George Wainblat

George Wainblat

George Wainblat joined Unbound in June 2017 as Director of Product Management. George brings a wealth of experience in leading multi-disciplinary product, engineering and business units at global hi-tech companies as well as startups.

Software Crypto-Anchors: Not An Oxymoron

Preface

In this blog post, we’ll review some of the greatest breaches of 2017, and how they could have been avoided by proper use of encryption and key management best practices, including crypto-anchors.

So without further ado, here is the list:

Equifax

Equifax, one of the three largest credit agencies in the U.S., suffered a breach that may affect 143 million consumers. The compromised information included full names, birth dates, Social Security numbers, addresses, and more. Furthermore, the stolen data included around 200,000 credit card numbers and almost 200,000 additional documents containing personal-identifying information. Due to the sensitivity of data stolen, it is hailed as one of the worst breaches ever. The breach is said to have occurred due to a vulnerability found in an open source software used by Equifax which allowed attackers to access the sensitive registries.

OneLogin

OneLogin, a San Francisco-based company that allows users to manage logins to multiple sites and apps through a cloud-based platform, reported a troubling data breach. OneLogin provides single sign-on and identity management for about 2,000 companies in 44 countries, over 300 app vendors and more than 70 software-as-a-service providers. A threat actor obtained access to a set of AWS keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the US. An attacker obtained and used highly-sensitive keys for its Amazon-hosted cloud instance from an intermediate host–effectively breaking into its service using its front-door key. The company added that while it encrypts sensitive data, the attacker may have “obtained the ability to decrypt” some information.

Forever 21

Clothing retailer Forever 21 announced that some of its customers may have been affected by a potential data breach. Upon receiving a tip from a third-party, Forever 21 launched an investigation and found certain point-of-sale (PoS) devices were compromised—likely between March and October of this year. The company said while it implemented “encryption and tokenization solutions” in 2015, it appears that the targeted PoS devices had encryption that was not actually operating. According to newest payment card security incident report, Forever 21 explained that in addition to the lack of encryption in some of the retail stores’ POS devices, investigators hired in October “found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data.”

While these breaches are indeed unique, they still have a common denominator–if you lose the encrypted data with the encryption keys – it’s “game over”, as the malicious adversary can decrypt the data at will.  In the next part, we’ll demonstrate how these and probably many more cyber attacks and data breaches could be prevented altogether.

Software Crypto Anchors

A critical security best practice to prevent hearing about your company in the headlines is to keep the sensitive data encrypted both in transit and at rest. This requires first mapping various data sources and their classification. Once this is achieved, the weight shifts to the proper protection of encryption keys, as in today’s world they are the keys to the digital kingdom. In order to prevent hackers from decrypting huge masses of restricted information (often including a lion’s share of customer’s PII data), there is a need first to prevent the key compromise, because otherwise the attacker can decrypt the information at will. In addition, one must circumvent out-of-ordinary usage key usage. Crypto anchors are all about preventing the first possibility from taking place, and monitoring and/or proactively preventing the second one.

In other words, following the maritime metaphor, there is a need to tie the encryption keys to some sort of anchor, that cannot be moved or stolen, due to its properties. HSMs (hardware security module), as was suggested by Diogo Mónica in his seminal blog, though this modus operandi is extremely difficult and cumbersome. Not many organizations have the large and skilled teams to operate HSMs at this level. HSMs are physical dedicated servers that are hardware designed to keep the keys secure, but they are notoriously known for been hard to operate, rigid and inflexible, lacking the suitability for today’s software and cloud-based world. While HSMs had their place in the legacy topologies of on-premises data centers, with the ever-growing move to the cloud, one cannot simply cloudify a purpose-built hardware appliance, without severely compromising the architecture and usability.

With the introduction of vHSM technology this approach is taken to next level, offering the first mathematically-guaranteed protection for cryptographic keys and secrets in a pure-software solution that runs on any endpoint, server or cloud, at a security level comparable with physical HSMs.  Software Defined Cryptography safeguards keys and secrets at all times (in memory, on disk, in network), ensuring that they are never exposed throughout their entire lifecycle. Using this technology, one can provide a software based crypto anchor, enabling enterprises to create an exfiltration resistant architecture for their infrastructure by making crypto anchors accessible to the majority of the market, not only those with massive IT teams that are well versed with advanced operational knowledge of HSMs.

The following figure depicts the underlying principle of the software crypto-anchor—the hacker is trying to steal the encrypted data from a database, but the ex-filtration is futile as the keys that used to encrypt the data are safeguarded within the software boundary of the Software-Defined Cryptography (SDC) system.

 

 

In addition to making the encryption keys dissolve, essentially disappearing under the nose, there is a strong need to monitor and enforce policies on the key’s usage through the key lifecycle (generation, distribution, usage, storage, rotation, backup and destruction).

Utilizing a module that can correlate and enforce the keys usage within the SDC system (according to certain parameters such as threshold, low & slow, gradual change over time, crypto-commands analysis, user’s commands, etc.) and alert accordingly. This can allow to detect and prevent malicious usage, detecting hackers breach attempts, rogue insiders or well-meaning employees that make honest mistakes.

Summary

Applying software crypto-anchors approach allows to couple the security of the data with the security of the cryptographic keys. As the protection of the data shifts from safeguarding the data itself to the security of the encryption keys, key protection and management become the highest priority task. SDC technology ensures that the keys are never exposed, while allowing strict policy enforcement on keys usage, enables the protection of your enterprise from making tomorrow’s headlines in this negative context.

 

 

Subscribe to BLOG

shares