The YubiKey protects access to CERN nuclear research data

Open-source solution supports access to SSH sessions and integrates with single-sign on (SSO) portal

Industry

Government

Protocols

Yubico OTP, SSH

Products

All YubiKey Form Factors

Deployment

Research Staff

About CERN

Founded in 1954, CERN is the European Organization for Nuclear Research and is one of the world’s most respected centers for scientific research. Located near Geneva, the facility is home to some of the world’s largest and most complex scientific instruments used to study matter and provide insights into the fundamental laws of nature.



The need for strong authentication to protect sensitive data

CERN provides a wide variety of services that enable engineers and physicists to access research data. Due to the highly sensitive nature of this data, the CERN security team wanted to put high-security processes in place to ensure only authorized users could access these resources. Up until 2011, passwords had been the primary method of authentication, and the security team was concerned about them being phished and stolen.

To improve security, CERN wanted to move to strong two-factor authentication (2FA) that was also fast and easy to use. Furthermore, the team needed an open-source solution that could support access to SSH sessions and integrate with the single sign-on (SSO) portal.


“The YubiKey meets all of our requirements thanks to its simplicity of use, its open algorithm, and the available open-source software support.”

— Remi Mollon, CERN Computer Security Team


Yubico’s open-source approach to integration eases deployment

After researching multiple security options, the team decided to implement multifactor authentication that included a hardware token in addition to a password — and the YubiKey was selected as the right solution.

In addition to increasing the strength of authentication, the YubiKey solution has greatly simplified the deployment process for CERN. Instead of configuring keys for employees, the organization provides self-service stations where users can initialize their hardware tokens and map them to their account. This helps free up IT resources for more important tasks.

“The YubiKey meets all of our requirements thanks to its simplicity of use, its open algorithm, and the available open-source software support,” said Remi Mollon of the CERN Computer Security Team. “Moreover, the YubiKey requires no drivers, meaning that it is compatible with all of our operating systems, which is a big advantage in a heterogeneous academic environment. The absence of a battery is yet another plus, limiting the maintenance costs to a strict minimum,” he said.