Split-value Cryptographic Authentication: Building Advanced Threat Resistant Software

Advanced Threats are deeply impacting the way we develop secure products by fundamentally changing our working assumptions. We used to design and develop products to be attack resistant assuming that the environment where they will be deployed may be compromised. We now have to develop and design products assuming that every system in the customer environment, in the development environment and in the supply chain may be compromised.

I have written about this fundamental shift in a recent issue of IEEE Security and Privacy Magazine. It impacts:

  • How products are designed to better resist Advanced Threats
  • How technology providers secure their development environment to ensure the integrity and authenticity of the software they develop
  • How technology providers manage their own supply chain to avoid counterfeited or tainted components.

RSA’s newly announced Distributed Credential Protection (DCP) is a perfect illustration of the innovative design that helps build software that better resists Advanced Threats.

For almost 40 years, multiple generations of security architecture for distributed systems have been built around the concept of a Trusted Third Party, a server trusted by all parties involved in the secure communication exchange. Examples include the key server in the Needham–Schroeder Symmetric Key Protocol or in Kerberos as well as the Certification Authority in Public Key Cryptosystems.

With Advanced Threats, trusted third parties have become a “single point of security failure.” If attackers control the trusted system, the game is over.

We need new security designs for this new world.  Split-value cryptographic authentication, as implemented in RSA Distributed Credential Protection exemplifies an Advanced Threat-resistant security design. It was invented by RSA Labs several years ago as a way to store and verify authentication secrets in a way that cannot be compromised even if any one of the systems involved in the authentication process is compromised. The principle is pretty straightforward and involves the use of random numbers and XOR transformations:

RSA Distributed Credential Protection Principles

  1. Before it is stored, the password is transformed with a random number. The random number is stored in one server (“red” server) and the transformed password in a different server (“blue” server). Compromising one server is not sufficient to compromise the password.
  2. At regular time intervals, a new random number is generated and both servers are updated with the new random number value, adding a time-based layer of protection:  Both servers must be compromised at the same time for the password to be compromised.
  3. When an application needs to verify a password, the claimed password transformed with a new random number is sent to the “blue” server while the random number is sent to the “red” server. Each server can execute a new transformation involving the stored data and validate whether the claimed password matches the stored password without exposing the legitimate password

Split-value cryptographic authentication opens new opportunities to software developers worldwide to start developing Advanced Threat-resistant software.

This is just a start. Advanced Threats are changing our trust assumptions and have technical and operational impact on how we approach security. In the area of secure application design, we should expect more innovations like split-value cryptographic authentication to emerge to help build Advanced Threat-resistant software.

About the Author: Eric Baize

Throughout his career, Eric Baize has been passionate about building security and privacy into systems and technology from design to deployment. He currently leads Dell EMC’s Product Security Office and serves as Chairman of SAFECode, an industry-led non-profit organization dedicated to advancing software and supply chain security best practices. At Dell EMC, Eric leads the team that sets the standards and practices for all aspects of product security for the product portfolio: Vulnerability response, secure development, consistent security architecture, and code integrity. Eric joined Dell through its combination with EMC where he built EMC’s highly successful product security program from the ground up and was a founding member of the leadership team that drove EMC’s acquisition of RSA Security in 2006. He later led RSA’s strategy for cloud and virtualization. Prior to joining EMC in 2002, Eric held various positions for Groupe Bull in Europe and in the US. Eric has been a member of the SAFECode Board of Directors since the organization was founded in 2007 and also serves on the BSIMM Board of Advisors. He holds multiple U.S. patents, has authored international security standards, is a regular speaker at industry conferences and has been quoted in leading print and online news media. Eric holds a Masters of Engineering degree in Computer Science from Ecole Nationale Supérieure des Télécommunications de Bretagne, France and is a Certified Information Security Manager. Follow Eric Baize on Twitter: @ericbaize
Topics in this article