Home » Data Protection » Application Security

Protecting Data at Rest

New approaches to protecting data at rest (and avoiding the wrath of your customers).

Secret sharing, also known as secret splitting, is a clever technique that can be used to split a piece of confidential information between two or more parties so that it cannot be reassembled until a minimum number of those parties participate. With secret splitting you can divide CCNs among four databases and require that data be retrieved from at least three of them in order to recreate the CCNs. In the simplest implementation, a secret is simply split between two databases; both databases must be consulted to recreate the secret.

Although secret sharing was invented in 1979 by cryptographer Adi Shamir (the "S" in the RSA cryptography algorithm), the system was largely an academic curiosity until recently. With the rise in database break-ins and mandatory notifications, secret sharing may be looking more attractive for some applications.

Public-key cryptography can be layered on top of these databases so that the baby-sitter's cell phone number can be decoded by Mom and Dad but not by Uncle Ernie.

Back in 2003 RSA Security introduced a technology called Nightingale that is supposed to make it dramatically easier for businesses to integrate secret sharing into already-existing applications. With Nightingale, a special server holds half of the secret and the organization's existing database holds the second half. Secrets such as credit card numbers or cryptographic keys are only recombined when they are actually needed for use; in other words, call center reps won't be able to browse through the data on a coffee break.

In some very special applications it is even possible to use a secret without putting it back together! This is called split-key cryptography, and Nightingale supports a version of it as well. Split-key cryptography is useful in applications where you absolutely, positively do not wish to have a chance of someone running off with your encryption key. Instead of reassembling the key to use it, part of the cryptographic calculation gets run on one computer with part of the key, then the document gets moved to a second computer where the second half of the calculation gets done with the second part of the key. This is pretty complicated stuff, but it's appealing in certain specialized applications (such as for organizations that want to run a high-value certification authority).

In many cases information can be hashed by a one-way function before it's stored in a database. Hashing data enables it to be used for certain purposes but effectively makes it impossible to get the data back out.