Securely Sharing Private Data Through Centralized Key Management in Large Network Environments

8/3/2019 Securely Sharing Private Data Through Centralized Key Management in Large Network Environments

http://slidepdf.com/reader/full/securely-sharing-private-data-through-centralized-key-management-in-large-network 1/9

Securely Sharing Private Data Through Centralized Key

Management in Large Network Environments

Mark [email protected]

Abstract

As data sharing amongst members of corporations or large organizations

has surpassed the threshold of ubiquity, the need for an effective and

secure manner of private data distribution has emerged as a primary

challenge to rectify. Complexity of authentication mechanisms and

network infrastructure overhauls prevent the average large company or

governmental agency from quickly deploying the needed data solutions of

a modern secure network.

Solutions to this complex situation must fulfill many needs, both as far as

technology integration is concerned, as well as breadth of functionality.

Current secure systems must feature auditing support, as well as schemas

to prevent abuse of privileges. The hardship in delivering such a solution

occurs in providing software that is supported by a large span of platforms

and can be end-user friendly. The essential use of software is highly

lessened, regardless of policy, if the software adds too much complexity to

an end-user’s daily tasks.

mailto:[email protected]





Information security is a critical aspect of any modern computing network with the U.S.

federal government projected to spend $9.6B in information security contracts by 2013. The rise

of integrated networks, file-sharing, portable media, mobile devices, and laptops has created a

worrying complexity of how to secure data in a manageable way that won’t impede productivity

and efficiency. Solutions to sharing private keys such as the Diffie-Hellman Key Exchange (D-

H) prove to be highly ineffective when negotiation of technologies in disparate networks exist. In

addition to the complexity of doing wide-scale key distribution, auditing the release of these

private keys is currently hard to accomplish without adding additional layers of trouble for the

everyday end-user.

Compliance with HIPPA and Sarbanes-Oxley (SOX) is becoming more crucial yearly to

companies to provide assurances to their customers and clients that adherence to data privacy is a

priority. Without a proper auditing mechanism within any secure key-sharing or data-sharing

scheme, little confidence can go behind a product which states to be ‘secure’. A lack of proper

implementation is just as dangerous as little or no implementation at all. A proper security

solution for the needs stated prior must allow for proper auditing teams or managers to see how

and when data is being allowed to be seen and by whom. Without accountability for data, policy

will be unable to stand on its own behalf for providing piece of mind to customers, delegates,

and employees.

The concern of employees having control over company or government data as if it was

their data must also be handled in a way that provides assurances against a rogue employee

merely being fired and never releasing the pass phrases to files which contain data that is the true

property of a company and not they them self. A key escrow technology would have to be



present (if even only an option for availability) to ensure that implementations wouldn’t risk

trade secrets from being taken from the people who rightfully own that data. By utilizing a

proper K of N multi-user authentication scheme, integrity of data availability can still remain

while providing a subset of the entire user base the opportunity to still recover data using the

private keys stored in a central database. As the government made apparent with the ‘Clipper

Chip’ initiative, key escrow is a must-have when data that they feel is valid for them to see has

been previously protected. Adoption of any large-scale cryptography option would be met with

heavy resistance by large corporations if the ability to recovery keys and protected files didn’t

exist.

Current solutions for key management are most often found within a standard Public Key

Infrastructure (PKI). While a standard PKI solution provides flexibility, it its self is actually just

another authentication mechanism to architect, implement, and maintain. A PKI solution such as

Microsoft’s is very application specific to their software and doesn’t allow for generic file

encryption in a way that is portable to Mac, Linux, iPhone, BlackBerry, or other platforms. The

limitations of a vendor-specific PKI are many, but the implementation of such an infrastructure

requires a proper Active Directory domain to be in existence, complex configuration throughout

the network, and end-user certificate enrollment. The further task of maintaing an up-to-date

Certificate Revocation List (CRL) only more increases this challenge of implementation. Lastly,

a PKI such as Microsoft’s won’t provide for the in-depth auditing support that is so critical to a

company at this time.

The challenges of finding a single generic technology solution to provide a proper

implementation of most of these features is great. Existing cryptography standards work



extremely well, but none of them as a singular entity garner the breadth of features that a solution

for the large corporations or governments of the world need. The need for a single solution which

implements the aforementioned list of criteria is of desperate importance so that secure data,

whether at rest or in transit, is available when it is needed, by who should have access to it,

whenever it is deemed necessary.

Aegis Data Security, a Michigan based information technology start-up, is trying to

address the previously stated questions in a new way. Aegis provides a suite of products, all

utilizing a single network appliance, to solve the complex set of problems that currently face

information auditors, security managers, and public relations teams worldwide. With a wide

focus of implementation, the line of Aegis products expands the scope of data security from one

platform to nearly every major platform used in modern computing infrastructures. The breadth

of implementation reach is expansive, providing support for all major desktop Operating

Systems (Windows, Mac, Linux) as well as mobile devices (iPhone, BlackBerry, Windows

Mobile) and any platform that has a web browser and current Java Script support through their

web client product. Aegis Data Security is taking the complexity away from security and placing

the power of information back into the hands of its users.

By leveraging existing authentication mechanisms already deployed within a majority of

networks, large and small, Aegis Data Security removes a large hurdle from the feasibility of a

fast, efficient implementation into an existing network infrastructure. Through providing

integration to networks utilizing LDAP, Active Directory, Kerberos, IMAP, and PKI, Aegis takes

away the need for end-users to remember new credentials and administrators from having to

manage them. Removing the need for extra credentials heightens the likelihood that adherence to



best practices are more likely to be done as there is less potential for an efficiency problem with

an additional username and password. End-users with Windows Vista and Windows 7 machines

that are connected to an Active Directory network won’t even have to login to utilize the desktop

application through a special integration with Windows, further helping users take advantage of

this necessary software without adding overhead.

With end-users likely to perform day-to-day information security tasks through the ease

of use of these products, the reality of key recovery becomes essential to administrators and

managers. Aegis Data Security has implemented a K of N authentication scheme which will not

only allow for a specific number of pre-determined users to login all together to recover a key,

but also allow for different weighted value to be assigned to a specific user. For instance, if two

managers authenticate together, then they are able to recover a file. If however, one manager is

gone that day, the remaining manager and three assistant managers would all be able to

authenticate together in order to recover a protected file’s key. By having a system that is not

only dynamic but secure, key escrow now has integrity as well as piece of mind for those

implementing this solution in their company.

Auditing has also been created throughout the products’ functionality, top to bottom.

Every file encryption, request for decryption, privilege addition and subtraction, administrative

action, and more, is logged to an internal database. These logs can then be exported through

HTML, PDF, or CSV to be reviewed as needed. Heavy customization of reports is provided to

narrow information from a complexity nightmare, to a simplistic and clear cut idea of what an

auditor would want or need to know about any file or user that is within the system. In the event

of an information security breach, auditors would be able to concisely provide information as to



the trail which the data had taken to get to possible points of security lapse. By knowing not only

who accessed a file, but also from when, where, what client, what operating system, and through

what privilege they were granted, tracking down a leak is much easier than ever before in a

complex system.

Because Aegis Data Security has a centralized key management solution implemented

with their software, each of their products and future products will be able to leverage the same

information. Aegis also provided solutions to do redundant data solutions and load balancing to

ensure not only confidentiality and integrity, but also strong availability. Utilizing a hardened-

Linux network appliance, Aegis can help provide reassurance that the information contained

within the server is secure at rest. By stripping unneeded features, providing tamper evident

stickers, and digitally signed updates, Aegis adds security into the equation on every front of

their products.

While Aegis Data Security has provided a comprehensive solution to many problems, the

ever present need for proper implementation is beyond their control. While government spending

increases above even general IT spending, convincing any government of one product’s prowess

will be a hard road ahead. Centralization of resources and data often makes many a network

administrator nervous as far as single points of failure goes, especially when a loss of a key

database could potentially result in the loss of all of a company’s data. Even though backup and

distribution mechanisms are provided by Aegis, the failure of a network administrator to use

them properly could end up costing a company billions as a result of a bug or fluke case. Aegis

will need to investigate heavy testing by public facilities (such as universities, security research

centers, and others) in order to garner the respect they will need to have the confidence behind



their products that they need to make a real impact on the security landscape. In some ways,

decentralized and less friendly solutions, while lacking, are safer options as less data is up for

compromise or loss at one time.

Providing a large feature set solves the problems of implementation that many companies

and governments face, but adoption of such technology is still a leap due to concerns of

backdoors, bugs, and other integrity failures on the part of a company producing closed-source

products. The truly universal solution to so many of these problems will ultimately need to be

open-source most likely. Just as peer-review has created a trustworthy landscape in general

cryptography and policy over the past few decades, a product that can be implemented in such a

way that end-users, managers, and CxOs can feel comfortable will need to have greater access to

the knowledge that the code intimate to their security is indeed of the highest quality.

Going forward, information security specialists must start crafting a modular framework

of features, in the open, for all to commit ideas and opinions about. By creating a consortium of

industry specialists and companies, brilliant minds can solve these same problems in a public and

free way, adding functionality through a standard set of APIs. Through allowing third-parties to

submit for instance authentication plugins, larger bases of implementation will occur and the

scope of the product’s potential grows exponentially. By being peer-reviewed in a similar manner

that the Linux kernel has been over the years, integrity of code and the assurance of no

backdoors to the product will prevent another hurdle of implementation from existing and

stunting usage of such a product.

A Standard Operating Procedures (SOP) document as well as different policy and

auditing documents would allow for the product to not only be secure in code and trusted, but



also help provide a smooth and easy transition for different environments. Since strong policy is

just as important and critical to success as a product’s features, the non-programmer side of the

security community can still add to such a project and revolutionize the idea that information

security cannot be easy and won’t ever be something that is done properly. The need for constant,

unwavering security is well within the scope of our computing era, and to ignore its priority is to

mock the idea that confidentiality and integrity should even exist.

The landscape of information security is currently changing from an inconvenience to a

priority by the reality of its necessity. As network infrastructure broadens further, data in

transmission and data at rest needs to be able to associate cleanly with the credentials that people

are already so familiar with, and in a manner they understand and will use. For every laptop lost,

thumb drive stolen, and e-mail snooped upon, an excuse for security versus convenience was

likely made. The information security community needs to disallow any more excuses but rather

step up and commit to not only making security standards, but products around them that use

those standards in the most proper way fit. The need and complexity of a usable security solution

will not decrease and as such, the responsibility of those capable to do something about it is

apparent. Just as the great cryptographers and mathematicians across the years have seen a need

to protect secrets, the information security specialist needs to protect those secrets in a way that

will be not just done, but done well.



References

Aegis Data Security. (2009). Aegis Data Security Products. Retrieved June 4th, 2009, from

http://aegisdatasecurity.com/products.html

Abelson et al. (1998). The Risks of Key Recovery, Key Escrow & Trusted-Third PartyEncryption. Retrieved June 2nd, 2009, from http://www.cdt.org/crypto/risks98/

Centers for Medicare & Medicaid Services. (2009, April 21).

Overview Information Security. Retrieved June, 3rd, 2009, from

http://www.cms.hhs.gov/InformationSecurity/

Housley, Russ. (2001). Planning for PKI:

Best Practices Guide for Deploying Public Key Infrastructure. Wiley.

INPUT. (2008, September 17). Information Security Spending By The U.S. Feder al GovernmentWill Reach $9.6 Billion By 2013. Retrieved June 2nd, 2009, from

http://www.input.com/corp/press/detail.cfm?news=1395

Kurosawa, K & Obana, S. (1997). Characterization of (k, n) Multi-Receiver Authentication.

Retrieved June 2nd, 2009, from http://kuro.cis.ibaraki.ac.jp/~kurosawa/1997/broad.ps

Levy, Steven. (2002). Crypto:

How the Code Rebels Beat the Government Saving Privacy in the Digital Age.

Diane Pub Co.

Office of the Press Secretary, The White House. (1993, April 16). Clipper Chip Announcement.

Retrieved June 2nd, 2009, from http://csrc.nist.gov/keyrecovery/clipper.txt

http://csrc.nist.gov/keyrecovery/clipper.txt



http://kuro.cis.ibaraki.ac.jp/~kurosawa/1997/broad.ps

http://kuro.cis.ibaraki.ac.jp/~kurosawa/1997/broad.ps





http://www.cdt.org/crypto/risks98/

http://www.cdt.org/crypto/risks98/



Documents

Securely Sharing Private Data Through Centralized Key Management in Large Network Environments