How to evaluate data protection technologies - Mastercard conference
-
Upload
ulf-mattsson -
Category
Technology
-
view
336 -
download
0
description
Transcript of How to evaluate data protection technologies - Mastercard conference
How to Evaluate Data Protection Technologies
Ulf Mattsson, CTO, Protegrity Corporation
Payment System Integrity
Protecting Data in the Enterprise Data Flow
• ‘Information in the wild’- Short lifecycle / High risk
• Temporary information - Short lifecycle / High risk
• Operating information- Typically 1 or more year lifecycle- Broad and diverse computing and database environment
• Decision making information- Typically multi-year lifecycle- Homogeneous computing environment- High volume database analysis
• Archive -Typically multi-year lifecycle -Preserving the ability to retrieve the data in the future is important
POS e-commerce Branch
Aggregation
Operations
Analysis
Archive
Collection
Payment System Integrity
PCI Case Study – Large Retailer
• Minimal impact to the legacy environment– Encrypting PAN in the POS application and decrypting in HQ
server
– Encrypting PAN in databases, transparent to applications
– Software encryption – 10 million transactions per second
• End-to-end encryption within the control of a single enterprise– Modifications of applications, files and databases
– Definition of “Strong cryptography” - PCI DSS Glossary 1.2
– Central management of encryption keys, policy and reporting
– Key Management - Industry Standards are missing (IEEE P1619.3, OASIS/KMIP …)
03
Payment System Integrity 4
End-to-end Encryption - Challenges
• End-to-end encryption in the financial environment– End-to-end encryption is a very difficult thing to accomplish in the financial
environment
– The people and devices at one end do not usually have any relationship (such as shared keys) with those at the other end - things are more point-to-point
– Expanding the scope - flow through the existing payment networks and not break them
– Or change all those networks (not easy!) or provide a separate path for messages using a new scheme
– OASIS/KMIP Key Management is immature in the area of support for banking and finance requirements
– Some vendors add proprietary encryption capability to the terminals themselves
Payment System Integrity 5
Planned Proposal to X9 for New Standard
• Current scope - client-end-terminal to acquirer
– It's not quite clear what direction this will end up taking
– Encryption/decryption to be done in software for performance reasons
• X9 ANSI Standard may be published within 36-40 months
– ASC X9 working group - one initial meeting so far
– More time for people to actually implement it
• Target audience for this guideline or standard
– POS Device Implementers, ATM Implementers, Store Controller Implementers, Retail Host System Implementers, Processing System Implementers and Acquiring System Implementers
Payment System Integrity 6
Protecting Data in the Enterprise Data Flow
Database Server
Database Activity Monitoring /
Data Loss Prevention
Web Application Firewall
TablespaceDatafiles
Database Log Files
Applications
DatabaseColumns
Database Activity
Monitoring
Passive ApproachesActive ApproachesPassive Approaches and Active Approaches = End-To-End Protection
Payment System Integrity 7
Passive Data Protection Approaches
• Web Application Firewall– Protects against malicious attacks by inspecting application
traffic• Data Loss Prevention
– Tags and monitors movement of sensitive assets– Protects against the unintentional outbound leakage of
sensitive assets• Database Activity Monitoring
– Inspects , monitors, and reports database traffic into and out of databases
– Can block malicious activity; seldom used due to false positives
• Database Log Mining– Mines log files that are created by databases for good or bad
activity
Payment System Integrity 8
Active Data Protection Approaches
• Application Protection
– Utilizes crypto APIs to protect sensitive assets in applications
– This approach helps you protect data as it enters your business systems
• Column Level Protection
– Protects data inside the database at the column level
– Can be deployed in a transparent approach to minimizes changes to your environment
– Considered to be the most secure approach to protect sensitive assets
• Database file protection
– Protects the data by encrypting the entire database file
Payment System Integrity 9
Passive Database Protection Approaches
Database Protection Approach
Performance Storage Security Transparency Separation of Duties
Web Application Firewall
Data Loss Prevention
Database Activity Monitoring
Database Log Mining
Best Worst
Operational Impact Profile
Payment System Integrity 10
Active Database Protection Approaches
Database Protection Approach
Performance Storage Security Transparency Separation of Duties
Application Protection - API
Column Level Encryption; FCE, AES, 3DES
Column Level Replacement; Tokens
Tablespace - Datafile Protection
Best Worst
Operational Impact Profile
Payment System Integrity 11
How about Native Database Encryption?
• Advantages
– Available from most database vendors
– Enables you to get started quickly
• Disadvantages
– Mostly non-transparent solutions
– Some vendors do not protect the Data Encryption Keys well enough
– Lack of secure interoperability between instances of the same vendor
– No secure interoperability with databases from other vendors
– No centralization of policy, key management, and audit reporting
Payment System Integrity 12
WebApps
Polling Server
Partners(Financial
Institutions)
Archive
HQ
Branches/Stores
Store Back OfficePoints of collection
T-Logs,Journals
Store Back Office
Applications
StoreDB
RetailLocales
Multiplexing Platform
ERP
`
Manager
$%&#$%&#$%&# $%&#
$%&#
$%&#Polic
y
$%^& *@K$
7ks##@
Policy
Policy
Policy
Policy
Policy
Policy
Log
Log Log
Log
Reports
Collection
Aggregation
Operations
Tactical
Detailed Analytical
Focused / Summary Analytical
Active Access / Alerting
Analytics
Security for the Sensitive Data Flow
Payment System Integrity 13
Data Protection Options and Formats
• Clear – actual value is readable – not for cardholder data
• Hash – unreadable, not reversible – not for cardholder data
• Encrypted – unreadable, reversible
• Replacement value (tokens) – unreadable, reversible
• Partial encryption/replacement – unreadable, reversible
Payment System Integrity 14
Data in the Clear
• Description
– Audit only
– Masking
– Access Control Limits
• Advantages
– Low impact on existing applications
– Performance and time to deploy
• Considerations
– Underlying data exposed
Payment System Integrity 15
Strong Encryption
• Description
– Industry standard (AES CBC …)
• Advantages
– Widely deployed
– Compatibility
– Performance
• Considerations
– Storage and type
– Transparency to applications
– Key rotation
Payment System Integrity 16
Format Controlling Encryption
• Description– Maintains data type, length
• Advantages– Reduces changes to downstream systems– Storage– Partial encryption
• Considerations– Performance– Security and key rotation– Transparency to applications
Payment System Integrity 17
Replacement Value (i.e. tokens, alias)
• Description
– Proxy value created to replace original data
– Centrally managed, protected
• Advantages
– No changes to most downstream systems
– Out of scope for compliance
– No local key rotation
• Considerations
– Transparency for applications needing original data
– Availability and performance for applications needing original data
Payment System Integrity
“Strong cryptography” - PCI DSS Glossary 1.2
• Examples - AES (128 bits and higher) and TDES
– Payment Card Industry (PCI) Data Security Standard (DSS)
– Payment Application Data Security Standard (PA-DSS)
• NIST Special Publication 800-57
– Five confidentiality modes (ECB, CBC, OFB, CFB, and CTR)
– One authentication mode (CMAC)
– Two combined modes for confidentiality and authentication (CCM and GCM)
• Some New Encryption Modes of operation that NIST is considering
– FFSEM, Feistel Finite Set Encryption Mode (Posted February, 2008) 9-16 digits
– ABC, Accumulated Block Chaining (Posted October, 2000)
Payment System Integrity 19
Data Protection Capabilities
Storage Performance Storage Security Transparency
Clear
Strong Encryption
Format Controlling Encryption
Token
Hash
Best Worst
Payment System Integrity 20
Data Protection Implementation Choices
• Data Protection Layers
– Application
– Database
– File System
• Data Protection Topologies
– Remote or local service
• Data Security Management
– Central management of keys, policy and reporting
Payment System Integrity 21
Topology Performance Scalability Security
Local Service
Remote Service
Data Protection Implementation Choices
System Layer Performance Transparency Security
Application
Database
File System
Best Worst
Payment System Integrity 22
Data Protection Strategies
• Where to start?
– “Perimeter towards Database” Strategy
– “Database towards Perimeter” Strategy
– Combined Strategy
• Use risk based methodology to determine how to protect sensitive assets
– Value of your data X Exposure = Risk
– Apply the appropriate approach based on risk
• Choose a protection vendor with
– Broad coverage of protection options
– Central policy, key, and audit management
– Ability to protect across a wide range of database platforms