bunker mail security

10
SIMPLE. STRONG. ENCRYPTION. Security Overview BunkerMail encryption and key exchange October 7, 2010 GlobalCrypto.com

Upload: todd-merrill

Post on 27-May-2015

869 views

Category:

Technology


5 download

TRANSCRIPT

Page 1: Bunker mail security

SIMPLE. STRONG. ENCRYPTION.

SecurityOverviewBunkerMail encryptionand key exchange

October 7, 2010 GlobalCrypto.com

Page 2: Bunker mail security

© 2010. Global Crypto Systems.

Todd Merrill, CEO GlobalCrypto

@ToddMerrill

[email protected]

Page 3: Bunker mail security

© 2010. Global Crypto Systems.

Challenges with PCI-DSS

Requirement 3: (Encrypt at Rest)

“Protect stored cardholder data”

Crypto-key distribution

Requirement 4: (Encrypt in Motion)

“Encrypt transmission of cardholder data across open, public networks”

Requirement 8: (Strong Authentication)

“Assign a unique ID to each person with computer access”

Page 4: Bunker mail security

© 2010. Global Crypto Systems.

Page 5: Bunker mail security

© 2010. Global Crypto Systems.

We distribute Crypto keys to web users

We hide crypto in digital pictures Steganography!

User credential contains (AES encrypted):

RSA-1024 user key pair (public-private)

RSA-2048 public key for BunkerMail application

Dual digital signatures for Authentication

Page 6: Bunker mail security

© 2010. Global Crypto Systems.

Authentication

Strong, Multi-Factor Authentication >Picture = Virtual Smartcard>Password is never transmitted or stored

Bi-directional Authentication

Sessions are encrypted using unique AES key exchanged upon Authentication (via our PKI)

HTTPS used in addition, (redundant)

globalcrypto.com/knowledge-center-overview

Page 7: Bunker mail security

© 2010. Global Crypto Systems.

Authentication

Page 8: Bunker mail security

© 2010. Global Crypto Systems.

Encryption—end-to-end

Private Note and Attachments are encrypted with unique AES keys.

AES keys are encrypted with BunkerMail public key (RSA-2048).

BunkerMail decrypts the AES keys and re-encrypts them with the public key(s) of recipients

AES keys are escrowed if a user is not in the system (no public key yet)

Page 9: Bunker mail security

© 2010. Global Crypto Systems.

Page 10: Bunker mail security

© 2010. Global Crypto Systems.

Ideal technical solution

Encrypts at rest

Encrypts in motion, end-to-end

Provides audit logging, robust audit trail

Housed in a secure data center

Provides encrypted, automated archival

Enforces strong, unique access controls

Simple to use