authentication

February 16, 2021
By Alex Chapin
Securing all of the entryways into U.S. Defense Department networks with zero trust is a multistep process, says Alex Chapin, vice president, McAfee Federal. Credit: mkfilm/Shutterstock

Ask someone in federal IT what zero trust means and you’re likely to hear that it’s about access control: never granting access to any system, app or network without first authenticating the user or device, even if the user is an insider. The term “Never trust; always verify” has become a common way to express the concept of zero trust, and the phrase is first on the list of the Defense Information Systems Agency’s (DISA’s) explanation.

December 30, 2020
By George I. Seffers
Army Sgt. Evan Tosunian (l) and Sgt. Allan Sosa, both assigned to the California Army National Guard’s 224th Sustainment Brigade, install single-channel ground and airborne radio systems in a Humvee at the National Guard armory in Long Beach, California, in May. The Army’s standardized, reprogrammable encryption chip known as RESCUE will help secure communications for radios, computers, unmanned vehicles and other systems. Credit: Army Staff Sgt. Matthew Ramelb, California Army National Guard

The U.S. Army’s universal, reprogrammable encryption chip is in final testing and may be destined for the service’s next-generation encryption fill device, other military services or possibly even the commercial sector.

The REprogrammable Single Chip Universal Encryptor (RESCUE) technology was developed to be a government-owned, general-purpose cryptographic module and architecture that is highly tailorable to counter emerging cryptographic threats. It uses standardized encryption algorithms designed by the National Security Agency (NSA) and the National Institute for Standards and Technology.

October 1, 2020
By Dirk W. Olliges
Leslie Bryant, civilian personnel office staffing chief, demonstrates how to give fingerprints to Jayme Alexander, Airmen and Family Readiness Center casualty assistance representative selectee. Although requiring fingerprints to access information is better than single-factor identification verification, it should be part of a multifactor authentication approach. Credit: 2nd Lt. Benjamin Aronson, USAF

The two-factor authentication schema is often heralded as the silver bullet to safeguard online accounts and the way forward to relegate authentication attacks to the history books. However, news reports of a phishing attack targeting authentication data, defeating the benefits of the protection method, have weakened confidence in the approach. Furthermore, hackers have targeted account recovery systems to reset account settings, yet again mitigating its effectiveness. Facilitating additional layers of security is crucial to bolstering user account protection and privacy today and into the future.

October 1, 2019
By George I. Seffers
A soldier reacts to a mock opposition forces attack during training at Fort Irwin, California, in June. Cybersecurity projects within the Office of the Chief Information Officer/G-6 will improve cybersecurity for tactical systems. Credit: Air National Guard Master Sgt. Joshua Allmaras​

Cyber policy traditionally has focused more on enterprise networks than tactical systems, according to Nancy Kreidler, the Army’s new leader for the Cybersecurity and Information Assurance Directorate within the Office of the Chief Information Officer/G-6. But new initiatives emphasize cybersecurity in the tactical environment, including networks, weaponry and any other systems used by warfighters.

September 1, 2019
By Robert K. Ackerman
Many experts think the future of identity verification is a single authentication that applies across all disciplines of verification. Credit: ktsdesign/Shutterstock

The secret word is out and crypto is in as government and commercial experts lay the groundwork for the next generation of identity proving and authentication. Passwords are being abandoned in favor of a range of new methods that are more secure and, in some cases, more user friendly.

Biometrics are just part of the solution. They have been paired with public key cryptography in preliminary efforts. Ultimately, the solution may emerge from an entirely new concept of identity that applies across a broad spectrum of applications.