Secure Data Exchange Solution
I. CONTENTS I. CONTENTS... 1 II. INTRODUCTION... 2 OVERVIEW... 2 COPYRIGHTS AND TRADEMARKS... 2 III. SECURE DOCUMENT EXCHANGE SOLUTIONS... 3 INTRODUCTION... 3 Certificates Types and Storage... 4 Hardware Smart Token... 4 DOCUMENT SECURITY... 6 Overview... 6 Microsoft Office Document Security... 7 Adobe PDF Document Security... 8 AutoCAD Document Security... 9 Benefits... 10 EMAIL SECURITY... 12 Overview... 12 Microsoft Outlook Email Security... 13 Mozilla Thunderbird Email Security... 13 Benefits... 14 SECURE FLASH DRIVE... 15 Overview... 15 Antivirus Protection (Optional)... 15 Benefits... 16 I. ABOUT E-CODE... 17 1
II. INTRODUCTION This document provides a description for the Secure Data Exchange solution provided by E-Code. Overview Many organizations depend on data and documents exchange throughout their day to day operations. Though, the trust and integrity of these data files remain the main problem that is facing such operations. Establishing most operations using e-documents and e-mails saves money and time which impacts the performance of the organization rapidly. On the other hand; the need for secure portable storage is rising every day. Data owner must carry his most valued data with no worry of anyone who can view or use it. USB flash storage is currently very popular due to its ease of carry and use. Combining fingerprint authentication with USB flash storage raises the security of this portable storage. More security introduced is the encryption of the stored data to secure the drive against advanced attacks on memory. This is the ultimate security level that can be applied on the USB flash drives. In this document, E-Code presents its solution for Secure Data Exchange, whether exchange by sending and receiving or by storing and viewing. The solution provides a secure and trusted system for document, e-mail and data files exchange that establishes integrity and trust within any organization. Based on E-Code Smart Token and PKI standards, this solution can be the suitable approach for any organization to reach the benefits of data exchange within its system. Copyrights and Trademarks All of the content on this manual and accompanying software(including all text, graphics, sounds, demos, patches, hints and other files) is covered under KSA and international copyright and trademark laws by E-Code and other companies, and are property of E-Code, or are presented with permission and/or under license. This content may not be used for any commercial use without express written permission of E-Code, and possibly other copyright or trademark owners. All other trademarks and copyrights are the property of their respective owners. 2015, E-Code 2
III. SECURE DOCUMENT EXCHANGE SOLUTIONS Introduction E-Code Secure Data Exchange Solution provides a hardware based encryption methods for data security. The solution is divided into three main modules: 1. Document Security. 2. Email Security. 3. Secure Data Storage. Document Security E-mail Security Secure Data Storage PDF Documents Outlook Softlock Biometric Flash Memory Word Documents Thunderbird Digital Signature Depending on Computer Cryptography, Digital Signatures are used to authenticate digital information. Integrating with E-Code Smart Token to perform the signing operation, the following assurances are provided:- AUTHENTICATION E-Code Smart Token checks the digital signature of the person who signed the document to ensure that the data really came from that person. A digital signature is like a handwritten signature as both can guarantee someone s identity. 3
NON-REPUDIATION E-Code Smart Token, by providing digital signature capability, shows that only the person whose digital signature appears on a document is the one who have signed that data. Therefore, a person cannot deny involvement in a legitimately signed transaction. INTEGRITY E-Code Smart Token ensures that the signed document is unchanged. A valid digital signature on a document shows that the document has not been altered since it was signed. Certificates Types and Storage In order to reach the maximum security regarding securing e-documents, Digital Certificates should be used in Encryption and Digital Signature operations. Digital Certificates hold the private and public keys of the owner in a standard way that can be distributed and used easily in different applications. Usually there are two types of certificates, Private and Public. Private Certificates are those certificates holding the private RSA key used in Signature and Decryption. This private certificate should be protected and shall not be delivered to any other entity but its owner. Public Certificates are those certificates holding the Public RSA key used in signature Verification and Encryption. This public certificate is not secured, and shall be delivered to all entities dealing with the owner of the certificate. Certificates may hold other attributes which can provide more information about the certificate. Some attributes are Expiration Date, Email, Issuer, etc In order to use the certificates, certificate owner should store it somewhere within his own system environment. Certificates can be stored in different ways: 1. File: This is the least secure way to store a certificate. The only security is a password for the certificate. 2. Software Store: Hidden store within the operating system, protected by a password. 3. Hardware Memory: Certificates stored on hardware memory protected by 1, 2 or 3 factors authentications 4. Secure Hardware Memory: Certificates stored on a secure (encrypted) hardware memory secured by 1, 2, or 3 factor authentication. Hardware Smart Token In order to meet the full requirements of achieving secure digital signature infrastructure. E-Code Smart Token provides a solution to secure certificate storage. E-Code Smart Token is USB Hardware based token capable of different PKI cryptographic operations while providing secure hardware storage for owner s private certificates, complying with international standards. The strength of hardware security is that all keys and cryptographic functionalities are executed on board, keeping all data safe from compromising in unsecure software environment. The 4
recommendation of security institutes (Example: FIPS140-2) secure data must be generated, stored and processed in a separate environment outside the computer. This will protect sensitive user data from digital attacks. E-Code Smart Token can generate RSA-2048 keys. E-Code Secure Data Exchange provides extra security with two/three Factors Authentication based on E-Code Smart Token. 1. Something you know (PIN or Password) 2. Something you have (E-Code Smart Token hardware device) 3. Something you are (Biometric identity like Fingerprint) 5
Document Security Overview Many applications used in documents generation and publishing uses Encryption and Digital Signature for securing the documents, though depending on a password as the key to the security will lead to one factor authentication which can be easily broken. Documents security mainly depends on two approaches, Document Encryption and Digital Signature. E-Code Secure Document Exchange solution provides a secure approach for document security based on E-Code Smart Token. E-Code Secure Document Exchange solution can be easily integrated with any application compliant with PKCS#11 or CSP standards. E-Code Smart token libraries are tested and have been used with different applications. In order to reach the maximum document security a user can combine the Encryption and Signing operations together in protected document. This combination will provide the required security for protecting contents while keeping the document integrity and non-repudiation. Mostafa Private Certificate Ahmed Signing Public Certificate Encryption Digital Signature Digital Signature 6
Ahmed Private Certificate Mostafa Public Certificate Decryption Verification Digital Signature Digital Signature Digital Signature Microsoft Office Document Security Users can digitally sign an Office Excel, PowerPoint, or Word document for many of the same reasons that they might place a handwritten signature on a paper document. Recent Office applications let you add multiple digital signatures to the same document. E-Code Smart Token can integrate with Office application as a holder to the signing digital certificate and as a hardware authentication device, raising security level of the signing process. The following figure shows a sample word document signed by a digital certificate that is stored on a E-Code Smart Token for the user Ibrahim. 7
Adobe PDF Document Security Using Adobe Acrobat, user can Sign a PDF in seconds, type or draw his name, insert an image of his signature, or use a certificate signature. E-Code Smart Token libraries supports integration with Adobe PDF documents, so that it holds the digital signing certficates. The following figure illustrates the integration of E-Code Smart Token with Adobe Acrobat. The snap shot shows how the application easily interfaces with E-Code Smart Token, and it also shows the installed certificate that can be used in Encryption and Digital Signature. 8
AutoCAD Document Security The Autodesk AutoCAD application produce maps and drawings documents. In order to apply integrity and non-repudiation to those documents. User can attach digital signatures to files that are compatible with AutoCAD 2000 and later file formats. E-Code Smart Token make a successful integration study with AutoCAD documents, so that user can maximize the security level of his digital signature process, by holding his digital certificate on the E- Code Smart Token secure device. The following figure shows a digital signature that was signed by a E-Code Smart Token of the user Mostafa. 9
Benefits By implementing E-Code Secure Document Exchange Solution, Organization can reach the following targets: DOCUMENTS PROTECTION E-Code Secure Document Exchange Solution will provide a way to secure document exchange within an organization. Document encryption will prevent any Un Authorized intruder to access the data within the document. Document encryption is based on Hardware and PKI system which provide the highest available security, immune against all known attacks. IDENTITY VERIFICATION E-Code Secure Document Exchange Solution will provide a way to verify the identity of the document issuer. Any unauthenticated user tried to send a document by stealing the sender identity; recipient will easily verify the document issuer identity. SHORT SCENARIOS E-Code Secure Document Exchange solution provides end user easy way to add strong security to the documents through the original document application (i.e. Adobe, MS Office etc.). 10
CONTENT INTEGRITY Document signing will also provide a mean to check document Integrity, which can detect if the document content has been altered or modified. Once document content has been signed, it cannot be altered or changed which provide high integrity check. MINIMIZE COST AND TIME Implementing digital document exchange within the organization will lead to reducing the cost and time of the document life cycle, meanwhile maintaining the security, integrity, and non-repudiation within the organizational process. SECURITY LAW COMPLIANCE E-Code Smart Token is compliant with Egyptian Digital Signature Law, and certified from ITIDA. Complying with Digital Security law gives the trust needed to deploy Smart Token in any system keeping the rights and confidentiality of the user. 11
Email Security Overview E-Code Email Security Solution is a straight forward solution, based on different technology standards. The solution provides the security by providing Email Encryption and Digital Signature. Email encryption can secure all confidential data transferred via emails, while Email Digital Signature can provide identity verification and non-repudiation. In order to reach the maximum security level, E-Code provides E-Code Smart Token Integration within the Email Security solution. E-Code Smart Token is a small USB device provides different cryptographic functionalities conforming to technology standards and compatible with different third party applications. The solution can be briefed with the following points 1. Email environment will be configured within organization. 2. Each member within the organization will own a E-Code Smart Token which represents his identity, and provides all the required security functionalities 3. Whenever any member needs to send an email, he can easily Encrypt and Sign the email using the third part Email Client (ex: Microsoft Outlook ) and the E-Code Smart Token. 4. Whenever the recipient receives the email, he can verify the Sender identity and can Decrypt the email content using the E-Code Smart Token and any third party Email Client (ex: Microsoft Outlook ). Figure 1 illustrates the Secure Email Environment, where the Recipient can verify the sender identity and decrypt the Email contents, while Un Authorized intruder fails to decrypt the Email contents. Sender Recipient Email Encrypted + Signed Encrypted + Signed Decrypted + Verified Email Server Mail Client Mail Client Mail Client UnAuthorized Encrypted Figure 1: Secure Email Environment 12
The Secure Email Environment mainly depends on integrating E-Code Smart Token within the Email system. The hardware nature of E-Code Smart Token provides added security which resists compromising owner identity. Microsoft Outlook Email Security Using E-Code Email Security Solution will not require any technical background for the users. And, it is highly compatible with different and publicly available mail clients and servers. Next figure illustrates a screen shot for Microsoft Outlook Email client with the option of Encrypting and signing the email message. Mozilla Thunderbird Email Security E-Code Email Security solution comes with a Smart token and set of libraries compatible with different applications. Examples of different supported applications are Microsoft Exchange Server, Thunderbird Mail Client and Mail Enable Server. The following figure is a snapshot of E-Code Smart Token integrating with Mozilla Thunderbird Mail client, as a Secure Device to sign and encrypt e-mail messages. 13
Benefits By implementing E-Code Email Security Solution, Organization can reach the following targets: MESSAGES PROTECTION E-Code Email Security Solution provides a way to secure data transfer via Email. Email encryption will prevent any unauthorized intruder to access the data within the email. Email encryption is based on Hardware and PKI system which provide the highest available security, immune against all known attacks. EASE OF USE E-Code Email Security solution is a user friendly solution that user can easily configure and use with any mail client. IDENTITY VERIFICATION E-Code Email Security Solution will provide a way to verify the identity of the email sender. Any unauthenticated user tried to send an email by stealing the sender identity; recipient will easily verify the email sender identity. EMAIL INTEGRITY Email signing will also provide a mean to check Email Integrity, which can detect if the mail content has been altered or modified. Once email content has been signed, it cannot be altered or changed which provide high integrity check. 14
Secure Flash drive Overview A USB flash drive, also known under a variety of other names, is a data storage device that includes flash memory with an integrated Universal Serial Bus (USB) interface. USB flash drives are typically removable and rewritable, and physically much smaller than an optical disc. Most weigh less than 30 grams. As of January 2013, drives of up to 512 gigabytes (GB) were available. A one-terabyte (TB) drive was unveiled at the 2013 Consumer Electronics Show and became available later that year. Storage capacities as large as 2 TB are planned, with steady improvements in size and price per capacity expected. This USB flash drive is vulnerable to many attacks and thus data security is not guaranteed. Even if there are USB flash drives available that require password authentication, this is a high security level. The Secure USB Flash Drive introduced here eliminates all the vulnerabilities within the common USB Flash storage. Also, the highest security level is introduced based on biometric user authentication of the owner. Along with the fingerprint authentication, there is password authentication and memory encryption to secure the memory chip against hardware attacks. The secure USB Flash Storage consists of 3 modules Fingerprint Module: a fingerprint thermal sensor along with the matching module Security Processor: to perform the encryption operation on the written data before storing it to memory, and decrypt this data before read it from memory. Flash Memory Chip this chip is the storage media that contains the user data. This memory is being managed from the security module. MULTIPLE DRIVE STORAGE Removable Disk (E) Removable Disk (G) 10 GB Free of 32 GB 22 GB Free of 32 GB The Secure Flash USB Drive can be used as multiple drive exactly as hard disk. Each drive permissions can be easily changed to be read only or read/write. Public and Private storage: meaning public storage require no authentication. Antivirus Protection (Optional) 15
Defend data and identities against viruses, worms, and other malware threats with on-board antivirus software, which constantly monitors file transfers to the drive. Benefits HIGH SECURITY A number of security mechanisms are employed, helping significantly to eliminate the risk of fraud, attacks and misuse from unauthorized individuals and hackers. User authentication using two factor authentication: password and fingerprint. Data is stored encrypted in memory to resist the hardware attacks on memory. Strong and standard encryption algorithm for data: AES 256-bit. USABILITY The secure flash drive can be used many times as it uses writable flash memory chip. About 100,000 write cycles is the memory retention. Not like other secure storage: memory is erasable and writable. With high memory write cycles, about 100,000 cycles. PORTABILITY Easy to carry and use secure drive as its weight is less than 100g, with small size and USB interface. USER FRIENDLY The management software is user friendly GUI that any common user can be easily familiar with, Installation is easy, just plug and play. Software is stored permanently on the secure flash drive. It creates simply multiple drives on the secure flash drive. Also, Drives permissions can be changed easily to be read only or read/write. STANDARDS COMPLIED The secure USB flash drive is totally standards complied, like USB standard interface, AES encryption algorithm; which is an encryption standard with the ultimate key length 256-bit. Fingerprint module standard sensor is provided and matching processor. 16
I. ABOUT E-CODE E-Code is a leading progressive, innovative company in the field of information security providing technology, state of the art solutions, consulting, integration and testing services to safeguard the information assets, identities and the supporting infrastructure against unauthorized use. Our high quality service and excellent benefits and the ability of being reliable and responsible put us as a leader on the top of digital security companies. E-Code provides unique products and solutions, which cover many security areas fulfilling customers need in different market sectors. We provide a set of products and solutions covering the following areas: software protection, data encryption, security hardware, digital signature, secure identification and authentication, secure online distribution of digital Contents. We supports different market sectors like; governmental institutes, organizations, banks, software development companies, multimedia software and game producers, media and ebooks publishers and individual users. Dongle Fingerprint Smart Token Smart Card Fingerprint Smart OTP Card Smart Token Fingerprint OTP Token Secure SD Card Secure Flash with Fingerprint Website Email www.e-code.com info@e-code.com, support@e-code.com, sales@e-code.com Telephone Fax 17