Go for zero point of compromise

By on

Joe Uniejewski warns that concentrating sensitive data in one place is no longer a responsible solution

You log onto your bank's website to conduct a few overdue transactions. You supply a password, PIN and a personal piece of information. Then you are conveniently able to transfer your hard-earned funds. It is simple. You have proven your identity. The transaction is encrypted. It is relatively safe. Isn't it?

Have you thought about what goes on behind the scenes? To enable this transaction, the bank is probably storing a large database full of its customers' social security numbers. In the U.S., this single piece of data is the foundation of a customer's identity. The database is priceless, and tempting to hackers.

Organizations running an application for a conventional server have a problem - a "single point of compromise." An attacker who gains control over one server can assume that server's privileges and access its data. Is this an unnecessary risk? Can organizations authenticate you based on personal information without risking your privacy by storing that information on a single server? Some think this is a tall order, but technology makes it entirely possible.

The root of the problem

Customers must surrender personal information to perform virtually any online transaction. This information might define who the customer is, or might reveal confidential financial information. Either way, organizations use this sensitive data to validate customers' identities before authorizing any transaction.

Therefore, organizations need to store a host of sensitive data (such as social security numbers, passwords, and so on) as well as answers to "life questions," like date of birth or your mother's maiden name. There is an implied trust that any sensitive data will remain private.

If an intruder was to gain access to this data and it was in a "readable, usable" format, there is no limit to the potential damage. So organizations must take decisive measures to ensure the security of customer information. It is their ethical and often legal responsibility.

For a long time, privacy and other forms of e-security have taken a back seat to other pressing business issues. Thinking about security has been put off until after the inevitable serious breach. That is too late, especially when customer privacy is involved.

It is time to be proactive, and there are tactics organizations can use. They can implement encryption to protect customer data as it moves across networks, and go further by encrypting stored data. They can also use firewalls, authentication, intrusion detection and monitoring, virus checking, and access control to operating systems and/or databases.

While these solutions help protect sensitive data, solutions that store personal data and passwords on a server are still vulnerable to risk. Too often, viruses, Trojans, inside attackers and hackers are able to punch through the outer layers of defense on enterprise networks. When a conventional server is compromised, an attacker can get root access to that server and seize its privileges and the data it manages. Even strong encryption does not effectively protect a single point of compromise, which offers hackers the "keys to the kingdom."

Split the risk

Many organizations are very good at intrusion resistance and detection, but might not be so diligent about intrusion resilience. Once an intrusion is detected, there must be measures in place to ensure that any resulting damage is minimal and the organization can recover from a breach of any size.

One form of intrusion resilience has been the subject of cryptographic research for years - "data (or secret) splitting." Data splitting protects data by cryptographically distributing the data across separate servers ensuring that unauthorized access to one server does not reveal usable information.

With this, data can be split into "shares" stored on separate servers and temporarily reassembled when needed. Due to underlying cryptographic techniques, access to one component does not divulge "half of the data." In fact, it reveals no information at all. Further, the split shares may never be combined, but instead used entirely in their split form. Either way, the data is useless to an intruder.

This splitting technique can be applied to many types of information, including passwords and data that requires more security than simple passwords. After all, users can change passwords, but cannot change personal information about themselves. These answers should not be reassembled, because the stakes are too high. In this case, the "answers" can be used in their split form, which is useless to hackers. If the data is needed in its original form, it can be reassembled, but under a strict policy that is based on trusted instructions checked by the servers that store the shares.

It works like this. A password is cryptographically split at the client into shares that are sent to two servers. A special "equality test" confirms whether or not the password entered and split during authentication equals the password previously registered and split. Neither server learns any information other than that the two passwords match. Neither server needs to know the password - they just need to know the user knows it.

The potential benefit of technology that cuts the risk associated with storing data is encouraging. Data splitting helps to disarm any intruders by eliminating a single point of compromise within networks. Organizations can authenticate customers while ensuring their privacy and protecting the information customers hold dear.

Division adds up

Customers trust organizations to protect their privacy and the personal information they surrender in order to do business in today's electronic age. Equally important, security breaches that expose this data can lead to dissatisfied customers, missed revenue opportunities, major financial losses and defamation of company reputation.

Organizations are ethically and legally bound to protect their customers. If they do not, they end up paying and so do their customers. The call to action is clear. Technology to protect sensitive information exists. It is time to divide data and conquer the challenge of the single point of compromise.

Joe Uniejewski is chief technology officer at RSA Security

Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?