Hardly a day goes by without some news of a security breach. The original concept of the Internet was based on sharing information…not security. Today, it's a vital part of our daily lives and as its services are becoming more and more sophisticated, numerous challenges lie ahead, particularly fraud.

Put simply, the cloud concept, is that vast computing resources will reside somewhere out in the ether (ie the Web) rather than in your own computer facilities and you will connect to and use them as needed (on demand) with applications being delivered as services, rather like your mobile phone. Software as a service (SaaS) has changed the way organisations access their applications, as more and more users deploy hosted software delivered direct to a web browsers providing access anytime, anyplace, anywhere, – the Martini effect! As any B2B marketer knows, Salesforce.com is one of the pioneers of SaaS.

As concepts like cloud computing unfolds and SaaS begins to move to centre stage, security of user identity and data is paramount.

Security can be a heavy weight challenge and not for the feint hearted, but recently I found a little device with big aspirations that is set to change the way we think about digital security. The Yubikey is a simple token created to make Internet identification secure, easy and affordable for everyone.

For consumers, the YubiKey can be used today for a growing number of applications including web single sign-on (including OpenID), virtual private networks (VPN), Active Directory, Windows login and password management. YubiKey is highly flexible and can be configured to support legacy applications using one or two factor authentication. User supplied usernames and passwords can be selected to match the security requirements and fit existing screen layouts.

YubiKey is the first USB-key for instant access to networks and services that works with any hardware and operating system combination supporting USB keyboards. The Key generates and sends unique time-variant authentication codes by emulating keystrokes through the standard keyboard interface. This process allows the Key to be used with any application or Web-based service without any need for special client computer interaction or drivers, thus making it very easy to deploy.

It differs from traditional authentication tokens based on time-variant codes in that it needs no battery and therefore does not rely on an absolute time generated by an accurate time source. No battery means low cost, unlimited shelf life and no synchronisation or customer support issues.

The miniature device, as thin as a credit card plugs into any USB slot. A simple touch of the device sends the user's identity and a unique pass code every time it is used. For two-factor authentication, the device can be combined with a PIN or password.

Yubikey provides non-repudiated authentication of identity for digital security. A critical requirement for any hardware authentication token is singularity, i.e. that an identity cannot be copied and/or be adversely used without knowledge of the legitimate user. Static identification schemes, such as surname/password are highly vulnerable to common ID theft issues including ‘phishing’, key loggers and other means of eavesdropping.

• Non-repudiation of identity means.
• Providing proof of the integrity and data provenance.
• An authentication that with high assurance can be asserted to be genuine.

Proof of data integrity is the easiest of these to achieve. A data hash such as MD5 is usually sufficient to establish that there is minimal likelihood of data being changed undetectably. However, data integrity is best asserted when the recipient already possesses the necessary verification information.

The most common method of asserting the digital origin of data is through digital certificates. These are a form of public key infrastructure and can also be used for encryption. The digital origin only means that the certified/signed data can be trusted to be from someone who possesses the private key corresponding to the signing certificate (with reasonable certainty).

The Yubikey differs from traditional hardware authentication tokens, because it does not rely on a two-way challenge-response protocol, battery-powered time base, keyboard or a display.

Despite not using the many of the most common security measures present in state-of-the-art authentication Yubikey is totally secure. So how does it do it?

The YubiKey generates a unique 128-bit time-variant code at each authentication event and there is no time window during which two authentication codes are equal. The introduction of a time-variant code including a certain level of randomness, all encrypted with strong (128bit) encryption, means that singularity is preserved and phishing, keylogging and snooping attacks can be defeated with certainty.

All of the unique codes are encrypted with AES-128 (Advanced Encryption Standard) and then encoded to "readable form", where the resulting string is transmitted in its full length. A 128-bit number is larger than a 3 followed by thirty-eight zeroes – an almost infinite number! This combined with the fact that a potential hacker has so little information about the plaintext, cryptanalysis is, to all intents and purposes, futile.

So, an initial test of the device reveals that there is the real possibility of making security for the Internet, cloud computing and SaaS simple affordable and safe. That has got to be good news for everyone as the Internet is now a part of so many people’s lives.