need to know a PIN but they also need to possess the correct token.. . . One-factor authentication (user IDs and password) is still the most widely used method, primarily because it is simple, easy and there are no pieces of hardware to configure. But there are many applications where this is just not secure enough. In two-factor authentication, not only do users need to know a PIN but they also need to possess the correct token. This higher level of security, combined with the token's memory and cryptographic processing capabilities, makes it particularly attractive as a solution for many situations such as digitally signing documents and mails and authenticating the user remotely for access to corporate networks through VPNs.

    Physically, the iKey 3000 token is small and purple, around the same size as a door key, with a USB plug at one end and a green LED and a key ring hole at the other. The plastic body has a fine finish and is fairly robust under normal circumstances, although the review sample could be prized apart fairly easily to reveal the printed circuit board and chips inside, wrapped in yellow transparent tape.

    In situations where people wear tokens on a ribbon around their neck, the token should be fairly safe, but where this is not practical, it will probably end up on a key ring with the user's house and car keys - this also solves the problem of arriving at work without it. In these circumstances, the unprotected USB end is susceptible to damage, which if severe enough, could stop the token from fitting into the USB socket on the computer.

    Inside, there is 32Kb of EEPROM of which 12Kb is used by the operating system, leaving approximately 20Kb - enough space to store a number of X.509 certificates and PGP keys. The iKey has a secure processor chip and runs the Giesecke & Devrient STARCOS SPK 2.3 operating system which has been ITSEC E4 High certified. Random number generation, generation and storage of keys, and resistance to known attacks are also part of the ITSEC E4 High evaluation. Public and private keys are generated on the token, as are all digital authentication and signing operations, thus precluding interception of private keys on the computer's USB port. The USB interface runs at 1.5M Baud, making key operations on a token with a few certificates on it take one to two seconds.

    You are not authorised to post comments.

    LinuxSecurity Poll

    Do you reuse passwords across multiple accounts?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    13
    radio
    [{"id":"55","title":"Yes","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"56","title":"No","votes":"0","type":"x","order":"2","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.