Establishing Digital Trust: Don't Sacrifice Security for Convenience
Dr. Bassam Khulusi learned about the need to protect the privacy of data from the patients he saw during his 20 years as a practicing physician. "When people feel like their privacy may not be ensured, they may not be completely forthcoming about what's wrong with them," he says.
That can lead to serious medical problems. So Khulusi took his patients' concern for privacy to heart, so much so that he eventually founded a company in Lenexa, Kan., whose sole purpose is to protect all forms of data stored in any type of database.
ERUCES, Inc.'s Tricryption Engine is intended to plug what Khulusi, the company's president and CEO, calls the "last big gaping hole in the security chain," which is the information residing in databases.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i"Most database security now is ineffective, to say the least," he says, because access is often controlled only by an easily breakable password. Even if more stringent access controls are in place, they don't prevent data tampering by trusted insiders.
The Tricryption Engine takes three steps to address the data security problem. First, it encrypts data stored in a database, using any encryption algorithm the customer chooses. Then it encrypts the keys that will unlock the data and stores them in a separate database. Finally, it encrypts the coded link that acts as a pointer between the encrypted object and the key to decrypt it.
The net result is the data is encrypted, the encryption keys are encrypted and there is "no humanly discernable way of mapping the two," Khulusi says. That means a hacker could successfully break in, steal encrypted data and keys, but it would still do him no good. Likewise, when database administrators log in they see only encrypted strings of data that they cannot decrypt.
Data resulting from each transaction has its own key and the business logic behind an application determines what constitutes a transaction. For example, in a forms-based application, each form could be a transaction. Alternatively, in a purchase order, each line item might be a transaction.
The key to each transaction is given a unique identification number, created by a random number generator. That number is stored, encrypted, along with the data object it identifies, essentially becoming a property of that object. When a user retrieves an encrypted object, the application interface is intelligent enough to know the object is encrypted and will look for the object identifier number. That pointer is then sent to the decryption engine, decrypted, and subsequently used to retrieve the key that will unlock the data object.
While it may seem like that process will add latency to the data storage and retrieval process, Khulusi says the effect is negligible. "It's pretty much transparent and would definitely not be the bottleneck. Network latency would cause more of a performance hit than the Tricryption Engine," he says.
ERUCES has been shipping a finished version of the product since October, after testing it for the past year. One of its early customers is Oil-Law Records of Oklahoma City, Okla. The company is in the business of industry intelligence, providing access to regulatory records for the oil and gas industry. It uses the ERUCES technology to protect this sensitive data.
ERUCES also announced in early December that it completed a proof of concept demonstration for the Social Security Administration. With partners including Novell, Digital Signature Trust, InterSystems and Dell, the demonstration showed how medical records could be securely received and stored. The project is now moving to pilot stage, Khulusi says.
The Tricryption Engine runs on Windows 2000 servers, but works with virtually any database, including Oracle, DB/2, Sybase, Informix and SQL Server. A version that runs on Unix will be out around June 2002.
The product is priced on a per-server basis for enterprise use, with average deals running between $100,000 and $150,000. A per-record pricing scheme is also available for service providers, who can use a single instance of the product to protect multiple, separate databases.