PasswordsNew solution helps thwart “smash-and-grab” credential theft

Published 11 October 2012

Of the data breaches investigated in 2011, servers were among the primary target assets in 64 percent of investigations and those accounted for 94 percent of compromised records; a new solution from RSA scrambles, randomizes, and splits authentication credentials across multiple servers, data centers, and the cloud

RSA, the Security Division of EMC, the other day introduced a new technology designed to protect passwords and other credentials and secrets stored in databases from cyber attacks.

RSA Distributed Credential Protection is engineered to scramble, randomize, and split secrets and authentication credentials into two separate locations. EMC says that the solution is designed to work alongside existing password protections, and is built to reduce the likelihood of successful “smash-and-grab” attacks on password servers. These attacks compromise customer, retail, and financial portals every year, leaving millions of passwords and credentials at risk.

With RSA Distributed Credential Protection, even if an attacker compromises one of the two servers used to store the scrambled and split credential data, the information gained would be useless. Secrets can also be re-randomized at the push of a button so that any potential later intrusion into one of the credential servers would similarly yield useless information. As a result, attackers face the daunting task of having to compromise two separate servers or data centers nearly simultaneously, without detection, in order to gain valuable information.

Engineered by RSA Labs, this new capability is the result of work in Split Value Cryptographic Authentication. The company says that credentials secured by RSA Distributed Credential Protection thus benefit from an added security layer using advanced cryptographic techniques developed by RSA Labs to verify authentication while never reconstructing the split halves.

According to the Verizon 2012 Data Breach Investigation Report , of the data breaches investigated in 2011, servers were among the primary target assets in 64 percent of investigations and those accounted for 94 percent of compromised records. Such incidents can cause expensive lawsuits and remediation, brand damage, business distraction, and customer attrition. By randomizing and splitting sensitive information into two servers, RSA Distributed Credential Protection helps eliminate a primary point of compromise representing a vulnerability for many portal operators today.

The company highlights these key benefits of the new solution:

  • Designed to reduce the risk of bulk credential data loss that so often results from “smash-and-grab” cyber attacks.
  • Engineered to eliminate the primary point of password server compromise by randomizing and splitting the credentials across two secure locations.
  • If one location is compromised, the stolen information is useless. Secrets can also then be re-randomized at the push of a button to render information stolen from the second location useless.
  • Secrets are compared cryptographically without reconstruction, eliminating the risk of an attacker grabbing them at reassembly.
  • Deployment is transparent to end users.
  • A number of deployment options are available, including splitting across different domains within an enterprise or splitting across an on-premise environment and one in the cloud.

The company says will show RSA Distributed Credential Protection at RSA Conference Europe 2012 in London.