![[site.logo.alt]](/presentation/images/RO_VJ_Logo.png){kind=logo}
Roland van Rijswijk
Technical Product Manager, SURFnet bv
Biography
Roland van Rijswijk works as Technical Product Manager for several SURFnet services and manages the tiqr project. He is responsible for innovation management in the area of Internet security. Roland obtained a Master of Science degree in Computer Science from the University of Twente (2001), after which he worked in software development for Philips, Advanced Encryption Technology (AET) and InTraffic. His expertise is in the application of high-end cryptography. Roland joined SURFnet in 2008.
Presentation: tiqr: an innovative approach to 2-factor authentication
The predominant means for authentication on the Internet is still username/password. The most important reason for this is that it is easy to roll out and well-known among users. Both from a security as well as from a usability perspective, however, username/password has well-known drawbacks. In 2009 SURFnet trialed the Mobile PKI technology in its Identity Federation (SURFfederatie). Using a mobile phone as a token has shown major benefits. Unfortunately, this technology relies on the SIM and thus on the co-operation of mobile operators. This has hampered large-scale deployment. Because we wanted to leverage the potential of mobile phones as trusted devices without having to rely on mobile operators, we decided to design a novel authentication technique that uses features of modern handsets (the ability to install ‘apps’ and the presence of a camera). Using these features we have designed and implemented a user-friendly and secure OATH-based authentication mechanism for web SSO that uses QR tags to communicate the challenge to the phone and uses the phone’s Internet connection (if available) to submit the response. Contrary to many 2-factor solutions, our solution is user-friendly, has a low deployment cost and is secure.