Professional Documents
Culture Documents
WP - Secret Double Octopus - Solution Overview
WP - Secret Double Octopus - Solution Overview
Password-Free
Enterprise
Welcome to the Password-Free Enterprise
Contents
Secret Double Octopus’ Password-Free Authentication......................................................................3
High Assurance...................................................................................................................................................3
Octopus Authenticator.......................................................................................................................6
High-Assurance Authentication...................................................................................................................... 7
Octopus Cloud.................................................................................................................................10
Secret Sharing................................................................................................................................. 11
Contact us....................................................................................................................................................................13
High Assurance
Octopus authenticator utilizes a provably unbreakable cryptography that is quantum-safe and highly resistant
to common attacks such as phishing, MITM and cracking. When used on Active Directory domains, Octopus
implements automated, high-frequency password rotation for systems that are dependent on passwords,
so users are never exposed to passwords, and any attempt to recover and reuse a password to carry out an
attack (i.e. lateral movement) will fail, as the password is valid only for a single session.
Secret Double Octopus is raising the bar on password-free authentication using strong, provably secure
cryptography to enable a password-free solution that provides high-assurance authentication and
exceptional user experience for accessing all enterprise resources.
Figure 1: Secret Double Octopus authentication equation: Improving the user experience while enhancing security
3. Octopus Cloud
A stateless cloud service that helps facilitate authentication sessions with the mobile device.
Octopus cloud is not exposed to any customer information or key material and is fully managed by
Secret Double Octopus.
1
Octopus
Authenticator
3
Octopus Authentication Server authenticates users using the Octopus Authenticator app and attests to
relying parties that users have presented authentic credentials. In this capacity, the Authentication Server
supports multiple standards and integrates with multiple systems. Notable standards supported include
RADIUS, SAML, LDAP, REST, etc. Supported systems include Windows, MacOs, Microsoft Active Directory,
VPN systems, cloud services, legacy applications and more. Octopus Authenticator is responsible for securely
storing and transmitting authentication secrets in a manner that prevents them from being compromised.
Octopus Authenticator
The Octopus Authenticator app is – per NIST definitions –
a Multifactor Cryptographic Software for conducting high
assurance user authentication. It is the only application
of its kind to leverage Shamir Secret Sharing to prevent
MITM, key theft and cloud attacks. It is this high level of
security that makes the solution high-assurance, and
enables eliminating passwords without compromising
security. As a result, enterprises who are using Secret
Double Octopus becomes a password-free workplace
while improving their security posture.
High Assurance
Protection
Seamless
User Experience
Smooth integration
All Use Cases
High-Assurance Authentication
The Octopus Authenticator provides high-assurance authentication:
1. Its authentication session-key is tightly bound to the mobile device (something the user has).
2. Using the authenticator requires on-device authentication based on a biometric signature and/or PIN
(something the user is or something the user knows).
3. The authentication secret itself is made resistant to interception using the secret sharing cryptography.
As well as anti tampering, anti reverse-engineering and obfuscation.
When using the Octopus Authentication solution, the user experiences an intuitive, hassle-
free authentication process. To authenticate, the user simply provides a PIN or touches the
fingerprint sensor on his phone, and all the rest happens automatically and transparently behind
the scenes. When compared to traditional password-based authentication, the user never has
to recall a hard password, and never has to type anything on their computer.
Server
Modules
DB
Management Authentication Server Databases
End-Point
Octopus Authentication for Windows and MacOS enables users to logon to the domain from their
workstations using their Octopus Authenticator. A Credential Provider client running on the workstation,
enables the user to authenticate to the machine and the network domain, using only their Authenticator.
Attempts to recover the password and re-use it to carry out an attack (i.e. lateral movement) will fail, as the
password is automatically changed at high frequency while the user doesn’t handle the password at all.
Randomized Password
4
4
2 Device factor 3 5
User factor
PASSWORD FREE
MORE SECURE
Octopus Cloud
The cloud component of the Octopus Authentication System
is a transparent module that is fully managed by Secret Double
Secret Double Octopus
Octopus. Its role is to support a push notification channel between
the Authentication Server and the Authenticator. Push notifications provides a high-assurance
are used to trigger the app into action, and also as another channel authentication alternative
for communicating the secret shares. Octopus Cloud is a stateless
to passwords that works
service that does not hold any customer information.
across all enterprise services.
By using the Octopus
Interact with Mobile’s providers’ (Apple and Google)
Authenticator on their mobile
push service. device, users can logon to the
Authentication/Enrollment Engine domain, access it remotely
Handles enrollment and authentication process with and also access cloud-based
the mobile app, enroll and authenticate user and
send back the response to the mobile provider services. Octopus ensures
server
that all relying parties accept
one authenticator so users
enjoy simple, hassle-free
authentication for all their
workplace needs
Secret Sharing
At its core, the Octopus authentication solution referred to as the dealer, creates N shares of a
uses Shamir’s Secret Sharing, a cryptographic secret and defines a threshold K for the number of
algorithm created by Prof. Adi Shamir (the ‘S’ in shares that are required to reconstruct the secret.
RSA). It enables transforming a secret into a number The dealer then proceeds to distribute the shares
of useless codes, also referred to as ‘shares’. In so they are controlled by different parties. In secret
order to reconstruct the secret, a minimum number sharing schemes, an attacker that gains access to
of shares are needed. Any number of shares less fewer shares of the secret than the K defined as
than the minimum cannot reconstruct the secret. the threshold, cannot gain any information about
More specifically, the holder of a secret, sometimes the secret.
Wikipedia/Information-theoretic-security
The Octopus Authenticator is an enterprise-grade solution that supports access to all enterprise resources,
whether on-premise, remotely accessed or in the cloud. The solution is fully integrated with Microsoft Active
Directory to enable password-free authentication to the enterprise domain, and security within the domain.
Secret Double Octopus is a Gartner Cool Vendor, Business Insider ‘Startup that will boom in 2018’, PwC
game-changer for Global Financial Services Innovation, and recipient of the Frost and Sullivan ‘Technology
Innovation Award‘. Its customer-base includes US, European and Asian companies.
Appendix A
Modules in the Octopus
Authentication Server
Octopus Authentication Server contains the following modules
Appendix B
Active Directory
Password-Less Alternatives