n-Auth offers unique advantages based on state-of-the-art security and cryptographic technology. n-Auth consists of two building blocks: a mobile component, running on a user’s mobile device and a component integrated into the server. The two components ensure a mutually authenticated secure communication channel between the device and server.
n-Auth offers strong mutual authentication based on a state of the art cryptographic protocol. We do not rely on SSL or TLS, for which numerous vulnerabilities have been demonstrated. Our protocol protects the privacy of the device right away and does not need renegotiations of the secure connection to do so.
Regardless of how many accounts you create, they never share any data, making it impossible to link them together. Your privacy remains safe.
Since n-Auth runs on a mobile device that is accessible to other apps and possibly other users, a high level of implementation security is required. The n-Auth app is hardened to protect against many types of implementation attacks.
Side Channels n-Auth uses constant time implementations of all cryptographic functions. Did you know it is otherwise possible to extract keys from an app by running an eavesdropper app in parallel?
Reverse Engineering Most apps are trivial to reverse engineer, to learn the deepest of their functioning. n-Auth is obfuscated in depth, making it hard for an attacker to find out what is happening exactly with the key material.
App separation The n-Auth app runs separated from all other apps on the device, exposing only a limited, controlled interface to the outside world.
True 2 Factor Security
n-Auth uses a PIN to unlock your keys. Only with the combination of your keystore and the correct PIN you can start authenticating. The PIN is not stored anywhere: not on the device, nor on the server. Depending on the security level, you will have to enter the PIN just once at the start, or after a certain timeout.
Two factor authentication solutions often miss an additional factor: the server. When the server stores a copy of the PIN or secret key, the server in fact becomes a single point of failure. When the server is breached (i.e. the database leaks) this puts the whole authentication system at risk. For users that reuse their PIN, the situation is even worse.
n-Auth offers true two factor authentication. Only when having the device keys combined with the PIN code, or the device keys and a copy of the server database you can authenticate. This eliminates the server as single point of failure and instead creates a 2 out of 3 factors authentication system. This also eases the security requirements for the server, i.e. a costly HSM is no longer needed.
The n-Auth has several distinctive (optional) features that ensure a smooth user experience:
- Instant login/logout using the n-Auth app (or the application frontend)
- Explicit user confirmation
- Continuous authentication
- Transaction confirmation in full text.
This makes it very easy for the user to understand what is happening and get an overview of where he/she is currently authenticated. By providing the user with a uniform experience and meaningfull confirmation messages, the attack vectors to do social engineering are severely limited.
The above features are optional and it depends on the specific use case and the required security level whether you should use these.