Securely Sharing Private Data Through Centralized Key Management in Large Network Environments

Mark Stanislav mark.stanislav@gmail.com

Abstract
As data sharing amongst members of corporations or large organizations has surpassed the threshold of ubiquity, the need for an effective and secure manner of private data distribution has emerged as a primary challenge to rectify. Complexity of authentication mechanisms and network infrastructure overhauls prevent the average large company or governmental agency from quickly deploying the needed data solutions of a modern secure network.

Solutions to this complex situation must fulfill many needs, both as far as technology integration is concerned, as well as breadth of functionality. Current secure systems must feature auditing support, as well as schemas to prevent abuse of privileges. The hardship in delivering such a solution occurs in providing software that is supported by a large span of platforms and can be end-user friendly. The essential use of software is highly lessened, regardless of policy, if the software adds too much complexity to an end-user’s daily tasks.

Information security is a critical aspect of any modern computing network with the U.S. federal government projected to spend $9.6B in information security contracts by 2013. The rise of integrated networks, file-sharing, portable media, mobile devices, and laptops has created a worrying complexity of how to secure data in a manageable way that won’t impede productivity and efficiency. Solutions to sharing private keys such as the Diffie-Hellman Key Exchange (DH) prove to be highly ineffective when negotiation of technologies in disparate networks exist. In addition to the complexity of doing wide-scale key distribution, auditing the release of these private keys is currently hard to accomplish without adding additional layers of trouble for the everyday end-user. Compliance with HIPPA and Sarbanes-Oxley (SOX) is becoming more crucial yearly to companies to provide assurances to their customers and clients that adherence to data privacy is a priority. Without a proper auditing mechanism within any secure key-sharing or data-sharing scheme, little confidence can go behind a product which states to be ‘secure’. A lack of proper implementation is just as dangerous as little or no implementation at all. A proper security solution for the needs stated prior must allow for proper auditing teams or managers to see how and when data is being allowed to be seen and by whom. Without accountability for data, policy will be unable to stand on its own behalf for providing piece of mind to customers, delegates, and employees. The concern of employees having control over company or government data as if it was their data must also be handled in a way that provides assurances against a rogue employee merely being fired and never releasing the pass phrases to files which contain data that is the true property of a company and not they them self. A key escrow technology would have to be

present (if even only an option for availability) to ensure that implementations wouldn’t risk trade secrets from being taken from the people who rightfully own that data. By utilizing a proper K of N multi-user authentication scheme, integrity of data availability can still remain while providing a subset of the entire user base the opportunity to still recover data using the private keys stored in a central database. As the government made apparent with the ‘Clipper Chip’ initiative, key escrow is a must-have when data that they feel is valid for them to see has been previously protected. Adoption of any large-scale cryptography option would be met with heavy resistance by large corporations if the ability to recovery keys and protected files didn’t exist. Current solutions for key management are most often found within a standard Public Key Infrastructure (PKI). While a standard PKI solution provides flexibility, it its self is actually just another authentication mechanism to architect, implement, and maintain. A PKI solution such as Microsoft’s is very application specific to their software and doesn’t allow for generic file encryption in a way that is portable to Mac, Linux, iPhone, BlackBerry, or other platforms. The limitations of a vendor-specific PKI are many, but the implementation of such an infrastructure requires a proper Active Directory domain to be in existence, complex configuration throughout the network, and end-user certificate enrollment. The further task of maintaing an up-to-date Certificate Revocation List (CRL) only more increases this challenge of implementation. Lastly, a PKI such as Microsoft’s won’t provide for the in-depth auditing support that is so critical to a company at this time. The challenges of finding a single generic technology solution to provide a proper implementation of most of these features is great. Existing cryptography standards work

extremely well, but none of them as a singular entity garner the breadth of features that a solution for the large corporations or governments of the world need. The need for a single solution which implements the aforementioned list of criteria is of desperate importance so that secure data, whether at rest or in transit, is available when it is needed, by who should have access to it, whenever it is deemed necessary. Aegis Data Security, a Michigan based information technology start-up, is trying to address the previously stated questions in a new way. Aegis provides a suite of products, all utilizing a single network appliance, to solve the complex set of problems that currently face information auditors, security managers, and public relations teams worldwide. With a wide focus of implementation, the line of Aegis products expands the scope of data security from one platform to nearly every major platform used in modern computing infrastructures. The breadth of implementation reach is expansive, providing support for all major desktop Operating Systems (Windows, Mac, Linux) as well as mobile devices (iPhone, BlackBerry, Windows Mobile) and any platform that has a web browser and current Java Script support through their web client product. Aegis Data Security is taking the complexity away from security and placing the power of information back into the hands of its users. By leveraging existing authentication mechanisms already deployed within a majority of networks, large and small, Aegis Data Security removes a large hurdle from the feasibility of a fast, efficient implementation into an existing network infrastructure. Through providing integration to networks utilizing LDAP, Active Directory, Kerberos, IMAP, and PKI, Aegis takes away the need for end-users to remember new credentials and administrators from having to manage them. Removing the need for extra credentials heightens the likelihood that adherence to

best practices are more likely to be done as there is less potential for an efficiency problem with an additional username and password. End-users with Windows Vista and Windows 7 machines that are connected to an Active Directory network won’t even have to login to utilize the desktop application through a special integration with Windows, further helping users take advantage of this necessary software without adding overhead. With end-users likely to perform day-to-day information security tasks through the ease of use of these products, the reality of key recovery becomes essential to administrators and managers. Aegis Data Security has implemented a K of N authentication scheme which will not only allow for a specific number of pre-determined users to login all together to recover a key, but also allow for different weighted value to be assigned to a specific user. For instance, if two managers authenticate together, then they are able to recover a file. If however, one manager is gone that day, the remaining manager and three assistant managers would all be able to authenticate together in order to recover a protected file’s key. By having a system that is not only dynamic but secure, key escrow now has integrity as well as piece of mind for those implementing this solution in their company. Auditing has also been created throughout the products’ functionality, top to bottom. Every file encryption, request for decryption, privilege addition and subtraction, administrative action, and more, is logged to an internal database. These logs can then be exported through HTML, PDF, or CSV to be reviewed as needed. Heavy customization of reports is provided to narrow information from a complexity nightmare, to a simplistic and clear cut idea of what an auditor would want or need to know about any file or user that is within the system. In the event of an information security breach, auditors would be able to concisely provide information as to

the trail which the data had taken to get to possible points of security lapse. By knowing not only who accessed a file, but also from when, where, what client, what operating system, and through what privilege they were granted, tracking down a leak is much easier than ever before in a complex system. Because Aegis Data Security has a centralized key management solution implemented with their software, each of their products and future products will be able to leverage the same information. Aegis also provided solutions to do redundant data solutions and load balancing to ensure not only confidentiality and integrity, but also strong availability. Utilizing a hardenedLinux network appliance, Aegis can help provide reassurance that the information contained within the server is secure at rest. By stripping unneeded features, providing tamper evident stickers, and digitally signed updates, Aegis adds security into the equation on every front of their products. While Aegis Data Security has provided a comprehensive solution to many problems, the ever present need for proper implementation is beyond their control. While government spending increases above even general IT spending, convincing any government of one product’s prowess will be a hard road ahead. Centralization of resources and data often makes many a network administrator nervous as far as single points of failure goes, especially when a loss of a key database could potentially result in the loss of all of a company’s data. Even though backup and distribution mechanisms are provided by Aegis, the failure of a network administrator to use them properly could end up costing a company billions as a result of a bug or fluke case. Aegis will need to investigate heavy testing by public facilities (such as universities, security research centers, and others) in order to garner the respect they will need to have the confidence behind

their products that they need to make a real impact on the security landscape. In some ways, decentralized and less friendly solutions, while lacking, are safer options as less data is up for compromise or loss at one time. Providing a large feature set solves the problems of implementation that many companies and governments face, but adoption of such technology is still a leap due to concerns of backdoors, bugs, and other integrity failures on the part of a company producing closed-source products. The truly universal solution to so many of these problems will ultimately need to be open-source most likely. Just as peer-review has created a trustworthy landscape in general cryptography and policy over the past few decades, a product that can be implemented in such a way that end-users, managers, and CxOs can feel comfortable will need to have greater access to the knowledge that the code intimate to their security is indeed of the highest quality. Going forward, information security specialists must start crafting a modular framework of features, in the open, for all to commit ideas and opinions about. By creating a consortium of industry specialists and companies, brilliant minds can solve these same problems in a public and free way, adding functionality through a standard set of APIs. Through allowing third-parties to submit for instance authentication plugins, larger bases of implementation will occur and the scope of the product’s potential grows exponentially. By being peer-reviewed in a similar manner that the Linux kernel has been over the years, integrity of code and the assurance of no backdoors to the product will prevent another hurdle of implementation from existing and stunting usage of such a product. A Standard Operating Procedures (SOP) document as well as different policy and auditing documents would allow for the product to not only be secure in code and trusted, but

also help provide a smooth and easy transition for different environments. Since strong policy is just as important and critical to success as a product’s features, the non-programmer side of the security community can still add to such a project and revolutionize the idea that information security cannot be easy and won’t ever be something that is done properly. The need for constant, unwavering security is well within the scope of our computing era, and to ignore its priority is to mock the idea that confidentiality and integrity should even exist. The landscape of information security is currently changing from an inconvenience to a priority by the reality of its necessity. As network infrastructure broadens further, data in transmission and data at rest needs to be able to associate cleanly with the credentials that people are already so familiar with, and in a manner they understand and will use. For every laptop lost, thumb drive stolen, and e-mail snooped upon, an excuse for security versus convenience was likely made. The information security community needs to disallow any more excuses but rather step up and commit to not only making security standards, but products around them that use those standards in the most proper way fit. The need and complexity of a usable security solution will not decrease and as such, the responsibility of those capable to do something about it is apparent. Just as the great cryptographers and mathematicians across the years have seen a need to protect secrets, the information security specialist needs to protect those secrets in a way that will be not just done, but done well.

References Aegis Data Security. (2009). Aegis Data Security Products. Retrieved June 4th, 2009, from http://aegisdatasecurity.com/products.html Abelson et al. (1998). The Risks of Key Recovery, Key Escrow & Trusted-Third Party Encryption. Retrieved June 2nd, 2009, from http://www.cdt.org/crypto/risks98/ Centers for Medicare & Medicaid Services. (2009, April 21). Overview Information Security. Retrieved June, 3rd, 2009, from http://www.cms.hhs.gov/InformationSecurity/ Housley, Russ. (2001). Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructure. Wiley. INPUT. (2008, September 17). Information Security Spending By The U.S. Federal Government Will Reach $9.6 Billion By 2013. Retrieved June 2nd, 2009, from http://www.input.com/corp/press/detail.cfm?news=1395 Kurosawa, K & Obana, S. (1997). Characterization of (k, n) Multi-Receiver Authentication. Retrieved June 2nd, 2009, from http://kuro.cis.ibaraki.ac.jp/~kurosawa/1997/broad.ps Levy, Steven. (2002). Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age. Diane Pub Co. Office of the Press Secretary, The White House. (1993, April 16). Clipper Chip Announcement. Retrieved June 2nd, 2009, from http://csrc.nist.gov/keyrecovery/clipper.txt

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.