Top Banner
SIMPLE. STRONG. ENCRYPTION. Security Overview BunkerMail encryption and key exchange October 7, 2010 GlobalCrypto.com
10
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Bunker mail security

SIMPLE. STRONG. ENCRYPTION.

SecurityOverviewBunkerMail encryptionand key exchange

October 7, 2010 GlobalCrypto.com

Page 2: Bunker mail security

© 2010. Global Crypto Systems.

Todd Merrill, CEO GlobalCrypto

@ToddMerrill

[email protected]

Page 3: Bunker mail security

© 2010. Global Crypto Systems.

Challenges with PCI-DSS

Requirement 3: (Encrypt at Rest)

“Protect stored cardholder data”

Crypto-key distribution

Requirement 4: (Encrypt in Motion)

“Encrypt transmission of cardholder data across open, public networks”

Requirement 8: (Strong Authentication)

“Assign a unique ID to each person with computer access”

Page 4: Bunker mail security

© 2010. Global Crypto Systems.

Page 5: Bunker mail security

© 2010. Global Crypto Systems.

We distribute Crypto keys to web users

We hide crypto in digital pictures Steganography!

User credential contains (AES encrypted):

RSA-1024 user key pair (public-private)

RSA-2048 public key for BunkerMail application

Dual digital signatures for Authentication

Page 6: Bunker mail security

© 2010. Global Crypto Systems.

Authentication

Strong, Multi-Factor Authentication >Picture = Virtual Smartcard>Password is never transmitted or stored

Bi-directional Authentication

Sessions are encrypted using unique AES key exchanged upon Authentication (via our PKI)

HTTPS used in addition, (redundant)

globalcrypto.com/knowledge-center-overview

Page 7: Bunker mail security

© 2010. Global Crypto Systems.

Authentication

Page 8: Bunker mail security

© 2010. Global Crypto Systems.

Encryption—end-to-end

Private Note and Attachments are encrypted with unique AES keys.

AES keys are encrypted with BunkerMail public key (RSA-2048).

BunkerMail decrypts the AES keys and re-encrypts them with the public key(s) of recipients

AES keys are escrowed if a user is not in the system (no public key yet)

Page 9: Bunker mail security

© 2010. Global Crypto Systems.

Page 10: Bunker mail security

© 2010. Global Crypto Systems.

Ideal technical solution

Encrypts at rest

Encrypts in motion, end-to-end

Provides audit logging, robust audit trail

Housed in a secure data center

Provides encrypted, automated archival

Enforces strong, unique access controls

Simple to use