Vantage
feature

YOU PROBABLY HAVEN’T stopped to consider the possibility that your mother or your pet might be enabling hackers to use your personal information for their own nefarious purposes. Yet they could.

If you’ve ever used a computer to purchase something over the Internet or created an account at almost any website, there’s a good chance you’ve provided some additional security information for your convenience in case you forget your login or password. Perhaps it was your mother’s maiden name, the name of your first pet or the city where you were born. But in the hands of a hacker — or even an unauthorized corporate employee — that clue provides access to your personal information at perhaps dozens of websites and information sources.

With the dramatic rise in identity theft, protecting personal information is more important than ever. That’s why the engineers at RSA Laboratories are working on technologies that provide the opportunity to protect important data — even if the traditional security surrounding your online data has failed.

“Wouldn’t it be great if a system could tolerate some amount of compromise and still maintain security?” asks Burt Kaliski, director and chief scientist at RSA Laboratories. “Data splitting is an approach that enables organizations to store information in multiple places so that none of the individual pieces reveals anything about the true nature of the data.”

Data splitting does not simply split data down the middle, since that might provide a predictable clue to hackers. For example, breaking a Social Security number in half still provides sufficient information for a good hacker to guess the remainder. But splitting it by picking two individual numbers that when added together will equal the Social Security number is a much more secure approach, since it’s impossible to infer any information about the other portion of the answer from just one of the numbers.

A GROWING TREND
Although it’s not new, data splitting is drawing attention today because it addresses the growing need of many organizations to protect information that might be outside the scope of traditional systems of record or data that are used primarily to authenticate users.

For example, while many companies maintain information about their customers, most of this data is business-related, such as a customer’s purchasing history. Increasingly, though, companies store personal information (such as your mother’s maiden name) that is not needed for business reasons, but simply for convenience. If you lose your password or forget your login information, you can retrieve it automatically without placing a call to the helpdesk. Other organizations, such as credit bureaus and government agencies, consider this information part of a security verification approach for users who access information infrequently.

Frequently called knowledge-based authentication (or life questions or challenge questions), such information in the wrong hands could be used to gain unauthorized access to a wide variety of private data stores or websites. As a result, companies must secure traditional customer data as well as any information based on knowledge- based authentication. “We expect to see an increasing burden on companies to protect such private data from both external and internal attacks because of the threat of identify theft,” says Kaliski.

To combat identity theft, organizations must not only prevent intrusions, but they must also make it more difficult to steal private data even after an intrusion occurs. Data splitting provides this needed intrusion resilience because it allows companies to tolerate some amount of compromised system security and still protect their data.

Top

ORIGINS AND OPPORTUNITIES
In a 1979 paper, “How to Share a Secret” [available for a fee at http://portal.acm.org] RSA Security co-founder Adi Shamir first defined the process for protecting data that has been split into multiple parts and verifying potential answers without revealing the correct answer. The paper detailed a mathematical approach for sharing data among a predetermined number of shareholders, as well as a way of independently
defining the number of shareholders needed to confirm a proposed answer. Thus, while a secret can be split across any number of different shareholders (five, for example), it’s possible to consult as few as two to determine an answer match. (This type of implementation would be termed a two-out-of-five secret-sharing scheme.)

In addition to security, data splitting and shared-secret solutions provide other benefits. For example, they can be designed to have no single point of failure and some level of redundancy — attributes that have become increasingly important in our 24/7
world. The protected data also can be stored in individual, geographically distributed sites that can be managed separately, requiring that attacks even from internal hackers would have to compromise more than one site.

Implementation is fairly easy, since it doesn’t change the way people use applications, only the back-end verification process. “Data splitting is a low-risk solution for adding protection to online data and reduces potential corporate risk in a way that doesn’t add anything to the user interaction process,” says Kaliski. “Data can be split behind the scenes without any changes to the user’s experience, and the verification of answers appears exactly the same as the standard approach to the user.”

To date, this type of secret sharing has primarily been used in ultra-high-security situations, such as financial institutions. For example, a bank’s highest-value messages might typically be signed with keys that have been split into shares for added protection against both internal and external compromise. The scientists at RSA Laboratories believe projects such as Nightingale™ [see “Behind the Code,”] provide a strong solution to secure the ever-widening use of knowledge-based authentication answers that Internet users are being asked to provide. “We believe that enterprises can benefit from the security and protection that data splitting can provide,” says Kaliski.

By David A. Kelly
Ilustration by Adam McCaluley

Top

ABOUT RSA LABORATORIES
WHAT: RSA Laboratories
ESTABLISHED: 1991
MISSION: To identify new technologies or concepts that can be applied across
RSA Security Inc.’s lines of business
WHAT IT IS: RSA Laboratories specializes in pursuing a variety of potential longterm research projects that may have strategic impact on new product development, business partnerships or lines of business. It typically concentrates significant resources on selected projects of exceptional significance while working continually to identify and develop a much broader range of research projects that are still in their early stages. For information on another of RSA Laboratories’ current projects, see “The Ins and Outs — and Ways Around — RFID Tags” in the first issue of Vantage magazine.

 

BEHIND THE CODE
FACTS ABOUT
NIGHTINGALE™ AND
“ZERO KNOWLEDGE”

Nightingale™ is an RSA Laboratories project, spearheaded by Burt Kaliski, John Brainard, Ari Juels and Mike Szydlo, that uses data splitting to protect digital assets even after hackers have gained access to individual data stores. Nightingale protects data by splitting it into pieces and storing the pieces in encrypted form in multiple servers or locations.

While it sounds relatively easy to split data to protect it, doing so securely requires some sophisticated mathematical algorithms. Consider the problem: once a piece of data is split across multiple sites, potential answers need to be compared without reassembling the answer and revealing it to the other sites. In essence, each site where a shared secret is stored has to be able to validate potential answers independently. By using a technique called “Zero Knowledge,” data splitting allows both sides to send messages back and forth to determine the correctness (or incorrectness) of the result while maintaining the secrecy of the answer.

For more information, click here.

Copyright® 2004 RSA Security. All rights reserved.
RSA Securityhome