SlideShare a Scribd company logo

Frost & Sullivan: Moving Forward with Distributed Cryptography

E
EMC

This analyst report provides an overview of distributed cryptography. The premise underlying distributed cryptography is that if a credential (such as a password or a response to a challenge question) is stolen, the illegitimate possessor of that credential now has access to the secured material

1 of 10
Download to read offline
Split to Secure: Moving Forward with Distributed Cryptography www.frost.com Stratecast Executive Brief August 2012
2 © 2012 Stratecast. All Rights Reserved.August 2012 Stratecast | Frost & Sullivan SPLIT TO SECURE: MOVING FORWARD WITH DISTRIBUTED CRYPTOGRAPHY INTRODUCTION Data thieves know all too well where to direct their attacks—at servers. Furthermore, they earn a good return on their efforts. Confirming this has been the data breach investigations conducted and chronicled by the Verizon RISK Team.1 Of the data breaches investigated in 2011, servers were among the targeted assets in 64 percent of the breach investigations, and those breaches accounted for 92 percent of compromised records. Another interesting point from this comprehensive report is that hacking (i.e., intentionally accessing information assets without authorization) has consistently been among the top categories of threat actions since the Verizon RISK Team began summarizing its breach investigations.2 Reaching a new high with the 2011 investigative caseload, hacking was involved in 81 percent of the breaches and contributed to 99 percent of the compromised records. Digging a layer deeper into the 2011 caseload reveals that exploitation of stolen login credentials was, by a significant margin, the most popular hacking method used against large organizations (30 percent of breaches and 84 p e r c e n t o f c o m p r o m i s e d records). A sample of news reports in the first half of 2012 further confirms that data breaches resulting in the theft of login credentials are occurring and affecting millions of accounts. This combination of breach statistics—servers under siege and exploitation of stolen login credentials being a principal hacking method—suggests that if credentials could be better protected where they are stored (e.g., in a single system such as a database server), the number and severity of data breaches would be reduced. Distributed cryptography, as incorporated in RSA Distributed Credential Protection (DCP), elevates the protection of credentials by splitting user’s credentials into randomized objects 1 2012 Data Breach Investigations Report accessible at: http://www.verizonbusiness.com/resources/reports/rp_data-breach- investigations-report-2012_en_xg.pdf. 2 Malware, social engineering, and physical theft are other categories of threat actions. Breached Company Stolen Passwords Zappos 24 million records, including passwords Gamingo 8.2 million passwords LinkedIn 6.5 million passwords eHarmony 1.5 million passwords Yahoo! 450,000 passwords Formspring 420,000 passwords This combination of breach statistics suggests that if credentials could be better protected where they are stored, the number and severity of data breaches would be reduced.
3© 2012 Stratecast. All Rights Reserved. August 2012 Split to Secure: Moving Forward with Distributed Cryptography stored in two systems. Consequently, each object on its own is useless as a credential. This attribute of each object on its own being useless is also relevant in safe harbor provisions. For example, with credentials being the “keys” that unlock access to private and sensitive data, practicing good faith in the protection of those keys could limit a company’s data breach liabilities. Distributed cryptography is that linchpin in good faith protection of credentials and, therefore, the good faith protection of the data those credentials unlock. More on this safe harbor attribute is included in this paper, as well as a description of how distributed cryptography operates, including representative examples of distributed cryptography in action. HOW DISTRIBUTED CRYPTOGRAPHY WORKS The premise underlying distributed cryptography is that if a credential (e.g., something you know, in authentication parlance, such as a password or a response to a challenge question) is stolen, the illegitimate possessor of that credential now has access to the secured material (i.e., material that requires authentication to access). While various techniques have been developed and deployed to secure these credentials, the aforementioned data from breach investigations demonstrates that credential compromises persist and are used to steal additional valuable data. Distributed cryptography raises the bar of difficulty for hackers in their quest to steal credentials. With more effort required, fewer hackers will have the fortitude or skills necessary to succeed. The means to “raising the bar” is to effectively split the credential. This is conceptually similar to a safe deposit box. A safe deposit box requires two keys to open—one in the possession of the safe deposit box owner and the other in the possession of the vault owner. Theft of just one key is insufficient to unlock the box. Other than physically tampering with the box, the would-be thief would need to steal both keys and then use them to unlock the box before either of the parties recognizes that a key is missing and takes action to reduce the risk of unauthorized access (i.e., change the lock or move the valuables to another box or location). As stated previously, the application of distributed cryptography on an authentication This attribute of each object on its own being useless is also relevant in safe harbor provisions. For example, with credentials being the “keys” that unlock access to private and sensitive data, practicing good faith in the protection of those keys could limit a company’s data breach liabilities.
4 © 2012 Stratecast. All Rights Reserved.August 2012 Stratecast | Frost & Sullivan credential follows a similar approach. In the safe deposit box example, the two keys, stored separately, can only unlock the box when operated in tandem. To accomplish the same with a user’s password, the password must first be split and the two halves stored separately (e.g., in two separate servers). At the moment the user attempts to authenticate by entering his or her password, the “stored password halves” are virtually rejoined and compared to the “entered password.” If the entered password matches the rejoined stored password halves, authentication is confirmed and access is allowed. It is this virtual rejoining of the password halves that is synonymous to the tandem unlocking operation of the separate keys held by the safe box owner and the vault owner. In similar fashion to the tandem safe deposit box keys, each stored password half is useless without its pair. If the server containing one of the password halves is compromised, the thief does not have a valid and useable password. Only by compromising both servers and matching password halves can the password thief be successful. The preceding example is, however, a simplified explanation of distributed cryptography. In practice, the application of distributed cryptography has to be more sophisticated to defend against the formidable hacker underworld. To serve that purpose, elements of sophistication include: randomization, blind equity testing, the ability to refresh the password halves at any time and in a manner that is completely transparent to users, and adaptability. We will explain each in succession. Randomization and Blind Equity Testing The mere splitting of passwords will not stop hackers. The guiding assumption should be that if a formula is used in password splitting, that formula will eventually be determined by hackers, which unfortunately can include insiders. To evade formula deciphering by both outsiders and insiders, distributed cryptography incorporates randomness. In stepwise fashion, this is how randomness works in distributed cryptography: 1. As a user registers his or her password, P1, a random key or pad, A, is generated from the user’s device. 2. A is used to mask (i.e., obfuscate) P1, creating P1 + A. 3. P1 + A is stored in Server1 and A is stored separately in Server2. 4. To authenticate, the user enters a password, P2. 5. A random key, B, is generated from the user’s device. 6. B is used to mask P2, creating P2 + B. 7. P2 + B is combined with P1 + A and, separately, B is combined with A. 8. If the user entered the correct password, the two combinations return equal values and access is granted. The application of distributed cryptography has to be more sophisticated to defend against the formidable hacker underworld. To serve that purpose, elements of sophistication include: randomization, blind equity testing, the ability to refresh the password halves at any time and in a manner that is completely transparent to users, and adaptability.
5© 2012 Stratecast. All Rights Reserved. August 2012 Split to Secure: Moving Forward with Distributed Cryptography Inherent in this authentication procedure are significant points regarding non-exposure of the password credential. First, both the registered and entered passwords are not exposed (i.e., in cleartext) when they leave the user’s device. In both cases, they are masked. Second, in the receiver’s environment, the password is also never in cleartext. The password credential is received in a masked state, stored in a masked state, and does not leave the server (i.e., Server1) to support authentication. Only a value associated with the masked password leaves the server. This latter point—does not leave the server while also supporting authentication—is referred to as blind equity testing. Passwords are compared blindly as the passwords are not in cleartext or reconstructed to test for equality. The testing is via comparisons of values and these values have no deterministic connection with the password credentials. By incorporating randomization and blind equity testing into the splitting and comparing of credentials, the only means for credential-stealing hackers to succeed is to compromise both servers, exfiltrate the masked passwords and the pads, and then calculate the users’ passwords. While this is a formidable task, it is nevertheless a possibility. There is a means to limit the value of exfiltrated data and authentication fraud, which is described in the next section. Refreshing the Password Halves With the pad being the means to unmasking the password, periodically refreshing or modifying the pad is the means to protect the password, if both the masked password and pad are stolen. Considering our safe deposit box analogy, changing the locks and issuing replacement keys (or just one lock and key) makes the original pair of keys obsolete. The stolen pair of original keys can no longer open the box. The same is applicable in distributed cryptography. If the pad is refreshed and the new pad is used to refresh the original masked password, the new masked password cannot be unlocked by the original pad. In similar stepwise fashion, this is how refreshing retains protection of the password if both servers are compromised: 1. A hacker compromises Server1 and steals P + A. 2. Pad A is refreshed, resulting in a new pad, A + R, stored in Server2. 3. Coordination between Server1 and Server2 changes P + A to P + A + R. 4. The same hacker compromises Server2 and steals pad A + R. The hacker now has the masked password P + A and pad A +R. 5. Since A + R does not match A, the hacker cannot unmask P + A; the stored password remains protected. The periodic refreshing of the pad and the masked password effectively places an expiration date on hacker exploits. The bar of difficulty is raised again. Not only must By incorporating randomization and blind equity testing into the splitting and comparing of credentials, the only means for credential-stealing hackers to succeed is to compromise both servers, exfiltrate the masked passwords and the pads, and then calculate the users’ passwords. The periodic refreshing of the pad and the masked password effectively places an expiration date on hacker exploits.
6 © 2012 Stratecast. All Rights Reserved.August 2012 Stratecast | Frost & Sullivan the hacker compromise both servers and exfiltrate data from each, the compromises and exfiltration of the two servers must be timed close enough together to avoid the refresh cycle. An added benefit of refreshing is that it is completely transparent to users. Because the refresh is of the pad in Server2 and subsequently the masked password in Server1, a new locking mechanism is essentially being erected around the user’s registered password without user involvement. Furthermore, by being systematic in pad and masked password refreshing—that is, acting in good faith—the holder of registered passwords reduces the risk of password theft and user accounts being compromised. This risk reduction also reduces the precautionary and, at times, mandatory step of user password resets. In fact, following each of the 2012 password breaches listed earlier in this paper, users were recommended and, in some instances, required to register new passwords. Even so, distributed cryptography with user-transparent refresh capabilities does not insulate users from having their passwords stolen when entered through devices infected with password-stealing malware, phishing schemes, or if the user follows the self- defeating rituals of writing down or choosing easily-deduced passwords. For these reasons, users should change their passwords periodically, choose nonsensical passwords, commit their passwords to memory, and use anti-malware software on their devices. Adaptability Distributed cryptography leverages advances in other technologies to offer organizations a range of deployment options to meet their risk management, governance, and business objectives. For example, server virtualization allows a single physical server to function as the physical host to multiple but isolated virtual hosts. A security benefit in this deployment option is that different operating systems could be used to create the virtual hosts. Consequently, the vulnerabilities in one operating system are not the same in the other—that is, what the hacker could exploit in one is not exploitable in another. This operating system diversity adds to the challenges that a hacker would need to overcome to compromise two virtual servers—one storing the masked password and another storing the pad. Another option is to apply distributed cryptography between two distinct departments, with one department operating a server where the pads are stored and the other operating a server that stores the masked passwords. In this scenario, the hacker would not only need to be successful in compromising two servers and exfiltrating the data from both before refresh cycle is run; the hacker would need to do all of this with the right two servers. For organizations with multiple departments and each having multiple dedicated servers, finding the right two servers intensifies the hacker’s challenges. A variation on this organizational diversity option is one server remaining with the By being systematic in pad and masked password refreshing— that is, acting in good faith—the holder of registered passwords reduces the risk of password theft and user accounts being compromised. Distributed cryptography leverages advances in other technologies to offer organizations a range of deployment options to meet their risk management, governance, and business objectives.
7© 2012 Stratecast. All Rights Reserved. August 2012 Split to Secure: Moving Forward with Distributed Cryptography organization and the other hosted with a cloud services provider. As just two examples, these illustrate that adaptability is a structural attribute in distributed cryptography. Consequently, organizations are not obligated to adhere to one deployment approach; they can choose the deployment approaches that best fit their own circumstances initially, and change as circumstances change. SECURING OTHER SECRETS Adding to the appeal of distributed cryptography is its use in reducing the risk of unauthorized access to other types of valuable data. To understand this, consider that encryption is used to protect valuable data at rest; for example, encrypted files in a file server. For possessors of the encryption key, they have a cleartext view into this valuable data. Non-possessors, naturally, cannot view this data. Even if a hacker extracted the files containing valuable data, the data itself would be obfuscated unless the hacker also steals the encryption key. To lessen the risk of stolen encryption keys and encrypted data files coming together, encrypted data is frequently stored in one server and the keys in another. The inherent vulnerability in splitting encrypted keys and data is that they are not truly split unless the authentication system used to release the encryption keys and encrypted data files is also split. If not, compromising that authentication system undermines the security of data encryption. Distributed cryptography eliminates this vulnerability. As a replacement to a single-server authentication system, all of the security attributes of distributed cryptography— randomness, blind equity testing, refreshing, and deployment adaptability—now protect split encryption keys and encrypted data. DISTRIBUTED CRYPTOGRAPHY AT WORK Another beneficial attribute of distributed cryptography is its “universal insert-ability.” Distributed cryptography is a tool that can make permanent repairs to many of the inherent challenges in securing secrets, frequently with very limited modifications to the organization’s IT infrastructure and workflow. Here are two representative examples. Online Businesses As with most online businesses, their customers must authenticate to gain access; an acceptable practice and one that typically entails customers entering their usernames and passwords or another secret (e.g., PIN or an answer to a challenge question). Yet, as highlighted earlier, password database breaches are in the headlines. For customers directly affected and those that may be affected, the trust they had that their credentials Adding to the appeal of distributed cryptography is its use in reducing the risk of unauthorized access to other types of valuable data. Distributed cryptography is a tool that can make permanent repairs to many of the inherent challenges in securing secrets, frequently with very limited modifications to the organization’s IT infrastructure and workflow.
8 © 2012 Stratecast. All Rights Reserved.August 2012 Stratecast | Frost & Sullivan are safe in the business’s possession is shaken and they face the inconvenience of having to change their passwords. Businesses that store their customers’ passwords in the traditional manner—in a single server—wonder “could it happen to us, too?” It can. With distributed cryptography, the passwords are randomized, split, and secured. The risk of a breach involving these stored credentials is reduced and so is the risk of password exposure during the authentication procedure. Blind equity testing allows the masked passwords and pads to remain in their respective servers throughout the authentication procedure. The masked password and the pads are never reassembled by the online business. Best of all, the adoption and operation of distributed cryptography is invisible to the online business’s customers. For end users, their online routines are undisturbed. Owner of High Value Intellectual Property The implication to businesses that sustain a breach involving their intellectual property (IP) can, for some, be terminal. What made the business special is now in someone else’s hands. However, choosing to lock this IP away so only a few select individuals can access it restricts the business’s ability to profit from that very same IP. Therefore, broader access becomes a business imperative. Yet, in doing so returns the risk of unauthorized access to this IP. Distributed cryptography pushes that risk back down by protecting the two principal secrets that open up authorized access to the IP: users’ authentication credentials and data encryption keys. Additionally, IP, at times, can represent the collaborative efforts and outcomes of multiple parties. In this scenario, each has a stake in protecting authentication credentials. The adaptive property of distributed cryptography allows each party to be an equal partner in protecting the credentials, with the added benefit of taking protection up a notch by distributing the pads and masked passwords across organizational and physical boundaries. The adoption and operation of distributed cryptography is invisible to the online business’s customers. For end users, their online routines are undisturbed.
9© 2012 Stratecast. All Rights Reserved. August 2012 Split to Secure: Moving Forward with Distributed Cryptography Stratecast The Last Word In closing, protection of the secrets your organization owns or is entrusted with is only as good as the investments your organization makes. In a world where the sophistication and relentlessness of cyber threats is intensifying, investments are essential to fight back. Distributed cryptography is an investment that demands serious consideration. Not only does distributed cryptography address head-on the long-standing vulnerability of single point of compromise in the protection of authentication credentials, but it does it in a way that is transparent to the user community, is boundless in the types of secrets that can be protected, and is highly adaptive in deployment configurations. Distributed cryptography also presents a new perspective on safe harbor provisions. By strengthening the protection of authentication credentials stored and used in an organization’s environment (i.e., registered credentials are randomized, distributed, never in cleartext, and never reconstructed), and by enabling re-randomization of the pads and masked passwords, organizations narrow the potential of data breaches and the extent of data breach exposure. In practical terms, distributed cryptography transforms a static secret, such as a password, into a split and dynamic secret with a shelf life that is no greater than the period between refresh cycles. By deploying distributed cryptography and periodically refreshing the pads, organizations close the window on hackers. These organizations are now armed with evidence that if compromises of their authentication systems were to occur, they would either have no data breach impact (only one server compromised) or the impact would be measureable (user accounts accessed between refresh cycles). Consequently, an organization’s degree of data breach liability is capped. Rather than having to notify all users with credentials contained in the compromised authentication system (which could be in the millions), notification and remediation is limited to only those users that had account activity between refresh cycles, and only if both servers in the distributed cryptography system have been compromised within the refresh cycle. Moving forward in distributed cryptography calls for a vetted solution developed and supported by a trusted provider. RSA is a heavy-weight provider of distributed cryptography solutions. RSA’s new Distributed Credential Protection (DCP) technology incorporates distributed cryptography as described in this white paper. Plus, there are more capabilities; we have only provided a surface-level perspective. Furthermore, RSA DCP is a “go and grow” type of solution. The nature of RSA DCP being performed in the authentication system easily supports proof of concept and, when moved into production, there is no impact on users. Michael Suby VP of Research Stratecast | Frost & Sullivan msuby@stratecast.com By strengthening the protectionofauthentication credentials stored and used in an organization’s environment, and by enabling re-randomization of the pads and masked passwords, organizations narrow the potential of data breaches and the extent of data breach exposure.
877.GoFrost • myfrost@frost.com http://www.frost.com ABOUT FROST & SULLIVAN Frost & Sullivan, the Growth Partnership Company, partners with clients to accelerate their growth. The company's TEAM Research, Growth Consulting, and Growth Team Membership™ empower clients to create a growth-focused culture that generates, evaluates, and implements effective growth strategies. Frost & Sullivan employs over 50 years of experience in partnering with Global 1000 companies, emerging businesses, and the investment community from more than 40 offices on six continents. For more information about Frost & Sullivan’s Growth Partnership Services, visit http://www.frost.com. ABOUT STRATECAST Stratecast collaborates with our clients to reach smart business decisions in the rapidly evolving and hyper- competitive Information and Communications Technology markets. Leveraging a mix of action-oriented subscription research and customized consulting engagements, Stratecast delivers knowledge and perspective that is only attainable through years of real-world experience in an industry where customers are collaborators; today’s partners are tomorrow’s competitors; and agility and innovation are essential elements for success. Contact your Stratecast Account Executive to engage our experience to assist you in attaining your growth objectives. Silicon Valley 331 E. Evelyn Ave., Suite 100 Mountain View, CA 94041 Tel 650.475.4500 Fax 650.475.1570 London 4, Grosvenor Gardens, London SWIW ODH,UK Tel 44(0)20 7730 3438 Fax 44(0)20 7730 3343 San Antonio 7550 West Interstate 10, Suite 400 San Antonio, Texas 78229-5616 Tel 210.348.1000 Fax 210.348.1003 Auckland Bangkok Beijing Bengaluru Bogotá Buenos Aires Cape Town Chennai Colombo Delhi / NCR Dhaka Dubai Frankfurt Hong Kong Istanbul Jakarta Kolkata Kuala Lumpur London Mexico City Milan Moscow Mumbai Manhattan Oxford Paris Rockville Centre San Antonio São Paulo Seoul Shanghai Silicon Valley Singapore Sophia Antipolis Sydney Taipei Tel Aviv Tokyo Toronto Warsaw Washington, DC

Recommended

Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Fego Ogwara
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET Journal
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Identity based proxy-oriented data uploading and
Identity based proxy-oriented data uploading andIdentity based proxy-oriented data uploading and
Identity based proxy-oriented data uploading andKamal Spring
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkSalam Shah
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityPvrtechnologies Nellore
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYShakas Technologies
 

Recommended

Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Fego Ogwara
 
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy Goals
IRJET- Exchanging Secure Data in Cloud with Confidentiality and Privacy GoalsIRJET Journal
 
Scott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeScott Rea - IoT: Taking PKI Where No PKI Has Gone Before
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
 
Identity based proxy-oriented data uploading and
Identity based proxy-oriented data uploading andIdentity based proxy-oriented data uploading and
Identity based proxy-oriented data uploading andKamal Spring
 
Implementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkImplementation of user authentication as a service for cloud network
Implementation of user authentication as a service for cloud networkSalam Shah
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYNexgen Technology
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityPvrtechnologies Nellore
 
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYCOST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITY
COST-EFFECTIVE AUTHENTIC AND ANONYMOUS DATA SHARING WITH FORWARD SECURITYShakas Technologies
 
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloudrahulmonikasharma
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityLeMeniz Infotech
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityferiuyolasyolas
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET Journal
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET Journal
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Security
SecuritySecurity
SecurityRaj Kumar Ranabhat
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
F018133640.key aggregate paper
F018133640.key aggregate paperF018133640.key aggregate paper
F018133640.key aggregate paperIOSR Journals
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds""SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"iosrjce
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems Haitham Ahmed
 
Energy Drinks Presentation.ppt
Energy Drinks Presentation.pptEnergy Drinks Presentation.ppt
Energy Drinks Presentation.pptquestioninginstitute
 
Cryptography
CryptographyCryptography
CryptographyDarshini Parikh
 
Inorganic enzyme - a new approach of origin of life
Inorganic enzyme - a new approach of origin of lifeInorganic enzyme - a new approach of origin of life
Inorganic enzyme - a new approach of origin of lifehuangxiaolan
 
Highlights from the EMC & VMware CIO Summit
Highlights from the EMC & VMware CIO SummitHighlights from the EMC & VMware CIO Summit
Highlights from the EMC & VMware CIO SummitEMC
 

More Related Content

What's hot

A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloudrahulmonikasharma
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideEntrust Datacard
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityLeMeniz Infotech
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Editor IJMTER
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityferiuyolasyolas
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresOliver Pfaff
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET Journal
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET Journal
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing IRJET Journal
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...Entrust Datacard
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
F018133640.key aggregate paper
F018133640.key aggregate paperF018133640.key aggregate paper
F018133640.key aggregate paperIOSR Journals
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)irjes
 
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds""SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"iosrjce
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureInformation Technology
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 

What's hot (17)

A Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public CloudA Noval Method for Data Auditing and Integrity Checking in Public Cloud
A Noval Method for Data Auditing and Integrity Checking in Public Cloud
 
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration GuideSwitch to SHA-2 SSL - A Step-by-Step Migration Guide
Switch to SHA-2 SSL - A Step-by-Step Migration Guide
 
Cost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward securityCost effective authentic and anonymous data sharing with forward security
Cost effective authentic and anonymous data sharing with forward security
 
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
Authentication Mechanisms For Signature Based Cryptography By Using Hierarchi...
 
Blockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurityBlockchain for CyberSecurity | Blockchain and CyberSecurity
Blockchain for CyberSecurity | Blockchain and CyberSecurity
 
Implementing Public-Key-Infrastructures
Implementing Public-Key-InfrastructuresImplementing Public-Key-Infrastructures
Implementing Public-Key-Infrastructures
 
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
IRJET- Secure Sharing of Personal Data on Cloud using Key Aggregation and...
 
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key SecurityIRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
IRJET- Authentic and Anonymous Data Sharing with Enhanced Key Security
 
Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing Two Aspect Endorsement Access Control for web Based Cloud Computing
Two Aspect Endorsement Access Control for web Based Cloud Computing
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
Security
SecuritySecurity
Security
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3
 
F018133640.key aggregate paper
F018133640.key aggregate paperF018133640.key aggregate paper
F018133640.key aggregate paper
 
International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)International Refereed Journal of Engineering and Science (IRJES)
International Refereed Journal of Engineering and Science (IRJES)
 
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds""SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"
"SL-SKE (Signature Less-Secret Key Encryption) For DataSharing in Clouds"
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 

Viewers also liked

Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems Haitham Ahmed
 
Inorganic enzyme - a new approach of origin of life
Inorganic enzyme - a new approach of origin of lifeInorganic enzyme - a new approach of origin of life
Inorganic enzyme - a new approach of origin of lifehuangxiaolan
 
Highlights from the EMC & VMware CIO Summit
Highlights from the EMC & VMware CIO SummitHighlights from the EMC & VMware CIO Summit
Highlights from the EMC & VMware CIO SummitEMC
 
The Best Infrastructure for OpenStack: VMware vSphere and Virtual SAN
The Best Infrastructure for OpenStack: VMware vSphere and Virtual SANThe Best Infrastructure for OpenStack: VMware vSphere and Virtual SAN
The Best Infrastructure for OpenStack: VMware vSphere and Virtual SANEMC
 
03 mon syllabus and direction of course
03 mon syllabus and direction of course03 mon syllabus and direction of course
03 mon syllabus and direction of courseTravis Klein
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshowCheckIt Out
 
Dia de la_democracia
Dia de la_democraciaDia de la_democracia
Dia de la_democraciaLauma1416
 
Thurs rus revolution
Thurs rus revolutionThurs rus revolution
Thurs rus revolutionTravis Klein
 
Ինչպիսին պետք է լինի
Ինչպիսին պետք է լինիԻնչպիսին պետք է լինի
Ինչպիսին պետք է լինիtatevabrahamyan
 
教案分享 拼出四等分拼圖Ppt
教案分享 拼出四等分拼圖Ppt教案分享 拼出四等分拼圖Ppt
教案分享 拼出四等分拼圖Ppt浩哲 武
 
American horror story
American horror storyAmerican horror story
American horror storyOmar Berrouho
 

Viewers also liked (15)

Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
 
Energy Drinks Presentation.ppt
Energy Drinks Presentation.pptEnergy Drinks Presentation.ppt
Energy Drinks Presentation.ppt
 
Cryptography
CryptographyCryptography
Cryptography
 
Inorganic enzyme - a new approach of origin of life
Inorganic enzyme - a new approach of origin of lifeInorganic enzyme - a new approach of origin of life
Inorganic enzyme - a new approach of origin of life
 
Highlights from the EMC & VMware CIO Summit
Highlights from the EMC & VMware CIO SummitHighlights from the EMC & VMware CIO Summit
Highlights from the EMC & VMware CIO Summit
 
The Best Infrastructure for OpenStack: VMware vSphere and Virtual SAN
The Best Infrastructure for OpenStack: VMware vSphere and Virtual SANThe Best Infrastructure for OpenStack: VMware vSphere and Virtual SAN
The Best Infrastructure for OpenStack: VMware vSphere and Virtual SAN
 
3 law of supply
3 law of supply3 law of supply
3 law of supply
 
Wed militarism
Wed militarismWed militarism
Wed militarism
 
03 mon syllabus and direction of course
03 mon syllabus and direction of course03 mon syllabus and direction of course
03 mon syllabus and direction of course
 
De stress fest2013slideshow
De stress fest2013slideshowDe stress fest2013slideshow
De stress fest2013slideshow
 
Dia de la_democracia
Dia de la_democraciaDia de la_democracia
Dia de la_democracia
 
Thurs rus revolution
Thurs rus revolutionThurs rus revolution
Thurs rus revolution
 
Ինչպիսին պետք է լինի
Ինչպիսին պետք է լինիԻնչպիսին պետք է լինի
Ինչպիսին պետք է լինի
 
教案分享 拼出四等分拼圖Ppt
教案分享 拼出四等分拼圖Ppt教案分享 拼出四等分拼圖Ppt
教案分享 拼出四等分拼圖Ppt
 
American horror story
American horror storyAmerican horror story
American horror story
 

Similar to Frost & Sullivan: Moving Forward with Distributed Cryptography

Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmIRJET Journal
 
Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasi...
Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasi...Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasi...
Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasi...Equnix Business Solutions
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionCSCJournals
 
Iaetsd a survey on cloud storage security with
Iaetsd a survey on cloud storage security withIaetsd a survey on cloud storage security with
Iaetsd a survey on cloud storage security withIaetsd Iaetsd
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsAll Things Open
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security Tawhid Rahman
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024Michael Noel
 
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTIONSECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTIONadeij1
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSACarl Saiyed
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDAN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDIJNSA Journal
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upDileep Kalidindi
 
AWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemAWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemIRJET Journal
 
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhamzaaqqa7
 
The Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesThe Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesCheapSSLsecurity
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates RapidSSLOnline.com
 

Similar to Frost & Sullivan: Moving Forward with Distributed Cryptography (20)

Implementation of De-Duplication Algorithm
Implementation of De-Duplication AlgorithmImplementation of De-Duplication Algorithm
Implementation of De-Duplication Algorithm
 
Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasi...
Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasi...Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasi...
Kebocoran Data_ Tindakan Hacker atau Kriminal_ Bagaimana kita mengantisipasi...
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Multi-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data EncryptionMulti-part Dynamic Key Generation For Secure Data Encryption
Multi-part Dynamic Key Generation For Secure Data Encryption
 
Iaetsd a survey on cloud storage security with
Iaetsd a survey on cloud storage security withIaetsd a survey on cloud storage security with
Iaetsd a survey on cloud storage security with
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122Ijaiem 2014-11-30-122
Ijaiem 2014-11-30-122
 
How to 2FA-enable Open Source Applications
How to 2FA-enable Open Source ApplicationsHow to 2FA-enable Open Source Applications
How to 2FA-enable Open Source Applications
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
IT Insecurity - Understanding the Threat of Modern Cyberattacks - DWCNZ 2024
 
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTIONSECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
SECURE CLOUD STORAGE USING DENIABLE ATTRIBUTE BASED ENCRYPTION
 
Saiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSASaiyed_Crypto_Article_ISSA
Saiyed_Crypto_Article_ISSA
 
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORDAN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
AN EFFICIENT IDENTITY BASED AUTHENTICATION PROTOCOL BY USING PASSWORD
 
Enterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-upEnterprise Cloud Security - Concepts Mash-up
Enterprise Cloud Security - Concepts Mash-up
 
assign3.docx
assign3.docxassign3.docx
assign3.docx
 
AWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption SystemAWS Cloud Based Encryption Decryption System
AWS Cloud Based Encryption Decryption System
 
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptxhashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
hashicorp-virtualdays-vaultkeeping-a-secret-200409143039.pptx
 
The Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL CertificatesThe Hidden Costs of Self-Signed SSL Certificates
The Hidden Costs of Self-Signed SSL Certificates
 
The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates The Hidden Costs of SelfSigned SSL Certificates
The Hidden Costs of SelfSigned SSL Certificates
 

More from EMC

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDEMC
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote EMC
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOEMC
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremioEMC
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lakeEMC
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereEMC
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History EMC
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewEMC
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeEMC
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic EMC
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityEMC
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeEMC
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015EMC
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesEMC
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsEMC
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookEMC
 

More from EMC (20)

INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUDINDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
INDUSTRY-LEADING TECHNOLOGY FOR LONG TERM RETENTION OF BACKUPS IN THE CLOUD
 
Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote Cloud Foundry Summit Berlin Keynote
Cloud Foundry Summit Berlin Keynote
 
EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX EMC GLOBAL DATA PROTECTION INDEX
EMC GLOBAL DATA PROTECTION INDEX
 
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIOTransforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
Transforming Desktop Virtualization with Citrix XenDesktop and EMC XtremIO
 
Citrix ready-webinar-xtremio
Citrix ready-webinar-xtremioCitrix ready-webinar-xtremio
Citrix ready-webinar-xtremio
 
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
EMC FORUM RESEARCH GLOBAL RESULTS - 10,451 RESPONSES ACROSS 33 COUNTRIES
 
EMC with Mirantis Openstack
EMC with Mirantis OpenstackEMC with Mirantis Openstack
EMC with Mirantis Openstack
 
Modern infrastructure for business data lake
Modern infrastructure for business data lakeModern infrastructure for business data lake
Modern infrastructure for business data lake
 
Force Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop ElsewhereForce Cyber Criminals to Shop Elsewhere
Force Cyber Criminals to Shop Elsewhere
 
Pivotal : Moments in Container History
Pivotal : Moments in Container History Pivotal : Moments in Container History
Pivotal : Moments in Container History
 
Data Lake Protection - A Technical Review
Data Lake Protection - A Technical ReviewData Lake Protection - A Technical Review
Data Lake Protection - A Technical Review
 
Mobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or FoeMobile E-commerce: Friend or Foe
Mobile E-commerce: Friend or Foe
 
Virtualization Myths Infographic
Virtualization Myths Infographic Virtualization Myths Infographic
Virtualization Myths Infographic
 
Intelligence-Driven GRC for Security
Intelligence-Driven GRC for SecurityIntelligence-Driven GRC for Security
Intelligence-Driven GRC for Security
 
The Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure AgeThe Trust Paradox: Access Management and Trust in an Insecure Age
The Trust Paradox: Access Management and Trust in an Insecure Age
 
EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015EMC Technology Day - SRM University 2015
EMC Technology Day - SRM University 2015
 
EMC Academic Summit 2015
EMC Academic Summit 2015EMC Academic Summit 2015
EMC Academic Summit 2015
 
Data Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education ServicesData Science and Big Data Analytics Book from EMC Education Services
Data Science and Big Data Analytics Book from EMC Education Services
 
Using EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere EnvironmentsUsing EMC Symmetrix Storage in VMware vSphere Environments
Using EMC Symmetrix Storage in VMware vSphere Environments
 
Using EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBookUsing EMC VNX storage with VMware vSphereTechBook
Using EMC VNX storage with VMware vSphereTechBook
 

Frost & Sullivan: Moving Forward with Distributed Cryptography

  • 1. Split to Secure: Moving Forward with Distributed Cryptography www.frost.com Stratecast Executive Brief August 2012
  • 2. 2 © 2012 Stratecast. All Rights Reserved.August 2012 Stratecast | Frost & Sullivan SPLIT TO SECURE: MOVING FORWARD WITH DISTRIBUTED CRYPTOGRAPHY INTRODUCTION Data thieves know all too well where to direct their attacks—at servers. Furthermore, they earn a good return on their efforts. Confirming this has been the data breach investigations conducted and chronicled by the Verizon RISK Team.1 Of the data breaches investigated in 2011, servers were among the targeted assets in 64 percent of the breach investigations, and those breaches accounted for 92 percent of compromised records. Another interesting point from this comprehensive report is that hacking (i.e., intentionally accessing information assets without authorization) has consistently been among the top categories of threat actions since the Verizon RISK Team began summarizing its breach investigations.2 Reaching a new high with the 2011 investigative caseload, hacking was involved in 81 percent of the breaches and contributed to 99 percent of the compromised records. Digging a layer deeper into the 2011 caseload reveals that exploitation of stolen login credentials was, by a significant margin, the most popular hacking method used against large organizations (30 percent of breaches and 84 p e r c e n t o f c o m p r o m i s e d records). A sample of news reports in the first half of 2012 further confirms that data breaches resulting in the theft of login credentials are occurring and affecting millions of accounts. This combination of breach statistics—servers under siege and exploitation of stolen login credentials being a principal hacking method—suggests that if credentials could be better protected where they are stored (e.g., in a single system such as a database server), the number and severity of data breaches would be reduced. Distributed cryptography, as incorporated in RSA Distributed Credential Protection (DCP), elevates the protection of credentials by splitting user’s credentials into randomized objects 1 2012 Data Breach Investigations Report accessible at: http://www.verizonbusiness.com/resources/reports/rp_data-breach- investigations-report-2012_en_xg.pdf. 2 Malware, social engineering, and physical theft are other categories of threat actions. Breached Company Stolen Passwords Zappos 24 million records, including passwords Gamingo 8.2 million passwords LinkedIn 6.5 million passwords eHarmony 1.5 million passwords Yahoo! 450,000 passwords Formspring 420,000 passwords This combination of breach statistics suggests that if credentials could be better protected where they are stored, the number and severity of data breaches would be reduced.
  • 3. 3© 2012 Stratecast. All Rights Reserved. August 2012 Split to Secure: Moving Forward with Distributed Cryptography stored in two systems. Consequently, each object on its own is useless as a credential. This attribute of each object on its own being useless is also relevant in safe harbor provisions. For example, with credentials being the “keys” that unlock access to private and sensitive data, practicing good faith in the protection of those keys could limit a company’s data breach liabilities. Distributed cryptography is that linchpin in good faith protection of credentials and, therefore, the good faith protection of the data those credentials unlock. More on this safe harbor attribute is included in this paper, as well as a description of how distributed cryptography operates, including representative examples of distributed cryptography in action. HOW DISTRIBUTED CRYPTOGRAPHY WORKS The premise underlying distributed cryptography is that if a credential (e.g., something you know, in authentication parlance, such as a password or a response to a challenge question) is stolen, the illegitimate possessor of that credential now has access to the secured material (i.e., material that requires authentication to access). While various techniques have been developed and deployed to secure these credentials, the aforementioned data from breach investigations demonstrates that credential compromises persist and are used to steal additional valuable data. Distributed cryptography raises the bar of difficulty for hackers in their quest to steal credentials. With more effort required, fewer hackers will have the fortitude or skills necessary to succeed. The means to “raising the bar” is to effectively split the credential. This is conceptually similar to a safe deposit box. A safe deposit box requires two keys to open—one in the possession of the safe deposit box owner and the other in the possession of the vault owner. Theft of just one key is insufficient to unlock the box. Other than physically tampering with the box, the would-be thief would need to steal both keys and then use them to unlock the box before either of the parties recognizes that a key is missing and takes action to reduce the risk of unauthorized access (i.e., change the lock or move the valuables to another box or location). As stated previously, the application of distributed cryptography on an authentication This attribute of each object on its own being useless is also relevant in safe harbor provisions. For example, with credentials being the “keys” that unlock access to private and sensitive data, practicing good faith in the protection of those keys could limit a company’s data breach liabilities.
  • 4. 4 © 2012 Stratecast. All Rights Reserved.August 2012 Stratecast | Frost & Sullivan credential follows a similar approach. In the safe deposit box example, the two keys, stored separately, can only unlock the box when operated in tandem. To accomplish the same with a user’s password, the password must first be split and the two halves stored separately (e.g., in two separate servers). At the moment the user attempts to authenticate by entering his or her password, the “stored password halves” are virtually rejoined and compared to the “entered password.” If the entered password matches the rejoined stored password halves, authentication is confirmed and access is allowed. It is this virtual rejoining of the password halves that is synonymous to the tandem unlocking operation of the separate keys held by the safe box owner and the vault owner. In similar fashion to the tandem safe deposit box keys, each stored password half is useless without its pair. If the server containing one of the password halves is compromised, the thief does not have a valid and useable password. Only by compromising both servers and matching password halves can the password thief be successful. The preceding example is, however, a simplified explanation of distributed cryptography. In practice, the application of distributed cryptography has to be more sophisticated to defend against the formidable hacker underworld. To serve that purpose, elements of sophistication include: randomization, blind equity testing, the ability to refresh the password halves at any time and in a manner that is completely transparent to users, and adaptability. We will explain each in succession. Randomization and Blind Equity Testing The mere splitting of passwords will not stop hackers. The guiding assumption should be that if a formula is used in password splitting, that formula will eventually be determined by hackers, which unfortunately can include insiders. To evade formula deciphering by both outsiders and insiders, distributed cryptography incorporates randomness. In stepwise fashion, this is how randomness works in distributed cryptography: 1. As a user registers his or her password, P1, a random key or pad, A, is generated from the user’s device. 2. A is used to mask (i.e., obfuscate) P1, creating P1 + A. 3. P1 + A is stored in Server1 and A is stored separately in Server2. 4. To authenticate, the user enters a password, P2. 5. A random key, B, is generated from the user’s device. 6. B is used to mask P2, creating P2 + B. 7. P2 + B is combined with P1 + A and, separately, B is combined with A. 8. If the user entered the correct password, the two combinations return equal values and access is granted. The application of distributed cryptography has to be more sophisticated to defend against the formidable hacker underworld. To serve that purpose, elements of sophistication include: randomization, blind equity testing, the ability to refresh the password halves at any time and in a manner that is completely transparent to users, and adaptability.
  • 5. 5© 2012 Stratecast. All Rights Reserved. August 2012 Split to Secure: Moving Forward with Distributed Cryptography Inherent in this authentication procedure are significant points regarding non-exposure of the password credential. First, both the registered and entered passwords are not exposed (i.e., in cleartext) when they leave the user’s device. In both cases, they are masked. Second, in the receiver’s environment, the password is also never in cleartext. The password credential is received in a masked state, stored in a masked state, and does not leave the server (i.e., Server1) to support authentication. Only a value associated with the masked password leaves the server. This latter point—does not leave the server while also supporting authentication—is referred to as blind equity testing. Passwords are compared blindly as the passwords are not in cleartext or reconstructed to test for equality. The testing is via comparisons of values and these values have no deterministic connection with the password credentials. By incorporating randomization and blind equity testing into the splitting and comparing of credentials, the only means for credential-stealing hackers to succeed is to compromise both servers, exfiltrate the masked passwords and the pads, and then calculate the users’ passwords. While this is a formidable task, it is nevertheless a possibility. There is a means to limit the value of exfiltrated data and authentication fraud, which is described in the next section. Refreshing the Password Halves With the pad being the means to unmasking the password, periodically refreshing or modifying the pad is the means to protect the password, if both the masked password and pad are stolen. Considering our safe deposit box analogy, changing the locks and issuing replacement keys (or just one lock and key) makes the original pair of keys obsolete. The stolen pair of original keys can no longer open the box. The same is applicable in distributed cryptography. If the pad is refreshed and the new pad is used to refresh the original masked password, the new masked password cannot be unlocked by the original pad. In similar stepwise fashion, this is how refreshing retains protection of the password if both servers are compromised: 1. A hacker compromises Server1 and steals P + A. 2. Pad A is refreshed, resulting in a new pad, A + R, stored in Server2. 3. Coordination between Server1 and Server2 changes P + A to P + A + R. 4. The same hacker compromises Server2 and steals pad A + R. The hacker now has the masked password P + A and pad A +R. 5. Since A + R does not match A, the hacker cannot unmask P + A; the stored password remains protected. The periodic refreshing of the pad and the masked password effectively places an expiration date on hacker exploits. The bar of difficulty is raised again. Not only must By incorporating randomization and blind equity testing into the splitting and comparing of credentials, the only means for credential-stealing hackers to succeed is to compromise both servers, exfiltrate the masked passwords and the pads, and then calculate the users’ passwords. The periodic refreshing of the pad and the masked password effectively places an expiration date on hacker exploits.
  • 6. 6 © 2012 Stratecast. All Rights Reserved.August 2012 Stratecast | Frost & Sullivan the hacker compromise both servers and exfiltrate data from each, the compromises and exfiltration of the two servers must be timed close enough together to avoid the refresh cycle. An added benefit of refreshing is that it is completely transparent to users. Because the refresh is of the pad in Server2 and subsequently the masked password in Server1, a new locking mechanism is essentially being erected around the user’s registered password without user involvement. Furthermore, by being systematic in pad and masked password refreshing—that is, acting in good faith—the holder of registered passwords reduces the risk of password theft and user accounts being compromised. This risk reduction also reduces the precautionary and, at times, mandatory step of user password resets. In fact, following each of the 2012 password breaches listed earlier in this paper, users were recommended and, in some instances, required to register new passwords. Even so, distributed cryptography with user-transparent refresh capabilities does not insulate users from having their passwords stolen when entered through devices infected with password-stealing malware, phishing schemes, or if the user follows the self- defeating rituals of writing down or choosing easily-deduced passwords. For these reasons, users should change their passwords periodically, choose nonsensical passwords, commit their passwords to memory, and use anti-malware software on their devices. Adaptability Distributed cryptography leverages advances in other technologies to offer organizations a range of deployment options to meet their risk management, governance, and business objectives. For example, server virtualization allows a single physical server to function as the physical host to multiple but isolated virtual hosts. A security benefit in this deployment option is that different operating systems could be used to create the virtual hosts. Consequently, the vulnerabilities in one operating system are not the same in the other—that is, what the hacker could exploit in one is not exploitable in another. This operating system diversity adds to the challenges that a hacker would need to overcome to compromise two virtual servers—one storing the masked password and another storing the pad. Another option is to apply distributed cryptography between two distinct departments, with one department operating a server where the pads are stored and the other operating a server that stores the masked passwords. In this scenario, the hacker would not only need to be successful in compromising two servers and exfiltrating the data from both before refresh cycle is run; the hacker would need to do all of this with the right two servers. For organizations with multiple departments and each having multiple dedicated servers, finding the right two servers intensifies the hacker’s challenges. A variation on this organizational diversity option is one server remaining with the By being systematic in pad and masked password refreshing— that is, acting in good faith—the holder of registered passwords reduces the risk of password theft and user accounts being compromised. Distributed cryptography leverages advances in other technologies to offer organizations a range of deployment options to meet their risk management, governance, and business objectives.
  • 7. 7© 2012 Stratecast. All Rights Reserved. August 2012 Split to Secure: Moving Forward with Distributed Cryptography organization and the other hosted with a cloud services provider. As just two examples, these illustrate that adaptability is a structural attribute in distributed cryptography. Consequently, organizations are not obligated to adhere to one deployment approach; they can choose the deployment approaches that best fit their own circumstances initially, and change as circumstances change. SECURING OTHER SECRETS Adding to the appeal of distributed cryptography is its use in reducing the risk of unauthorized access to other types of valuable data. To understand this, consider that encryption is used to protect valuable data at rest; for example, encrypted files in a file server. For possessors of the encryption key, they have a cleartext view into this valuable data. Non-possessors, naturally, cannot view this data. Even if a hacker extracted the files containing valuable data, the data itself would be obfuscated unless the hacker also steals the encryption key. To lessen the risk of stolen encryption keys and encrypted data files coming together, encrypted data is frequently stored in one server and the keys in another. The inherent vulnerability in splitting encrypted keys and data is that they are not truly split unless the authentication system used to release the encryption keys and encrypted data files is also split. If not, compromising that authentication system undermines the security of data encryption. Distributed cryptography eliminates this vulnerability. As a replacement to a single-server authentication system, all of the security attributes of distributed cryptography— randomness, blind equity testing, refreshing, and deployment adaptability—now protect split encryption keys and encrypted data. DISTRIBUTED CRYPTOGRAPHY AT WORK Another beneficial attribute of distributed cryptography is its “universal insert-ability.” Distributed cryptography is a tool that can make permanent repairs to many of the inherent challenges in securing secrets, frequently with very limited modifications to the organization’s IT infrastructure and workflow. Here are two representative examples. Online Businesses As with most online businesses, their customers must authenticate to gain access; an acceptable practice and one that typically entails customers entering their usernames and passwords or another secret (e.g., PIN or an answer to a challenge question). Yet, as highlighted earlier, password database breaches are in the headlines. For customers directly affected and those that may be affected, the trust they had that their credentials Adding to the appeal of distributed cryptography is its use in reducing the risk of unauthorized access to other types of valuable data. Distributed cryptography is a tool that can make permanent repairs to many of the inherent challenges in securing secrets, frequently with very limited modifications to the organization’s IT infrastructure and workflow.
  • 8. 8 © 2012 Stratecast. All Rights Reserved.August 2012 Stratecast | Frost & Sullivan are safe in the business’s possession is shaken and they face the inconvenience of having to change their passwords. Businesses that store their customers’ passwords in the traditional manner—in a single server—wonder “could it happen to us, too?” It can. With distributed cryptography, the passwords are randomized, split, and secured. The risk of a breach involving these stored credentials is reduced and so is the risk of password exposure during the authentication procedure. Blind equity testing allows the masked passwords and pads to remain in their respective servers throughout the authentication procedure. The masked password and the pads are never reassembled by the online business. Best of all, the adoption and operation of distributed cryptography is invisible to the online business’s customers. For end users, their online routines are undisturbed. Owner of High Value Intellectual Property The implication to businesses that sustain a breach involving their intellectual property (IP) can, for some, be terminal. What made the business special is now in someone else’s hands. However, choosing to lock this IP away so only a few select individuals can access it restricts the business’s ability to profit from that very same IP. Therefore, broader access becomes a business imperative. Yet, in doing so returns the risk of unauthorized access to this IP. Distributed cryptography pushes that risk back down by protecting the two principal secrets that open up authorized access to the IP: users’ authentication credentials and data encryption keys. Additionally, IP, at times, can represent the collaborative efforts and outcomes of multiple parties. In this scenario, each has a stake in protecting authentication credentials. The adaptive property of distributed cryptography allows each party to be an equal partner in protecting the credentials, with the added benefit of taking protection up a notch by distributing the pads and masked passwords across organizational and physical boundaries. The adoption and operation of distributed cryptography is invisible to the online business’s customers. For end users, their online routines are undisturbed.
  • 9. 9© 2012 Stratecast. All Rights Reserved. August 2012 Split to Secure: Moving Forward with Distributed Cryptography Stratecast The Last Word In closing, protection of the secrets your organization owns or is entrusted with is only as good as the investments your organization makes. In a world where the sophistication and relentlessness of cyber threats is intensifying, investments are essential to fight back. Distributed cryptography is an investment that demands serious consideration. Not only does distributed cryptography address head-on the long-standing vulnerability of single point of compromise in the protection of authentication credentials, but it does it in a way that is transparent to the user community, is boundless in the types of secrets that can be protected, and is highly adaptive in deployment configurations. Distributed cryptography also presents a new perspective on safe harbor provisions. By strengthening the protection of authentication credentials stored and used in an organization’s environment (i.e., registered credentials are randomized, distributed, never in cleartext, and never reconstructed), and by enabling re-randomization of the pads and masked passwords, organizations narrow the potential of data breaches and the extent of data breach exposure. In practical terms, distributed cryptography transforms a static secret, such as a password, into a split and dynamic secret with a shelf life that is no greater than the period between refresh cycles. By deploying distributed cryptography and periodically refreshing the pads, organizations close the window on hackers. These organizations are now armed with evidence that if compromises of their authentication systems were to occur, they would either have no data breach impact (only one server compromised) or the impact would be measureable (user accounts accessed between refresh cycles). Consequently, an organization’s degree of data breach liability is capped. Rather than having to notify all users with credentials contained in the compromised authentication system (which could be in the millions), notification and remediation is limited to only those users that had account activity between refresh cycles, and only if both servers in the distributed cryptography system have been compromised within the refresh cycle. Moving forward in distributed cryptography calls for a vetted solution developed and supported by a trusted provider. RSA is a heavy-weight provider of distributed cryptography solutions. RSA’s new Distributed Credential Protection (DCP) technology incorporates distributed cryptography as described in this white paper. Plus, there are more capabilities; we have only provided a surface-level perspective. Furthermore, RSA DCP is a “go and grow” type of solution. The nature of RSA DCP being performed in the authentication system easily supports proof of concept and, when moved into production, there is no impact on users. Michael Suby VP of Research Stratecast | Frost & Sullivan msuby@stratecast.com By strengthening the protectionofauthentication credentials stored and used in an organization’s environment, and by enabling re-randomization of the pads and masked passwords, organizations narrow the potential of data breaches and the extent of data breach exposure.
  • 10. 877.GoFrost • myfrost@frost.com http://www.frost.com ABOUT FROST & SULLIVAN Frost & Sullivan, the Growth Partnership Company, partners with clients to accelerate their growth. The company's TEAM Research, Growth Consulting, and Growth Team Membership™ empower clients to create a growth-focused culture that generates, evaluates, and implements effective growth strategies. Frost & Sullivan employs over 50 years of experience in partnering with Global 1000 companies, emerging businesses, and the investment community from more than 40 offices on six continents. For more information about Frost & Sullivan’s Growth Partnership Services, visit http://www.frost.com. ABOUT STRATECAST Stratecast collaborates with our clients to reach smart business decisions in the rapidly evolving and hyper- competitive Information and Communications Technology markets. Leveraging a mix of action-oriented subscription research and customized consulting engagements, Stratecast delivers knowledge and perspective that is only attainable through years of real-world experience in an industry where customers are collaborators; today’s partners are tomorrow’s competitors; and agility and innovation are essential elements for success. Contact your Stratecast Account Executive to engage our experience to assist you in attaining your growth objectives. Silicon Valley 331 E. Evelyn Ave., Suite 100 Mountain View, CA 94041 Tel 650.475.4500 Fax 650.475.1570 London 4, Grosvenor Gardens, London SWIW ODH,UK Tel 44(0)20 7730 3438 Fax 44(0)20 7730 3343 San Antonio 7550 West Interstate 10, Suite 400 San Antonio, Texas 78229-5616 Tel 210.348.1000 Fax 210.348.1003 Auckland Bangkok Beijing Bengaluru Bogotá Buenos Aires Cape Town Chennai Colombo Delhi / NCR Dhaka Dubai Frankfurt Hong Kong Istanbul Jakarta Kolkata Kuala Lumpur London Mexico City Milan Moscow Mumbai Manhattan Oxford Paris Rockville Centre San Antonio São Paulo Seoul Shanghai Silicon Valley Singapore Sophia Antipolis Sydney Taipei Tel Aviv Tokyo Toronto Warsaw Washington, DC