The Fort Knox Syndrome
The conventional risk model used in IT security is that of a link chain. The system is seen as a chain of events, where the weakest link is found and made stronger. But this approach is bound to fail.
Contact us. We can provide a fresh exploration in various areas of current and emerging IT security technology and compliance.
Free for Patients: HIPAA-Compliant Patient-Physician Email
NMA ZSentry™ Technology
Audience: CIO, IT professionals, security and application developers, SaaS developers.
NMA ZSentry technology shifts the information security solution space from the yet-unsolved security problem of protecting servers and clients against penetration attacks to a connection reliability problem that is solved by NMA today.
NMA ZSentry ServicesZSentry services work with existing, familiar applications and desktop systems. There is no plug-in or installation.
ZSentry services provide a secure Services-Oriented Architecture (SOA) located as a middleware between your business processes and the infrastructure needed to execute them. The infrastructure may be provided on-site and on-demand by means of "cloud computing" and SaaS (Software-as-a-Service). A number of ZSentry services are available on-demand, including free offers for tests. On-site and customized ZSentry services can be promptly developed upon request.
Complete Two-Factor Authentication and Authorization SolutionZSentry and ZSentryID solutions provide two-factor authentication and authorization, spoof and phishing prevention, and access control with key management services.
With ZSentry, users enter their login username (called a usercode or DTC) and password for authentication —just like the familiar username / password procedure— but in two steps, providing phishing and spoofing prevention by mutual authentication. Unlike conventional username / password systems, the ZSentry username and password are not stored anywhere. That ZSentry is actually usable by users, with no prior training required, is a very important factor to assure compliance to security requirements by all personnel involved.
With ZSentryID, there is an additional step where the user enters a one-time code after their successful ZSentry login. The ZSentryID software generates the one-time code and delivers it immediately to the user's mobile phone, pager, PDA or e-mail account. The one-time codes are, typically, valid for 60 seconds and can only be entered in the same browser's page.
How ZSentry Works
Spoof Prevention Sentry: prevents a user from relying on false information that masquerades as legitimate.
Authentication Sentry: controls the corroboration of a credential or claim.
Access Control Sentry: grants access to objects, based on the trusted identity of users.
One-Time-Code Sentry: only authorized users are allowed entry, even if a user's credentials are compromised.
ZSentryID: adds a one-time-code Sentry with second-channel authentication.
ZSentry works by first issuing to each user a digital certificate (the DTC™, or Digital Transaction Certificate) — for example, 4KALEP. The usercode (DTC) value is unpredictable and its use is protected by a user-defined password.
The usercode and the password values are, together, sufficiently unpredictable to prevent dictionary or brute-force attacks within the operational parameters. ZSentry does not have or access copies of the usercodes or passwords — there are no user login targets to be attacked and cracked.
There are a number of ways to issue the DTC to each user. For example, by email and, at the same time, authenticating the user's mailbox by cryptographic challenge-response.
The DTC is compact, mnemonic and can be typed by the user for access authorization to use ZSentry, as if it were a username or usercode.
The usercode and the password provide standards-compliant two-factor authentication. Mutual authentication is also provided for spoof and phishing prevention, with registered users authenticating the server first, in a two-phase process.
In the first authentication phase, the user submits the usercode (the DTC). Afterwards, but before the user inputs the password, the server using the ZSentry technology provides a Return Code (RC) for visual authentication by the user. The RC is previously known to the user but was not provided to or exists in the server. This is the second phase of the ZSentry authentication process and provides protection against server phishing and spoofing, as the ZSentry server must have the correct key to calculate the correct Return Code. If the RC displayed matches the RC known to the user, the user inputs the password. If the password is validated using the user's previously submitted usercode (DTC) and a Service-supplied key (ZSentry-supplied key does not depend on the user), then mutual authentication is completed to grant user access and the user access keys are calculated by ZSentry.
The ZSentry user authentication process is done under trusted third party server-authenticated SSL access, preventing man-in-the-middle attacks. Even though SSL cannot prevent spoofing, phishing and pharming attacks, the combination of SSL and ZSentry user authentication can.
ZSentry technology contrasts with other communication security technologies in that there are no private-keys stored anywhere. For example, with PKI/X.509 (Public-Key Infrastructure) and PGP™ (Pretty Good Privacy), a user's private-key is embedded in a password-protected file that can be attacked and cracked. With IBE (Identity-Based Encryption, Voltage™ and MessageGuard™), the private-keys of all users are available to third-parties without user authorization (mandatory key-escrow). With SSL/TSL (e.g., as used by Postini™), messages are only encrypted in-between servers, so that third parties can compromise message security and integrity at the security-gaps created between servers (not only at Postini but also at the user's ISP, DSL provider, and any other intervening server or cache system), and at the user's machine.
With ZSentry technology, message security has to do more with server availability assurance (in terms of connection reliability to access the service when desired, which can be easily mitigated by server replication) rather than assurances on data confidentiality and data integrity at the server or the user's machine ("any computer can be compromised"). ZSentry shifts the information security solution space from the yet-unsolved security problem of protecting servers and clients against penetration attacks to a connection reliability problem that is easily solved today.
User authentication by ZSentry operates with the simplicity of conventional password systems but without their security limitations. ZSentry largely avoids user education, directly supports usability, and reduces risk both to the user and the service provider.
ZSentry technology fully protects personal and other sensitive information against inappropriate and unauthorized use and disclosure, whether due to external or internal attacks. Usercodes, passwords and user access keys are provided by the ZSentry technology and are not stored. ZSentry protects both the privacy of customer data and the keys that protect the privacy. Customer access audit trails and customer data storage can be maintained with encrypted, de-identified numbers. With ZSentry™ protection, if security is breached no customer access data or customer data can be recognized or accessed.
ZSentry technology provides a proven anti-phishing solution and two-factor authentication to protect user passwords from someone trying to guess them, in dictionary or brute-force attacks, which protection works together with additional customer access protection methods.
We understand trust as qualified reliance on information, based on factors independent of that information [Gerck, 1997]. ZSentry and ZSentryID enable trust to be earned by using multiple channels of information to both provide information and qualify information reliance.
Reduces Liability, Complexity and Costs
ZSentry and ZSentryID work without password lists, access control databases, shared secrets and PKI, providing two-factor user authentication and authorization that is easy-to-use and easy-to-deploy for a variety of applications including VPN, Web, Active Directory, LDAP, RADIUS Authentication, File Control, Document Signing, Wireless Transactions, and 802.11 Wireless LAN. Cryptographic key-management is also provided by ZSentry and ZSentryID.
ZSentryID Reduces Costs And Is Compatible With Your Infrastructure
ZSentryID takes advantage of mobile phones and pagers —devices that users already have and know how to use— to create a second authentication channel and send the one-time authentication code required from a user. By means of plug-ins that can be supplied by NMA upon request, your existing firewalls, network access servers, VPNs and Web applications can readily support ZSentryID two-factor two-channel authentication.
Secure Access With Flexibility
You have the flexibility to combine ZSentryID with ZSentry, allowing access to some resources to be authorized without entering a one-time code. This is useful as a fall-back option in case there is no mobile phone or pager service, or as another access class.
ZAuthority = Centralized User Administration
Use ZAuthority to easily issue ZSentry and ZSentryID credentials with centralized user administration and control delegation.
Secure And Usable
To support usability, the ZSentry technology has simple, effective rules allowing complex patterns to be expressed as desired, rather than rules that require complexity from the start. Applications developed using ZSentry technology can be, at the same time, Secure And Usable.
Very Simple to Use
With ZAuthority, users and managers can request, activate, suspend, revoke and automatically bind ZSentry/ZSentryID credentials to specific access control information. Managers have approval authority on all matters. Approval authority can be conditionally delegated to users and sub-managers. Events can be securely audited, developing trust and supporting non-repudiation.
Very Simple to Deploy
ZSentry Documentation >>
ZSentryID Documentation >>
ZAuthority Documentation >>
[E. Gerck, 1997]: trust is defined narrowly, as "reliance on qualified information". Trust is quantified in terms of extent of reliance (larger extent, more trust). A decision to trust someone, the source of a communication, the name on a certificate, or a record must be based on factors outside the assertion of trustworthiness that the entity makes for itself. More factors, and more variety of factors, may lead to a higher trust value. They may also lead to a lower value, by uncovering elements of distrust. The final trust value can be positive, zero, or negative (distrust).
In Information Theory terms, trust is equivalently and formally defined by Gerck as "Trust is that which is essential to a communication channel but cannot be transferred through that channel". This definition can be applied to derive "domain-definitions" of trust, valid in an specific application domain and coherent with the formal definition. For example, "Trust about an entity's behavior on matters of x is that which an observer has estimated at epoch T with a variance as small as desired", "trust is that which provides meaning to information", and "trust is open-loop control."
Trust can also be viewed as that which can break a security design. In other words, when we trust A on matters of X, if that trust fails then we have to assume that "matters of X" can take on any possible value — for example, a value that we may not expect or want. ZSentry uses the principle that, for higher assurance, it is better to control than to trust ("Trust is Good, Control is Better"). However, in verifying information (especially online), one is often limited in what can be directly controlled and verified. That is when trust may be used, but it must be used well.
Trust can be applied to prevent both faults and fraud, where we start with a "Default Denial" policy that also originates from trust considerations —trust is earned. In other words, everything is denied until acceptable proof that it should not be. And acceptable proof must come in more than one way, and must be verified in more than one way, as qualified reliance on information.
See "Trust Points", Digital Certificates: Applied Internet Security by J. Feghhi, J. Feghhi and P. Williams, Addison-Wesley, ISBN 0-20-130980-7, 1998. See also Trust as Qualified Reliance on Information, Part I and Toward Real-World Models of Trust: Reliance on Received Information.
Secure and Usable
We note that because simplicity is also a basic principle for increased security, usability and security are not in some a priori conflict with each other — contrary to common opinion, there should be no fundamental need to balance security with usability.
Background — Eliminating The External Reference System
In addition to the definition of trust in 1997, the ZSentry innovative solution to security has
other roots in 1997, in discussions at the MCWG (Meta-Certificate Working Group, reference below).
In order to be able to measure distance, we need to define an external reference system. Likewise, in order to distinguish one email user from another (to measure their "distance"), we need to define external references. For example, a common password list, or private-public key pairs that link to a common root.
In either case, we can define any number of external reference systems that we may want. However, independently of the reference system used in the measurement, it turns out that the distance measured between any two given points remains the same; likewise, two distinct users should remain distinct independently of the CA (Certificate Authority, in PKI) or authentication provider used.
This observation has a more profound significance than just making ZSentry CA-agnostic. It means that, even though we seem to need to use an external reference system to measure distance, and to correctly recognize different users, there must be some inner cancellation mechanism at play that cancels out the contribution from the external reference system — for any system — so that it does not actually matter which system we take.
Why, then, do we need an external reference system?
This is a paradigm-change type of question. It turns out that, indeed, we do not. Both in geometrical measurements (with differential geometry) as well as in communication security terms (see Gerck, Ed, Certification: Extrinsic, Intrinsic and Combined, published online by the MCWG in June, 1997), distance can be measured without an external reference system.
In communication security terms, there is an additional, critical advantage of eliminating the external reference system.
An external reference system is a target that can be attacked, no matter how protected. Insider attacks are notoriously hard to defend against. Buffer overflow, race conditions, bugs and faults are impossible to avoid completely. As commonly stated, "Regardless of how safe and secure people claim something like this is, there is always someone who can crack it.". However, by eliminating the external reference system — the target — an attack on the external reference system becomes impossible. One cannot attack what does not exist.
Employment Legal Statement Privacy Statement
Contents of this entire site are © Copyright, NMA Inc., 2009. Titles and product names are trademarks of NMA, Inc. as described in our Legal Statement.