update SINGAPORE--The local government has set up a wholly-owned subsidiary to operate the country's IT security facility focusing on two-factor authentication (2FA), which is part of an initiative first announced in 2005.
Called Assurity Trusted Solutions, the subsidiary will oversee operations of the national authentication framework (NAF), a nationwide security layer to authenticate online transactions between the government, businesses and citizens.
The Infocomm Development of Singapore (IDA) said at a media briefing here Thursday that Assurity is scheduled to roll out its services in the second half of this year, offering 2FA services to consumers and service providers such as banks and government agencies.
ST Electronics has been contracted to design, build, operate and maintain the NAF infrastructure, in a deal spanning five years. When asked, IDA officials declined to reveal how much the contract was worth.
The NAF was first announced in 2005 as part of a national initiative to beef up Singapore's IT security landscape.
To entice service providers to come onboard the NAF when it is commercially ready, 2FA services will be offered at no charge throughout the first two years of operation, said Assurity CEO Lim Hup Seng.
Speaking at the briefing, Lim said the authentication platform will offer "compelling value proposition" to all kinds of service providers, and provide time and costs savings which they otherwise will need to invest to build and maintain their own authentication systems as well as replace tokens once their lifecycle ends.
IDA CEO Ronnie Tay added that the NAF will also appeal to small and midsize businesses (SMBs) which can ride on the infrastructure and tap the scale of the security platform to carry out 2FA transactions.
Asked whether the scale of the NAF also opens it up to new vulnerabilities, Lim replied that it is Assurity's "greatest concern, [but] not its greatest fear". He explained that the NAF infrastructure is highly available, offering up to 99.999 percent service availability, and is hosted in two data centers--located in different locations--with built-in redundancies to respond to potential threats.
One-time password to come first
One of the first 2FA methods that Assurity will deploy is the one-time password (OTP), generated either through a hardware token or sent via SMS.
The security feature was chosen because it already has the largest footprint locally, where consumers are already familiar with OTP technology. OTP also does not require complicated installations of hardware or software on end-user systems such as the PC, and hence, lowers the barrier of entry for first-time users.
Assurity will provide the first hardware OTP token free to qualified Singapore citizens and permanent residents (PRs) upon request, so they can access the services offered by service providers that sign up with the NAF. To qualify, consumers must be above 15 years old and conduct online transactions that require strong authentication.
Assurity COO Chia Chin Loon pointed out that public education plays a critical role in the adoption NAF and 2FA, adding that consumers need to recognize security issues associated with online transactions, such as the risk of single-factor authentication, and understand what second-factor authentication can offer.