Wednesday, March 20, 2013

Security measures for your eDocument data

Data security is something most of us would prefer to leave to the experts. All we want to know is that our compliance boxes are ticked and no nasty surprises are waiting for us.

So, what is your mental image of data? A large Excel spreadsheet; lots of ones and zeros like in the movie 'The Matrix'; or how about a large cork notice board with lists of all your customer information pinned to it. Regardless of how you see it, you need to ensure that 'others' don't.

We’ve covered email document encryption, as well as password protection in our email security blog series so far. I’m taking a step back to the 'notice board' and addressing the complex issue of data security.

How do we protect the notice board from prying eyes, and those bent on evil?


There are those that will always devise methods to gain access to your notice board. To combat and mitigate the risks of a data breach, various techniques can be implemented, as discussed in a previous blog post: What do they do with my data?

If you have a huge notice board and the ability to sort and segregate your customer data into sections to target them for specific products/offers, then you have Big Data. The risks associated with that have also been discussed in a recent post: Leveraging Big Data to deliver the one-to-one message? Don't get caught in a trapThe measures you have taken to stop people seeing, or accessing the notice board, constitute your data security, but do you have peace of mind?

For the sake of ‘sleep-easiness’, it is best to check-in with the compliance and regulatory guys. There are two primary areas of legislation that have been devised to protect two of the most sensitive types of customer information - although they may not necessarily apply to every industry. They are health records and credit card details. Get more details here.


  1. HIPAA (Health Insurance Portability and Accountability Act – USA)
    Mandates and regulates the use of electronic processing of personal healthcare information. The crux of the legislation is that companies must ensure reasonable safeguards for patient information, and gain consent from the patient to send to a validated email address.
  2. PCI DSS (Payment Card Industry Data Security Standard – Global)
    A set of standards to ensure that all and any companies who store, process and transmit cardholder data maintain a secure environment. Cardholder data specifically must be encrypted at all stages of transmission.

By making use of the “reasonable safeguards” you will have peace of mind that your notice board is protected. But, what safeguards will you take to maintain the protection of your customer data once it has been copied into your eDocuments from your uber-secure notice board?

For example, you are going to send each of your customers their statement/invoice/policy document/payslip etc. from every line across your notice board. For the electronic format, you or your ESP will create a document and email it to your customers. You need to maintain a high level of security throughout the process.


Recommended checklist:


On the actual email cover page – the bare minimum:


  • Customer name: This is necessary because personalisation helps assure customers that you are a sender they have previously engaged with and so, they know and trust you.
  • Email address: Use the email address your customer provided you with when they gave consent for your communications.
  • Display partial account / personal data such as a few digits of social security/ID number: This gives further authentication and verification. It assures the customer that the sender is a valid biller/marketer with whom they have an existing relationship.
In the attached document:

  • Encryption: All sensitive documents should be distributed in an encrypted format. (I refer back to the first post in the security blog series). All sensitive customer information will then be held in this format.
  • Authentication: All eDocuments should be password protected. (Again, refer to the first post in this security series). All these documents should have at least one authentication level; ie. one password/shared secret.
  • Confidential data like credit card numbers / social security and ID numbers. These numbers can be hashed out too, with just the last four digits visible. This adds another layer of protection and gives a comfort level to the customer about their private details.
  • Additional data, like transaction data or itemised billing can be embedded into the PDF and then encrypted and password protected. It can also be accessed offline.
  • Verified online access: Some companies compliment their eDocuments with information held on their online portals. Customers can access the portal from a secure link in the attachment - online access should require further authentication.
  • Other data can be hosted online out of the portal. This would also be accessed by user authentication - only from within the attachment and hosted using a randomly assigned GUID.

Data security need not be the 'big monster'. Some industry best practices along logical representation of data and behind the correct levels of authentication will do the trick.

Do you need further advice on how to safeguard your customer data when sending eDocuments?  Contact an eBilling expert here.

Simon Johnston
striata.com

Thursday, March 14, 2013

Your document password shouldn’t be the weak link in your secure communication chain

In the first post of our security blog series, Linda Misauer spoke about the importance of key length to avoid brute force attacks on the key itself. She stated that 128-bit encryption is sufficient for most applications due to the exponential time needed to try all possible keys. 

In the second part of this series, I will be focusing on the importance of effective password protection when dealing with encrypted, offline documents. As with all encryption, it is important to consider the length and complexity of the password or phrase that is used to generate the key. A short, simple secret becomes the weak link in the chain to an effective secure communication. Attackers can simply brute force attack the document.


Brute force - what it entails and how to combat it


To understand how brute force works, consider a real world example: your ATM card. Most banks require a PIN code consisting of 4 digits (0-9) and allow numbers to be repeated. This simply allows only 9,999 combinations which is secure enough for an ATM (which only allows 3 attempts) because a thief, on average would have to traverse through at least half (4,999) of the possible numbers before guessing correctly.

But what if only 3 numbers were allowed? This significantly reduces the number of possible PIN codes by a factor of 10. Only 2 numbers? Suddenly it becomes possible to guess within a few minutes (if unlimited tries are allowed).


Replace the thief with a computer…


When this concept is translated into a virtual world and a computer (or multiple distributed computers) is guessing the combinations, the strength of the password becomes significantly more important.

As a test, I ran a benchmark of how many passwords my laptop can guess per second. The results: For a 128bit password to open a secure PDF, just fewer than 30,000 different combinations could be tested per second. So, it's obvious that a 4 digit PIN code is not sufficient if the data contained in the PDF is highly confidential as my PC can run through every 4 digit numeric combination in less than a second.

However it gets a little more complicated as there are 2 factors that influence password strength:

  • Length – 2, 3 or 4 "slots"
  • Data Set
  • Numbers only = 10 possibilities per slot above
  • Alphanumeric = 36 possibilities per slot above
  • Upper & lowercase = 62 possibilities
  • Special characters = Conservatively 67 possibilities per slot above

Combinations of multiple pieces of data, preferably including more than one data set, i.e. both numbers and characters are recommended. This table shows the number of combinations by the length of the password and the type of data being used.


It's clear that complex passwords should be used to protect confidential documents to ensure a high level of security. But let’s consider that in conjunction with ease of use. Nobody wants to remember a password like <1h4Tep4sSw0rDs!>

The middle ground:

  • Fit for purpose – Different document types require different levels of protection. For example, your utility bill does not contain as much sensitive information as your detailed telephone statement.
  • Shared secrets - Data that is known to you - like your last name combined with the last four digits of your social security number provides a password mostly greater than 8 characters but still easy to remember.

In must also be noted that even when someone gains access to a document and manages to successfully brute force the password, the algorithm itself has not been broken. They will still only have access to a single document - won't be able to decode any more documents encrypted with different passwords.


Key points to remember:



  • Simple passwords can be found by brute force methods
  • Complex passwords provide a higher level of security
  • Multiple pieces of data that create alpha and numeric characters create complex passwords, but are still easy to remember
  • The password strength should match the level of security needed, there is a way to balance security and ease of use for the customer

If you found this blog post useful and are keen to know more about email security, then be sure to continue following this blog series. If you would like to chat to an email specialist, please get in touch.


Alex Papadopulos
striata.com

Thursday, March 7, 2013

Ensure your electronic documents are delivered securely: Encryption/cryptography

Think of any high volume, system generated paper document that you currently print and deliver by mail and chances are you’re already working towards converting each one to electronic delivery.

But what about security, confidentiality and non-manipulation? How do you ensure trust and compliance with your new process?  

Our special blog series is going to look at every aspect of document security and how you can deliver secure eDocuments with confidence.

Opening the envelope vs. opening the email


thief

Let’s start with traditional mail. A piece of paper sitting in your post box is hardly secure, it can be removed read, changed and replaced without your knowledge - it follows that  any level of security associated with an electronic document already makes it a better option. However post does have one thing going for it – you have to physically go to each post box to collect mail.

Unlike post boxes, websites (and the now standard customer portal) are publically accessible, so the security requirements immediately become more stringent. Registration and multiple levels of authentication become necessary, but also cause usability and liability issues.

So, you have ease and convenience on one hand vs. barriers and a (good) dollop of effort on the other. What’s the middle ground? Email of course. In a nutshell, an email address is an online version of a post box but with the benefits of cool tech that can be layered on top to make it far more secure than its paper counterpart.


8 Reasons why you should consider sending documents via email



Cost take out: Significantly reduces paper, printing and postage costs. Low cost of implementation and pay per use pricing.
Convenience of email and secure attachments: Ability to save the attachment, view it offline and print hard copies. Advanced functionality included within the electronic document.
Security: The eDocument remains encrypted offline and outside the mail client, protecting confidentiality. The email attachment is secured using the latest in encryption technology.
Support for corporate e-communication and CRM initiatives: Promotes interaction and direct communication with customers.
Drives qualified web traffic: Augments and complements existing online services.
Marketing: Provides effective marketing real estate that can be used for personalized, targeted marketing offers.
Customer experience insight: Enables detailed tracking reports.
Environmental impact: Minimized by reducing paper output.


Security and its role in eDocument delivery

I trust you now agree that sending documents to the inbox is a good idea. The next step is to explore all the security aspects of electronic document delivery in detail. Because it’s a big theme we’ll look at each aspect on its own over the next few weeks, including: 
  • Encryption - which I'll cover in this blog post
  • Password strength: Your document password shouldn’t be the weak link in your secure application chain
  • Data protection: Security measures for your eDocument data
  • Usability & customer convenience: Ensure your paperless gateway isn’t locked too


Understanding Encryption/cryptography

Banks use 128 bit encryption to protect communications on Internet Banking. We believe electronic document delivery encryption levels from 128 bit and above are sufficient. Let me explain why and how it all works:

Some quick terminology to help you: 

  • Encryption is a process of scrambling data from its original format into one that is unreadable except by authorized persons, by using one or more algorithms and keys
  • The information needed to take data from one format to another is called an “encryption/decryption key”
  • The original format is called “plaintext” and the scrambled data is called “ciphertext”


Different encryption schemes

There are two basic types of encryption schemes: Symmetric-key and Asymmetric-key (also called public-key encryption)

Symmetric algorithms - uses the same key to encrypt and decrypt the message 

  • 3DES - Data Encryption Standard.
  • AES - Advanced Encryption Standard
  • RC4 – also known as ARC4 is used in protocols such as SSL (to protect Internet traffic), WEP and WPA (to secure wireless networks)

Asymmetric algorithms - uses a different cryptographic key to encrypt and decrypt the message



  • PKI - Public-key infrastructure

However, sticking to Symmetric algorithms is advisable because it takes away the requirement for complicated key exchanges. For PKI encryption the consumer has to “have something” (e.g. a private PKI Key) rather than for symmetric encryption where they just have to “know something” (e.g. a type of password).


Key strength

In cryptography, size does matter. The larger the key, the harder it is to crack a block of encrypted data. Typical key strengths are:


  • 128bit (RC4)
  • 168bit (3DES)
  • 256bit (AES)

A password is converted into a key length appropriate to the chosen algorithm.

A brute-force attack consists of systematically checking all possible keys until the correct key is found. The resources required for a brute-force attack grow exponentially with increasing key size. However the key combinations depend on the length of the password that generated the key. Hence the longer the password the harder it is to crack. 

time-to-crack-cryptographic-key-versus-key-size

Maybe this is why hackers don’t generally attack the actual encryption; instead they try to “guess” the correct password... in our next post in this email security series we will detail how password strength works in conjunction with encryption. 

Keen to get more expert advice on email security? Follow the rest of this blog series or get in touch with one of our eBilling experts. 

download-striatas-encryption-technologytechnical-overview


Linda Misauer
striata.com