Network Computingwww.networkcomputing.com

Since one-time pad encryption uses random data instead of a small, known encryption key, TriStrata's solution relies on various pointers to locations in each client's block of random data (the encryption pad is shared among all clients). As a result, the strength of TriStrata's encryption is really based on the difficulty of guessing the correct pointers. The vendor claims that there are more possibilities than atoms in the earth, and that breaking its encryption by brute force would take time measured on a cosmic scale.

Since these pointers to blocks of random data on each client act as keys, they are the basis of TriStrata's key management system. Using a collapsed trust model, TESS serves as a nexus to security operations. Every encrypted object contains a server-encrypted seal, which contains the pointers used to encrypt it. To decrypt the object, an authenticated user presents credentials to TESS, along with the encrypted seal. TESS, in turn, determines whether or not to allow the operation, and if it does, it provides the client with the appropriate pointers, or keys.

Every time a client requests a permit to perform an encryption operation, it must contact TESS. While this places demands on TESS to be available constantly, it creates a true real-time policy-enforcement model. This introduces the issue of scalability. According to TriStrata, the actual server load from permit operations is very light. However, clients are configured to fall back on hot-spare servers if the primary TESS is unavailable or too busy to answer requests.

Since a client must contact the server every time it wants to decrypt a file, network stream or other data, the server constantly verifies the user's rights against various security policies. User revocation becomes a trivial matter, since there are no trusted certificates or tickets to be checked for revocation or expiration. Once an account is locked or removed, the server will deny any further operations. This methodology contrasts with those of most encryption systems, which store encryption and decryption keys locally on the workstation, smartcard or other user-controlled device.

Instead of managing complex access-control lists, TriStrata's security framework fosters multiple security contexts and levels of authority. Therefore, a user has a certain level of access in each context. For instance, a user with top-secret access in the marketing department can decrypt all marketing documents. But that same user may have confidential rights only in the engineering department and be able to decrypt objects at the confidential level or lower. Departments and access levels are created by the security officer, and users receive access rights when created. Likewise, users specify to what level and department, or to which user, an object belongs when it is encrypted.

Since TESS maintains all the keys to the kingdom, it can let any object be decrypted when authorized by a predefined number of security officers. Since there are no private encryption keys on the client side, an encrypted file is never lost unless the security server's data is lost. Because of this inherent key recovery, TriStrata's product is cleared by the federal government for unrestricted export.

Send your comments on this article to Dan Backman at dbackman@nwc.com.