February 5th, 2010
An electronic health record (EHR) (also electronic patient record or computerised patient record) is an evolving concept defined as a systematic collection of electronic health information about individual patients or populations. It is a record in digital format that is capable of being shared across different health care settings, by being embedded in network-connected enterprise-wide information systems. Such records may include a whole range of data in comprehensive or summary form, including demographics, medical history, medication and allergies, immunization status, laboratory test results, radiology images, and billing information.
Medical records must be shared among doctors, for providing “second opinion” and so forth. The way these records may be shared may differ, but one requirement remains paramount: patient privacy.
Privacy concerns in healthcare apply to both paper and electronic records. According to the Los Angeles Times, roughly 150 people (from doctors and nurses to technicians and billing clerks) have access to at least part of a patient’s records during a hospitalization, and 600,000 payers, providers and other entities that handle providers’ billing data have some access also. Recent revelations of “secure” data breaches at centralized data repositories, in banking and other financial institutions, in the retail industry, and from government databases, have caused concern about storing electronic medical records in a central location. Records that are exchanged over the Internet are subject to the same security concerns as any other type of data transaction over the Internet.
SentryCom VoiceProof® provides a way to secure share medical records (containg information in any form or type) :
The above demo allows to:
· Choose file (medical record),
· Encrypt it,
· Deliver it via MS Outlook and
· Seal it for specified recipients (doctors by name).
Only doctors specified by name will be able to view this medical record.
Another problem facing healthcare industry is the issue of digitally signing doctors prescription for dispensing by online pharmacies.
Two issues arise here: strongly authenticating doctor online and ensuring integrity of prescription content.
SentryCom VoiceProof® provides a way to respond to these requirements.
The above demo allows to:
· Choose file (medical prescription),
· Sign by Doctor and Encrypt it,
· Deliver it via MS Outlook and
· Seal it for specified recipient (pharmacist by name).
Only specified pharmacist will be able to view this prescription.
When specified pharmacist receives this prescription – he will be strongly authenticated and on success – will view doctor’s signature and prescription as shown below:
It should be emphasized that there are a number of operational advantages in our approach:
· No need for acquiring digital certificates
· Complies with Secure Digital Signature
· Prevents privacy disputes
· Preservs information integrity
· Do not require changes in current procedure
· Do not require integration with existing IT infrastructure.
· Available as Software-as-a-Service.
Additional Benefits:
· The same software infrastructure allows 2-factor/3-factor strong authentication for remote domain access and remote portal access.
· Eliminates the need for multiple hardware OTP tokens to access multiple domains
· Prevents from doctors to carry “ token necklace” to access different medical insurance companies
Tags: healthcare
Posted in general | No Comments »
February 4th, 2010
ID Fraud Statistics:
The problem with “Verified by Visa” solution to ID fraud:
•Branded as “Verified by Visa” and “MasterCard SecureCode”; hereinafter 3DS
•Lets you use a password with your credit card to pay at many merchant websites
•Like Passport, OpenID etc, it redirects you to a central login service
•It was the card industry’s answer to a big rise in card-not-present (CNP) fraud that followed the introduction of the Europay-Mastercard-VISA (EMV) smartcard payment system
•Customer presents card to merchant
•Merchant passes card number to its bank (the acquirer) who supplies a URL for logon
•The URL is often to a third-party service such as RSA
•The logon page was originally presented as popup
•Because of popup blockers, the standard now recommends that the merchant embeds it in an iframe:
•If successful, auth code is returned for merchant using TLS and client certificate
•Similar systems are being introduced (or are planned) for more and more payment systems
–VISA original credits
–Single European Payment Area (SEPA) e-Mandates
•The latter will replace cheques in Europe!
•So how secure is all this? Not much due to phishing as seen below:
For full discussion see :
http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf
Verified by Visa relies on banks to authenticate the customer. Since different banks may use different authentication schemes – using password is the only common solution open for credit-card-using customers. Therefore relying on banks is not helpful. The need exists to look for different solution.
Today many merchants use the services of Payment Data Storage (PDS) providers, compliant with PCI strict requirements. It would be natural to them if external service provider will not only store credit-card data , but also authenticate credit-card data holders. Our MACS-Managed Authentication&Crypto Service may provide such a function working independently from Payment Data Storage provider. How this may work :
System administration by Merchants, MACS and PDS:
· PDS X assigns customer username (say X342159) ·
· PDS X sends to MACS customer username and customer email.
· MACS sends registration email to customer.
· Online Transaction will be signed by customer
· Customer may update (add/delete) his credit card info (self-service with MACS)
· Merchant Y will verify credentials of customer username using PDS X database. If transaction is signed by the customer – merchant Y will approve it. If transaction is not signed by the customer and PDS database contains customer username – merchant Y will reject it. Therefore customer credit card is protected against Identity Fraud. If customer username do not appear at PDS database – Merchant Y will use currently adopted best practices.
MACS & PDS integration:
· Identity Assurance of customer by PDS
· Assignment of username & email by PDS
· Send username/email to MAC
· Register user by MAC
· Transaction Verification by MAC
· Audit payment data by PDS
The customer and the merchant will keep signed transaction in the following form:
Tags: Credit Card, PCI
Posted in ID theft, general | No Comments »
February 4th, 2010
Significant part of Insurance Industry sales involves Insurance Agents. Their day-to-day business involve interaction with customers, in order to help individuals, families, and businesses select insurance policies that provide the best protection for their lives, health, and property.
On selection – customer needs to sign insurance forms. In this day and age – forms are signed using agent’s laptop and computer tablet:
Computer tablet is used to acquire what is called electronic signature. The U.S. Code defines an electronic signature as “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”
There two major issues here, related to Identity Fraud:
1. How customer can be sure that policy terms received by insurance company are indeed the terms he intended?
2. How insurance company can be sure about the insurance agent identity?
There is a need to incorporate Secure Electronic (or Digital) Signature of insurance agent on top of electronic signature of the customer to resolve these issues.
A Secure Electronic Signature is as an electronic signature that
(a) is unique to the person making the signature;
(b) the technology or process used to make the signature is under the sole control of the person making the signature;
(c) the technology or process can be used to identify the person using the technology or process; and
(d) the electronic signature can be linked with an electronic document in such a way that it can be used to determine whether the electronic document has been changed since the electronic signature was incorporated in, attached to or associated with the electronic document.
Therefore Secure Digital Signature must include Online Strong Authentication to identify Insurance Agent and Advanced Crypto Technologies to ensure that signed poicy document will not be altered undetected. This is accomplished using our patented CryptoBiometrics™ technology.
All customer needs to do is to demand from agent to sign in front of him:
Insurance Company receiving the digitally signed form will open to see the following:
Insurance company will learn that customer John Smith signed the policy in from of agent Steve Jones. The company will also know that agent Steve Jones digitally signed on front of the customer vs. Service Provider and date/stamp is valid.The content of the form was not changed.
It should be emphasized that there are a number of operational advantages in our approach:
· No need for acquiring digital certificates
· Complies with Secure Digital Signature
· Prevents customer dispute
· Prevents agent dispute
· Do not require changes in current procedure
· Do not require integration with Insurance Company IT infrastructure.
· Available as Software-as-a-Service.
Additional Benefits:
· The same software infrastructure allows 2-factor/3-factor strong authentication for remote domain access and remote portal access.
· Eliminates the need for multiple hardware OTP tokens to access multiple domains
· Prevents from insurance agents to carry “ token necklace” to access different insurance companies
Posted in Uncategorized | No Comments »
January 21st, 2010
The term PKI is sometimes erroneously used to denote public key algorithms, which do not require the use of a CA (Certificate Authorities). For example Web of Trust and Simple Public Key Infrastructure (SPKI). CryptoBiometrics™ is another implementation of this approach to use public key algorithms , while addressing known weaknesses of Certificate Authorities.
I was reading Wikipedia on PKI and found a 10-year old reference to “Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure” by C. Ellison and B. Schneier , http://www.schneier.com/paper-pki.html.
So this blog will be written to answer these risks with our CryptoBiometrics™. The risk questions and quoted comments are from this paper .
Risk #1: “Who do we trust, and for what?”
“There are those who even try to induce a PKI customer in believing in names. Their logic goes: (1) you have an ID certificate, (2) that gives you the keyholder’s name, (3) that means you know who the keyholder is, (4) that’s what you needed to know. Of course, that’s not what you needed to know.”
What is needed is the process capable of verifying online and in real-time vs. Certificate Authority that the person appearing in the certificate indeed is assigned with the key shown on the certificate.
Risk #2: “Who is using my key?”“
One of the biggest risks in any CA-based system is with your own private signing key. How do you protect it? You almost certainly don’t own a secure computing system with physical access controls, TEMPEST shielding, “air wall” network security,and other protections; you store your private key on a conventional computer. There, it’s subject to attack by viruses and other malicious programs. Even if your private key is safe on your computer, is your computer in a locked room, with video surveillance, so that you know no one but you ever uses it? If it’s protected by a password, how hard is it to guess that password? If your key is stored on a smart card, how attack-resistant is the card? Most are very weak.] If it is stored in a truly attack-resistant device, can an infected driving computer get the trustworthy device to sign something you didn’t intend to sign?”
Aram Perez correctly commented on that saying “ that you have this risk with any encryption system. The whole basis for modern cryptography is the protection of the secret (symmetric) key or the private (asymmetric) key, whether or not a CA is involved. If either the secret or private key is exposed or used by the wrong person, you lose all security offered by cryptography.”
If protecting private key is virtually impossible in Open Internet – does it mean that asymmetric key cryptography cannot be used to sign transactions? I believe that instead of using CA assigned private key bound to person’s identity we need to use another attribute, that can be bound to the person’s identity as well as to the existing Crypto technology. SentryCom CryptoBiometrics™ does just that.
Risk #3: “How secure is the verifying computer?
“Certificate verification does not use a secret key, only public keys. Therefore, there are no secrets to protect. However, it does use one or more “root” public keys. If the attacker can add his own public key to that list, then he can issue his own certificates, which will be treated exactly like the legitimate certificates. They can even match legitimate certificates in every other field except that they would contain a public key of the attacker instead of the correct one.”
Verifying computer cannot accept forged SentryCom CryptoBiometrics™ certificates. If for example bank wants to verify transaction , signed with CryptoBiometrics™ certificate , then this verifying computer will be securely connected with SentryCom CA server. Forgery will need to go to rogue servers and this connection will be prevented.
Risk #4: “Which John Robinson is he?”
“Certificates generally associate a public key with a name, but few people talk about how useful that association is.”
SentryCom CryptoBiometrics™ certificate adds email address to the person’s first name and last name , which makes this description unique. If person updates his email address with SentryCom CA (using self-serving administration , contingent on 3-factor strong authentication) then SentryCom CA will keep track of new as well as old email, as bound to the person.
Risk #5: “Is the CA an authority?”
It is- if it does the job it claims to do.
Risk #6: “Is the user part of the security design?”“
Does the application using certificates take the user into account or does it concern itself only with cryptography?”
In our case the answer is obviously yes, the user is an integral part.
Risk #7: “Was it one CA or a CA plus a Registration Authority?”“
Some CAs, in response to the fact that they are not authorities on the certificate contents, have created a two-part certification structure: a Registration Authority (RA), run by the authority on the contents, in secure communication with the CA that just issues certificates. The RA+CA model is categorically less secure than a system with a CA at the authority’s desk. The RA+CA model allows some entity (the CA) that is not an authority on the contents to forge a certificate with that contents.”
We are one authority, secure by design.
Risk #8: “How did the CA identify the certificate holder?”
“Whether a certificate holds just an identifier or some specific authorization, the CA needs to identify the applicant before issuing the certificate. Meanwhile, having identified the applicant somehow, how did the CA verify that the applicant really controlled the private key corresponding to the public key being certified?”
To enroll into SentryCom CryptoBiometrics™ one needs third-party Identity Assurance , provided by enterprise, requesting our service. For example by bank providing us with its customer’s credentials. From that moment one can be assured that customer is using our service.
Risk #9: “How secure are the certificate practices?”
“How is key lifetime computed?” The CryptoBiometrics™ key lifetime is until it is revoked.
“Does the vendor support certificate or key revocation?” yes.
“ Is that dating done by a secure timestamp service?” yes
“ How long are the generated public keys and why was that length chosen?”. We use 1024 bit RSA keys , as legally accepted standard.
Risk #10: “Why are we using the CA process,
anyway?”
“After the CA was installed and all employees had been issued certificates, the customer turned to the PKI vendor and asked, “OK, how do we do single sign-on?” The answer was, “You don’t. That requires a massive change in the underlying system software.”
We can do SSO and many other software apps., but this is a different story.
Tags: CryptoBiometrics, PKI
Posted in general | No Comments »
January 14th, 2010
Electronic Signature.
A signature is a stylized script associated with a person. It is comparable to a seal. In commerce and the law, a signature on a document is an indication that the person adopts the intentions recorded in the document. An electronic signature is any legally recognised electronic means that indicates that a person adopts the contents of an electronic message. The U.S. Code defines an electronic signature as “an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”
In law, if a signature on a contract or other document is contested, the signature must meet certain tests before a court will uphold them if contested. A central question in such cases is forgery and spoofing of assent, and in these decisions, courts have held that forgery and spoofing can be in practice ruled out. Nevertheless, it is easily possible, for many electronic methods of signature, or imputed signature, to forge or spoof assent. The rapidly rising problem of identity theft illustrates the ease of such forgeries.
An electronic signature may incorporate a digital signature if it uses cryptographic methods to assure, at the least, both message integrity and authenticity. All current cryptographic digital signature schemes require that the recipient have a way to obtain the sender’s public key with assurances of some kind that the public key and sender identity properly belong together, and that message integrity measures (also digital signatures) which assure that neither the attestation nor the value of the public key can be surreptitiously changed.
Biometrics.
Another approach is to attach some biometric measurement to a document as evidence of signature. Since each of these physical characteristics has claims to uniqueness among humans, each is to some extent useful as a signature method. Unfortunately, some are easily spoofable by a replay of the electronic signal produced and submitted to the computer system responsible for ‘affixing’ a signature to a document. Biometric measurements of this type are useless as passwords, as they can’t be changed if compromised. However, they might be serviceable as electronic signatures of a kind – except that, to date they have been so easily spoofable that they can carry little assurance that the person who purportedly signed a document was actually the person who did.
What you see and what you sign.
A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery and tampering.Technically speaking, a digital signature applies to a string of bits, whereas humans and applications “believe” that they sign the semantic interpretation of those bits. In order to be semantically interpreted the bit string must be transformed into a form that is meaningful for humans and applications, and this is done through a combination of hardware and software based processes on a computer system.
Documents are immaterial because the information is represented by logical bits that can be stored on, and copied to, any suitable electronic medium, and they only become meaningful to humans when represented through an analogue physical medium such as a computer screen or a printout. The validity of a digital document is authenticated by verifying that an immaterial digital signature logically matches the already immaterial document. Because a digital document in its immaterial form can not be observed directly by the signer, the digital signature can only serve as evidence of the signer’s agreement to some analogue representation of the document, although it is usually assumed that it represents the signer’s agreement to the immaterial electronic document itself.
A desirable property of digital signature systems is to guarantee that what you see is what you sign., abbreviated as WYSIWYS.
Fundamental problems:
1. In general, the property of providing WYSIWYS depends on the integrity of the digital signature system and platform. In case there is insufficient evidence regarding the integrity of digital signature systems and platform, they can in principle not be trusted. This is a fundamental problem for the practical usage of digital signatures.
A fundamental aspect of digital documents is that displaying and digitally signing them are separate and unlinked processes.
2. All public key / private key cryptosystems depend entirely on keeping the private key secret. A private key can be stored on a user’s computer, and protected by a local password, but this has two disadvantages:
· the user can only sign documents on that particular computer
· the security of the private key depends entirely on the security of the computer
Another fundamental problem of digital signing is that strong authentication and private key signing are separate and unlinked processes.
3. Do electronic documents bearing digital signatures and some form of biometric identifier qualify for the enhanced evidentiary treatment, i.e., should the use of a digital signature and a biometric identifier create a presumption that the originator of the message is the person indicated and that the content of the message has not been altered?
The parties are always free to agree in advance to the use a particular security procedure, and the presumptions arise if the security procedure indicates that one of the parties is the originator of the electronic document. A security procedure must be both “commercially reasonable” and implemented in a “trustworthy manner” in order to qualify as a “secure electronic signature.” Do digital signatures and biometric identifiers meet these standards? The use of biometrics, even though not yet standardized, might be useful in showing that a digital signature was implemented in a “trustworthy manner” in a high-value transaction where an abundance of caution would be considered prudent. A combination of these security procedures may come very close to achieving a non-reputable method for identifying both the originator and content of an electronic document.
Conclusions:
1. Signing process : the need exists to bind online strong authentication of the signatory, digital signing and digitally signed documents display into one process to prevent tampering and fraud.
2. Verification process: the need also exists to provide a structure for binding biometrics and digital signature so that Online service will be able to validate in interdependent way document integrity and originator authenticity.
Posted in ID theft, general | No Comments »
December 13th, 2009
Use Case: Rapidly Scaling an Insurance Application using a Public Cloud.
Raised by Cloud Computing Security Use Cases group
http://groups.google.com/group/cloud-computing-use-cases/browse_thread/thread/a591dee0861f4e93?pli=1
Description:
I quote:
“An insurance company’s new Insurance policy claims application’s has proven to be valuable in capturing customer and property damage data.
A hurricane is predicted to hit the gulf coast region of the United States and the IT Staff wishes to elastically scale out the new application to accommodate the additional customers and field agents that may need it in the aftermath. The company’s IT Staff selects a Public Cloud Provider to fulfill their short-term compute needs and host additional images of their insurance policy claims application.”
The problem: ID fraudsters. They might utilize the system as well: impersonating field agent (you may weight it’s motivation as $) , modifying (beneficiary) of the claim form in browser (you may weight it’s motivation as $$$) or stealing the stored form from the cloud (you may weight it’s motivation as $$). From that analysis you might deduce that greatest vulnerability is in the agent browser.
Our vulnerability-addressing approach – from bottom-up, where:
1. Man-in-the-Browser vulnerability is resolved.
2. Field agent impersonation vulnerability is resolved.
3. Public Cloud Stored form vulnerability is resolved.
Implementation:
1. Insurance company agent log-ins using our external SaaS to access form-filling app.
http://www.sentry-com.net/files/MAS-SSO.jpg
2. The form is filled, digitally signed by insurance agent and uploaded to the cloud.
http://www.sentry-com.net/Transaction.html
3. The uploaded form is encrypted, but cannot be decrypted in the cloud.
http://www.sentry-com.net/CloudComputing.html
4. Insurance company staff downloads the form from the cloud and decrypts signed form.
http://sentry-com.net/blog/?p=202
Another use cases raised by the same Cloud Computing Security Use Cases group (same link above) :
I quote: “A financial investment company is about to internally announce a new investment products to its agents and affiliates. This will involve include creation of several videos to explain the benefits and features new product to its staff and agents, as well as to train/instruct them on when to recommend these products to their customers. These videos are quite large and need to be made available (on-demand) as secure, confidential data to appropriately certified company agents worldwide. There are federal regulations and industry obligations that need to be enforced (policy) to assure that this new product announce and the videos are kept confidential during a restricted period. The financial company decides to utilize a Public Storage Cloud to elastically scale to handle the secure hosting (storage) and streaming for these new videos while using security features in the cloud to auditable access control to the videos in accordance with security policies when employees and agents access the videos.”
This use case is different from the first one and its implementation is different . We have to differentiate between the “quite” restricted period and aftewards. For the restricted period the videos on the public cloud needs to be stored encrypted and they should not be decrypted under any circumstances.
1. The uploaded video is encrypted and can be accessed on the cloud during the restricted period by the group including staff and agents. The uploaded video is encrypted, but cannot be decrypted in the cloud.
http://www.sentry-com.net/CloudComputing.html
2. Financial investment company staff and agents downloads the encrypted video from the cloud and decrypts it on their desktop.
http://sentry-com.net/blog/?p=202
3. Audit trail for anybody – anywhere accessing these restricted video’s is available and is built-in into the system.
4. Following restricted period – video’s (this time not encrypted) should be uploaded again for public viewing.
Tags: Cloud Computing, transaction verification
Posted in ID theft, general | No Comments »
December 6th, 2009
Where Strong Authentication Fails and What You Can Do About It”- is the name of the latest Gartner Inc. Research Report , written by Aviva Litan.
Security measures such as one-time passwords and phone-based user authentication, considered among the most robust forms of security, are no longer enough to protect online banking transactions against fraud, a new report from research firm Gartner Inc. warns.
“Trojan-based, man-in-the-browser attacks are circumventing strong two-factor authentication, enabled by one-time password tokens,” Gartner wrote in their report of December 3, 2009. “Other strong authentication methods, such as those using chip cards and biometric technology that rely on browser communications, can be similarly defeated,” Gartner said.
For instance, a request to transfer a certain amount of money from one account to another could be modified so that the request the bank gets would be different from the request sent by the user. However, when the bank asks the customer to confirm the transaction, the details of the transaction would appear to the user to be the same as the one he had requested, Gartner said. “The malware is changing what the user sees. So even if you put in a one-time password, you are confirming the wrong transaction,” Gartner said.
In instances where a bank might use a phone-based, “out-of-band” authentication system, criminals are increasingly using call forwarding so that it is the fraudster rather than the legitimate user that is being called by the financial institution, Gartner said.
If security application places outbound call, synchronized to a Web session – then this outbound call can be forwarded to fraudsters. If in addition security application displays a number on the Web screen that must be entered via telephone keypad in the phone – then this number can easily intercepted by Man-in-the-Browser Trojan and forwarded to the same fraudsters , thus hijacking the session. We can reverse the loop and request user to sent some transaction info using phone keypad. But this does not make any difference.
Nokia 1100 became VERY POPULAR amongst fraudsters as seen by Google Searches worldwide:
”
Measuring risks and probabilities changed over the last year. The attacks are becoming increasinlgy focused and targeted on people performing high-value transactions. For them – the probability of hacker “cloning” mobile phone as well as planting man-in-the-browser may be very high! For those inclined for further reading :
http://www.pcworld.com/article/163409/article.html?tk=nl_dnxnws
http://threatpost.com/en_us/blogs/new-spyphone-iphone-app-can-harvest-personal-data-120409?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular
http://www.flexispy.com/spyphone-call-interceptor-gps-tracker-symbian.htm
http://en.wikipedia.org/wiki/SMS_spoofing
So putting together these “weak” defences cannot prevent fraud.
Why browser cannot be “fixed”? Because fixing the browser will make Internet inoperable. Fraudsters use the same functionalities that run our day-to-day activities.
So if browser communications are infiltrated – one should use “out-of-band” communication, that are beyond the reach of fraudsters. We need to perform strong user authentication, transaction content acquisition and transaction integrity confirmation – all outside the browser channel. This is what we do with our Transaction Verification solution:
http://www.sentry-com.net/Transaction.html
Tags: Identity Fraud, transaction verification
Posted in ID theft | No Comments »
November 18th, 2009
Cloud computing changes the way we think about computing by removing the specifics of location from its resources. Cloud computing can be thought of as radical deperimeterization; similarly to the way that we think about the network itself as an abstract cloud of network links, cloud computing abstracts all computing and networking resources. However, in divorcing components from location, this creates security issues that result from this lack of any perimeter. In such a world, there is only one way to secure the computing resources: strong encryption and scalable key management.
Encryption is needed for security , but in order to turn data file usable – it must be decrypted . Decrypted data becomes insecure. This is the oxymoron of Cloud Storage: you cannot be secure and usable on the cloud. Either your application must be able to work with encrypted data , or decryption must be done outside of the cloud.
Strong encryption with key management is the core mechanism that cloud computing systems must use to protect data. Encrypted data is intrinsically protected; if someone has the data without its corresponding keys, they cannot use the data at all. The encryption provides resource protection while key management mediates access to these resources. Encryption not only protects the data while it is in transit, but while it is at rest. The radical deperimeterization that cloud computing provides blurs the very distinction between data that is at rest or in motion. Using encrypted data requires both the encrypted data and the keys that encrypt that data. By separating the data and the keys, we can create a chain of separation as well as a chain of custody with two or three parties involved at each step.
Segregating the key management from the cloud provider hosting the data, creates a chain of separation. This protects both the cloud provider and customer from conflict when being compelled to provide data due to a legal mandate.
It should be emphasized that no decryption is to be performed on the cloud, since decrypted file copy can remain “naked” on publicly accesible computer. Cloud merely serves stored file to users and decryption is to be performed on their computers.
This approach is not applicable for mission-critical number crunching using Cloud CPU and encrypted data. In other words we are not dealing with homomorphic encryption concept.
Therefore in order to address the privacy concerns of Public Cloud Storage users – we need to resolve 2 issues:
1. who is entitled to decrypt the data stored on the cloud
2. where this data may be decrypted.
Where this can be applied: for example if today’s emerging online repositories for personal health data, such as Google Health and Microsoft HealthVault, could link up with the growing number of electronic records systems at hospitals in a way that keeps private data protected at all times. The resulting medical megacloud could spread existing applications cheaply and efficiently to all corners of the medical profession. Doctors could easily compare patients’ MRI scans, for example, with those of other patients around the country, and delve into vast databases to analyze the efficacy of treatments and prevention measures.
In this regard the need may exist to limit geographically data file transfer , for example from EU to third country. Therefore we may restrict decryption only to EU countries and exclude all others.
Tags: Cloud Computing, Secure Storage, Software-as-a-Service
Posted in general | No Comments »
September 23rd, 2009
Before making a final selection as to the authentication solution that will work best, organizations must consider their user authentication needs, the threats targeting their business, their business objectives, and the regulatory guidelines that impact their industry.
The Need for Strong Authentication:
1.Movement of new business applications online:
many organizations are starting to offer more Web-based business applications.
2.Increased demand for remote access:
The global nature of business and employee mobility has forced many organizations to provide anytime, anywhere access to enable employee productivity.
3.Access privileges to new user populations:
Contractors, partners and suppliers now require on-demand access to proprietary information .
4.Increase in customer-facing portals:
to provide real-time access and the ability to manage account information online.
5.Regulatory compliance:
to enact security measures that prevent unauthorized access to information.
6. Advanced threats:
· For enterprise users to protect against unauthorized access to critical business information and to combat the risk of the insider threat.
· For customers to protect against the threat of phishing, Trojans and other forms of malware.
Weak password-based authentication continues to dominate. Many forget that while being “free” – it cost a lot for reset according to Forrester Research, the average help desk labor cost for a single password reset is about $70.
Choosing the best authentication solution:
In choosing the best authentication solution – the following criteria needs to be taken into account:
– Control over the end user environment such as operating system
– Access methods to be used: web-based and/or non-web based
– The demand for anywhere, anytime access: the need to accommodate user access from varying remote locations.
– The need for file encryption and digital signature
– Advanced Fraud prevention capabilities.
– Usability and Convenience
– Cost Constraints
SentryCom Managed Authentication & Crypto (MAC) service provides the most balanced solution for the problem:
1. Being Software-as-a-Service (SaaS) solution – it provides the most cost-effective solution as compared to any other hardware-based alternative.
2. It is also the most convenient solution as compared to any other hardware-based alternative.
3. It provides one-of-a-kind Advanced Fraud prevention capabilities for Online Transaction Verification.
4. It incorporates state-of-the art Crypto technologies for encryption and digital signature.
5. It allows user access from various remote locations
6. It allows both web-based and non-web-based access.
7. It runs on MS Windows and MS Internet Explorer – which hold the lion share of computers worldwide.
Tags: authentication, authentication service, ID fraud, Managed Authentication, Strong Authentication
Posted in general | No Comments »
May 26th, 2009
Transaction Verification involves three basic processes:
1. User authentication.
2. Automatic Web Fraud Detection.
3. Manual transaction authorization.
In B2C environment user authentication is used mainly for Online Banking. In E-Commerce it used in Loyalty Programs (such as Frequent Flier, etc.). User authentication is used mainly for login and its strength varies according to the status/cost constraints (strong authentication for VIPs (i.e. 2-factor OTP tokens) and weaker authentication (i.e. passwords) for the rest of the population).
Automatic Web Fraud detection looks for additional behavior-based factors. For example: if credit cardholder is not traveling –it represents 69% chance of Fraud of Airline Tickets booking, In other words a lot of people buy airline tickets for other people (31%) and this is not a fraud.
Gartner estimates that Web Fraud detection to be accurate in ~70% of the cases and ~30% of the cases are routed for manual transaction verification. For example -about 32% of the airline companies are contacting customers by phone or SMS to verify order.
All together this scheme cost ~$1/user annually for Web Fraud Detection Engine and ~$3/per manual transaction. But this scheme is not perfect – about 1.8% of the revenue is lost to the fraud and another 2.5% of the revenue is lost because of rejection of legitimate transactions.
Recent “advancement” in Identity Fraud sophistication may increase these losses tremendously:
SilentBanker Trojan has shown to defeat both user authentication (2-factor OTP token that costs ~$12/user annually) and Automatic Web Fraud Detection.
Fraudsters also demonstrated that they are capable of defeating user callback via phone or SMS.
So we expect that much more will be lost to the Identity Fraud than previously reported.
Can we prevent it without increasing current spending level for Identity Fraud prevention? The answer is yes. Moreover, we can drastically reduce the levels of Identity Fraud revenue losses and at the same time to reduce the current spending level of Identity Fraud prevention.
The following table ( left column) summarises simulation of customer case with 100,000 active users performing 1,000,000 transactions a year , of $500 on average , the customer provided its users with OTP token ($12/user/year) , uses Web Fraud detection ($1/user/year) and manual transaction authorisation ($3/transaction) in 30% of the transactions.
ROI for transaction verification
The right column summarises the situation where OTP tokens were replaced with SentryCom SaaS subscription ($12/user/year). This resulted in decrease of number of manual authorisations from 30% to 3%. As the result -overall cost of Identity Fraud prevention was reduced by 37%.
Identity Fraud losses reduction is even more dramatic. Since number of manual authorisations is decreased 10-fold – the Identity Fraud losses will decrease 10-fold as well (90% decrease)!
Tags: ID fraud, ROI, transaction verification
Posted in ID theft, general | 1 Comment »
