Modernizing Authentication — What It Takes to Transform Secure Access
Ethereum has gained in popularity over the course of 2017, growing along with the rising tide of cryptocurrencies led by Bitcoin. Ethereum, however, has its own open-source blockchain ledger system that is different than what Bitcoin uses and different than the Hyperledger effort that is officially part of the Linux Foundation.
Leonardo Cooper realized that the Ethereum blockchain could be useful in helping to improve password security, which led him to launch his new company Vault One. Among Vault One's products is the Security Vault, which provides password security that makes use of the Ethereum blockchain.
"Ethereum's blockchain was the choice for us because it is a good open-source project and it allows us to develop our business rules," Cooper said.
With the cryptocurrency model used for the Ethereum blockchain, the distributed ledger is the method by which transactions are validated. Cooper explained that the Vault One clients can choose to add their nodes into the Vault One network, which is using the blockchain for very specific security purposes.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
"The more clients and people that join our network the better because it increases the trustworthiness of the network," Cooper said.
Cooper said the way that Vault One is using the Ethereum blockchain, there is no personally identifiable or sensitive information being transferred in the transactions. Rather, Vault One is using the blockchain together with other more traditional security measures in order to help secure user passwords.
"The Ethereum blockchain is not encrypting or protecting information for authentication," Cooper said. "It's just there to put trust in the transaction that is happening inside of the password vault."
Vault One's Security Vault separates individual customer data into isolated containers, with each company getting its' own data storage segment. Cooper said the Ethereum blockchain is not used for authentication but is used to help prove that when someone accesses a password in the vault, the process transaction is tracked.
"Each secret inside the vault has a token associated with it and that's what we use to make sure that the transaction is authentic," Cooper said.
Vault One uses a Hardware Security Module (HSM) for securely storing passwords. The password keys are generated inside of the HSM to make sure that the key never leaves the vault and only the token is passed to the outside.
Cooper said that Vault One works in both Microsoft Azure and Amazon Web Services (AWS) and can also be deployed on-premises. The Vault One Security Vault can also integrate with Microsoft ActiveDirectory and LDAP directory stores.
"We provide enterprises with an appropriate place to store credentials and we also provide access to servers without the need to disclose passwords to users," Cooper said.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.