This Register blog post shows precisely why older static and complicated public key infrastructure (PKI)-oriented key management models introduce more risk from user error and have catastrophic consequences if exposed. Their origins in the pre-web era’s epoch may have worked for a few techy users, but that’s quite different to today’s high threat, highly connected internet.
While this particular key might be used for all sorts of things like signing documents, patches, it could also be used for decrypting email. What’s worse is there’s no easy way to easily revoke PGP (Pretty Good Privacy) keys apart from a lot of manual digging and hard coding efforts. Messy indeed. This key leakage likely happened because ownership and control over the key itself was handled by someone who was not expert in key management – who exposed it by accident to the planet.
Yet that’s pretty much what most everyday internet users are – not experts in key management – and neither should they be. Secure Email communications should not be for the realm of the few experts that can figure out complicated key management, key splitting, private/public components and protection. Yes, users should be aware of strong passwords and good internet practice, but not have to be deep experts. That would be a bit like requiring you to be an expert in lock technology every time you wanted to pop out to the shops and come back to unlock your front door.
This is why a technology called Identity-Based Encryption (IBE) was invented by the founders of Voltage Security with crypto experts at Stanford, like Dr. Dan Boneh, and why SecureMail was created to make secure email communications much easier without end users having to worry about keys, key management and all the mess and great responsibility that comes with it.
With IBE, a well-accepted standard (IEEE, ISO etc), a person’s identity and other easy-to-manage parameters (like time of day) becomes their public key. The actual keys used to encrypt and decrypt are generated on the fly using state-of-the-art cryptography in real time. This means that keys don’t need to be stored or managed by people, but computed on demand. This stateless model also means avoiding the dreaded key store, database or vault which itself is a pain to manage and backup, and a target for attack and creates its own share of messy problems. Nobody wants to be the key-store backup guy taking every Friday to sync and restore a load of PGP keys that are keys to the kingdom.
With IBE, this modern on-demand generation also permits total control based on changing risk scenarios when deciding accesses to data. Unlike PGP where the key has to be locally unlocked by that end user again from a local file or store, IBE separates authentication and key generation. So, we can make good decisions at the time we need the key. Do I trust the end user right now? Are they authentic? Is their history of behavior showing a sign they are compromised and keys should not be generated, or is the user in a trusted location and this allowed to access data? That’s far more aligned to today’s risk-driven need for privacy and security. Also, problems like meeting e-discovery needs for court responses or allowing DLP systems to decrypt to see content before transmission are all solved by this stateless, IBE approach. Powerful stuff indeed, and a perfect balance of providing enterprise control with support for legal or government processes – controlled by the data owner at all times.
In addition, unlike PKI and PGP where your key has to be good….well, more or less forever, IBE keys are automatically rotated by time as it changes – automatically. So a compromise of a privacy key like in the above new story doesn’t create a “forever fixing it” problem that the PGP users are now going to have to figure out, it only impacts a small portion of time – and data processed in it. Risk is easier to manage, even in a compromise.
If you’d like to try this for yourself, you can. SecureMail cloud has free trials, and enterprises interested in a simpler, more friendly yet end-to-end secured email solution should take a look at SecureMail.
This is a Security Bloggers Network syndicated blog post authored by Mark Bower. Read the original post at: HPE Security – Data Security