Split-value Cryptographic Authentication: Building Advanced Threat-Resistant Software
RSA’s newly announced Distributed Credential Protection (DCP) is a perfect illustration of the innovative design that helps build software that better resists Advanced Threats.
For almost 40 years, multiple generations of security architecture for distributed systems have been built around the concept of a Trusted Third Party, a server trusted by all parties involved in the secure communication exchange. Examples include the key server in the Needham–Schroeder Symmetric Key Protocol or in Kerberos as well as the Certification Authority in Public Key Cryptosystems.
With Advanced Threats, trusted third parties have become a “single point of security failure.” If attackers control the trusted system, the game is over.
We need new security designs for this new world. Split-value cryptographic authentication, as implemented in RSA Distributed Credential Protection exemplifies an Advanced Threat-resistant security design. It was invented by RSA Labs several years ago as a way to store and verify authentication secrets in a way that cannot be compromised even if any one of the systems involved in the authentication process is compromised. The principle is pretty straightforward and involves the use of random numbers and XOR transformations:
1) Before it is stored, the password is transformed with a random number. The random number is stored in one server (“red” server) and the transformed password in a different server (“blue” server). Compromising one server is not sufficient to compromise the password.
2) At regular time intervals, a new random number is generated and both servers are updated with the new random number value, adding a time-based layer of protection: Both servers must be compromised at the same time for the password to be compromised.
3) When an application needs to verify a password, the claimed password transformed with a new random number is sent to the “blue” server while the random number is sent to the “red” server. Each server can execute a new transformation involving the stored data and validate whether the claimed password matches the stored password without exposing the legitimate password
Split-value cryptographic authentication opens new opportunities to software developers worldwide to start developing Advanced Threat-resistant software.
This is just a start. Advanced Threats are changing our trust assumptions and have technical and operational impact on how we approach security. In the area of secure application design, we should expect more innovations like split-value cryptographic authentication to emerge to help build Advanced Threat-resistant software.
[source]If you enjoyed this post, make sure you subscribe to my RSS feed! Comments are encouraged
For almost 40 years, multiple generations of security architecture for distributed systems have been built around the concept of a Trusted Third Party, a server trusted by all parties involved in the secure communication exchange. Examples include the key server in the Needham–Schroeder Symmetric Key Protocol or in Kerberos as well as the Certification Authority in Public Key Cryptosystems.
With Advanced Threats, trusted third parties have become a “single point of security failure.” If attackers control the trusted system, the game is over.
We need new security designs for this new world. Split-value cryptographic authentication, as implemented in RSA Distributed Credential Protection exemplifies an Advanced Threat-resistant security design. It was invented by RSA Labs several years ago as a way to store and verify authentication secrets in a way that cannot be compromised even if any one of the systems involved in the authentication process is compromised. The principle is pretty straightforward and involves the use of random numbers and XOR transformations:
1) Before it is stored, the password is transformed with a random number. The random number is stored in one server (“red” server) and the transformed password in a different server (“blue” server). Compromising one server is not sufficient to compromise the password.
2) At regular time intervals, a new random number is generated and both servers are updated with the new random number value, adding a time-based layer of protection: Both servers must be compromised at the same time for the password to be compromised.
3) When an application needs to verify a password, the claimed password transformed with a new random number is sent to the “blue” server while the random number is sent to the “red” server. Each server can execute a new transformation involving the stored data and validate whether the claimed password matches the stored password without exposing the legitimate password
Split-value cryptographic authentication opens new opportunities to software developers worldwide to start developing Advanced Threat-resistant software.
This is just a start. Advanced Threats are changing our trust assumptions and have technical and operational impact on how we approach security. In the area of secure application design, we should expect more innovations like split-value cryptographic authentication to emerge to help build Advanced Threat-resistant software.
[source]If you enjoyed this post, make sure you subscribe to my RSS feed! Comments are encouraged