Tokenisation: Reducing Data Security Risk
Tokenisation: Reducing DataSecurity RiskOWASP Meeting – September 3, 2009 2009 nuBridges, Inc. All rights reserved worldwide.
Agenda Business Drivers for Data ProtectionApproaches to Data SecurityTokenisation to reduce audit scope and lower riskExamples and Case StudiesQuestions 2009 nuBridges, Inc. All rights reserved worldwide.
International Data Security Mandates Countries United Kingdom – Companies BillData Protection ActEuropean Union – European Union Privacy Act (EUPA)Japan - Japanese Personal Information Act 2003 (JPIPA)Canada – Personal Information Protection and ElectronicDocuments Act (PIPEDA) Industries Payment Card Industry Data Security Standard (PCI DSS) Code of Practice on Data Protection for the Insurance Sector(UK) 2009 nuBridges, Inc. All rights reserved worldwide.
Many more if you do business in the U.S. Government Sarbanes Oxley ActGramm Leach Bliley BillHealthcare Insurance Portability & Accountability Act (HIPAA)Part 11 of the Title 21 Code of Federal RegulationsCalifornia State Bill 1386 Industry Payment Card Industry Data Security Standard (PCI DSS) Healthcare Insurance Portability & Accountability Act (HIPAA) Company Secure FTP - Bank of America, BankOne AS2 - Walmart, Food Lion, McKesson 2009 nuBridges, Inc. All4 rights reserved worldwide.
Data Security impacts a wide range of sensitive dataOther Personally Identifiable InformationPayment Card Industry DataSecurity Standard (PCI DSS)Credit / Debit Card NumbersPassport NumberDate/Place of BirthPostal or Email AddressTelephone Numbers (home/mobile)Mother's Maiden NameBiometric DataUnique Electronic Number, Address, or Routing CodeTelecommunication Id Information or Access DeviceLawsNational Insurance NumberSocial Security NumberDriver’s License NumberBank Account Numbersetc. 2009 nuBridges, Inc. All rights reserved worldwide.HealthcareMedical related information(Patient / Doctor, etc.)
Approaches to Data Security6 2009 nuBridges, Inc. All rights reserved worldwide.
Waves of Data Protection InvestmentFirst Wave: Secure the perimeter –keep the bad guys outSecond Wave: Encrypt laptops, tape drivesand mobile devicesThird Wave: Encrypt or tokenise specific datain databases and applications to neutralizebreaches; pay more attention to internal threats7 2009 nuBridges, Inc. All7rights reserved worldwide.
Trend in securing sensitive dataBoundary moving inwardto the data itself8 2009 nuBridges, Inc. All rights reserved worldwide.
PCI DSS Driving Best Practices 2009 nuBridges, Inc. All rights reserved worldwide.
PCI DSS 3.1 – Minimise cardholder data storage10 2009 nuBridges, Inc. All rights reserved worldwide.
PCI DSS 3.4 – Render PAN unreadableOptionsHashingTruncationTokensStrong cryptography11 2009 nuBridges, Inc. All rights reserved worldwide.
PCI DSS 3.5 – Minimize key locations12 2009 nuBridges, Inc. All rights reserved worldwide.
PCI DSS 3.6 – Rotate Keys Annuallyand secure the keys, know which keys areused for which data, run your business, .13 2009 nuBridges, Inc. All rights reserved worldwide.
Challenges of PCI DSS Compliance Store Card Holder Data (CHD) in fewest number ofplaces Protect CHD wherever it is stored Store cryptographic keys in fewest number of places Rotate cryptographic keys at least annually14 2009 nuBridges, Inc. All rights reserved worldwide.
Tokenisation to reduce audit scopeand lower risk 2009 nuBridges, Inc. All rights reserved worldwide.
What kind of token are we talking about? It’s not the same as the ‘token’ used for two-factorauthentication It’s not the ‘token’ used for lexical analysis in aprogramming language In data security, it’s a surrogate value which issubstituted for the actual data (e.g. credit card) whilethe actual data is encrypted and stored elsewhere. 2009 nuBridges, Inc. All rights reserved worldwide.
Tokens act as data surrogates Tokens maintain the length and format of the originaldata After tokenisation - tokens now reside where sensitivedata previously resided in the application infrastructure Input: sensitive data Input: tokenOutput: tokenOutput: sensitive data Limits or eliminates modifications to applications.17 2009 nuBridges, Inc. All rights reserved worldwide.
Format Preserving TokenisationTokens can be formatted to: Preserve the format (length and data type), and leading/trailing3752 5712 2501 3125Original data3752 0000 0010 3125headbodytail Preserve length but not data type, and leading/trailing3752 5712 2501 3125Original data3752 X4mb AdLQ 3125headbodytail Mask a portion of the token when a full value is not neededor desirable (can’t be subsequently translated back)3752 5712 2501 3125Original data3752 **** **** 3125headbodytail Tokens generally maintain the length and format of the original data sothat applications require little or no modification.18 2009 nuBridges, Inc. All rights reserved worldwide.
Centralised Data Vault Protected Data Vault wheresensitive data is encryptedand stored Reduces the footprint wheresensitive data is located Eliminates points of risk Simplifies security management19 2009 nuBridges, Inc. All rights reserved worldwide.
Tokenisation ModelPointof SalePointof SalePointof cesBackupBackupBackupTokensKeysCiphertext 2009 nuBridges, Inc. All rights reserved iphertextin data vault
Tokens are surrogates for masked data Formatted tokens can be used wherever masked credit cardinformation is requiredUSING CREDIT CARD NUMBER3752 5712 2501 3125USING TOKEN3752 0000 0010 3125Determines card type –standard, private label,gift cardLast 4 digits retainconfirmation info Therefore wherever tokenised data suffices, risk is reduced21 2009 nuBridges, Inc. All rights reserved worldwide.
1:1 Token / Data Relationship Same token value is consistent for same data across entireenterprise; maintains referential integrity across applications Data analysis can be performed using token –e.g. data warehouseBefore using credit card number22After using tokenTransaction: 1CC#: 3752 5712 2501 3125Item: PaperItem: StaplerItem: StaplesTransaction: 1CC#: 3716 0000 0010 3125Item: PaperItem: StaplerItem: StaplesTransaction: 2CC#: 3752 5712 2501 3125Item: PaperItem: NotebookItem: StaplesTransaction: 2CC#: 3716 0000 0010 3125Item: PaperItem: NotebookItem: Staples 2009 nuBridges, Inc. All rights reserved worldwide.
Tokens Not Derived from Data Original data values cannot bemathematically derived from tokens Tokens can be safely passed to databases,applications, mobile devices, etc. Token has no intrinsic value Solves the age-old problem of data fordevelopment and testing – it can be thesame as production!23 2009 nuBridges, Inc. All rights reserved worldwide.
Test systems use ‘production tokens’Production HRSystemGermanyOutsourcedDevelopmentIndiaHR SystemHR SystemProductionData VaultMaskedData VaultTokens Ciphertext24 2009 nuBridges, Inc. All rights reserved worldwide.
Centralised Key Management Control over who accessessensitive data Rotate keys without having todecrypt and re-encrypt old data,and no system downtime Keys are distributed to tokenserver, not throughout enterprise25 2009 nuBridges, Inc. All rights reserved worldwide.
Examples and Case Studies26 2009 nuBridges, Inc. All rights reserved worldwide.
Tokenisation ModelPointof SalePointof SalePointof cesBackupBackupBackupTokensKeysCiphertext 2009 nuBridges, Inc. All rights reserved iphertextin data vault
Localised Encryption ModelPointof SalePointof SalePointof sBackupBackupBackupKey and Ciphertext 2009 nuBridges, Inc. All rights reserved ipManagement
Hybrid Model – Tokenization and Localised EncryptionHybrid architecture includes bothCentral and Local protectionmechanisms working with thesame Enterprise Key ManagementDatabase Level Encryption& TokenisationApplication Level EncryptionCentral TokenisationTokensKeysCipher text 2009 nuBridges, Inc. All rights reserved worldwide.
Before: Order Flow without Tokenisation3752 5712 2501 31253752 5712 2501 31253752 5712 2501 312580 systems inPCI DSS scopeOrder Processing3752 5712 2501 31253752 5712 2501 3125 2009 nuBridges, Inc. All rights reserved worldwide.3752 5712 2501 3125
After: Order Flow with Tokenisation3752 5712 2501 3125Out of Scope 2009 nuBridges, Inc. All rights reserved worldwide.Credit CardEntry Hub
Case Study 2: Order Flow with Tokenisation37523752 5712 2501 31253752 5712 2501 31255712250131253752 5712 250131253752 5712 2501 3125nuBridges Protect 2009 nuBridges, Inc. All rights reserved worldwide.
Thank you!Questions?For more information, visit:http://nubridges.com/resource-center/White Paper: Best Practices in Data Protection:Encryption, Key Management and Tokenization 2009 nuBridges, Inc. All rights reserved worldwide.
Item: Paper Item: Stapler Item: Staples Transaction: 2 CC#: 3752 5712 2501 3125 Item: Paper Item: Notebook Item: Staples Transaction: 1 CC#: 3716 0000 0010 3125 Item: Paper Item: Stapler Item: Staples Transaction: 2 CC#: 3716 0000 0010 3125 Item: Paper Item: Notebook Item: Staples Before us
Risk Matrix 15 Risk Assessment Feature 32 Customize the Risk Matrix 34 Chapter 5: Reference 43 General Reference 44 Family Field Descriptions 60 ii Risk Matrix. Chapter 1: Overview1. Overview of the Risk Matrix Module2. Chapter 2: Risk and Risk Assessment3. About Risk and Risk Assessment4. Specify Risk Values to Determine an Overall Risk Rank5
Resourcing security risk management 13 2. Developing a framework 14 3. Governance and accountability 17 Creating an effective security risk management structure 17 4. Policy and principles 21 Developing a security policy 22 Establishing security requirements 24 5. Operations and programmes 25 Security risk assessments 28 Security plans 30
Risk is the effect of uncertainty on objectives (e.g. the objectives of an event). Risk management Risk management is the process of identifying hazards and controlling risks. The risk management process involves four main steps: 1. risk assessment; 2. risk control and risk rating; 3. risk transfer; and 4. risk review. Risk assessment
81. Risk Identification, page 29 82. Risk Indicator*, page 30 83. Risk Management Ω, pages 30 84. Risk Management Alternatives Development, page 30 85. Risk Management Cycle, page 30 86. Risk Management Methodology Ω, page 30 87. Risk Management Plan, page 30 88. Risk Management Strategy, pages 31 89. Risk
1.5 Tactical Risk Decisions and Crisis Management 16 1.5.1 Risk preparation 17 1.5.2 Risk discovery 17 1.5.3 Risk recovery 18 1.6 Strategic Risk Mitigation 19 1.6.1 The value-maximizing level of risk mitigation (risk-neutral) 19 1.6.2 Strategic risk-return trade-o s for risk-averse managers 20 1.6.3 P
Depositary Receipts (ADRs, EDRs and GDRs) Derivatives XX X Hedging XX X Speculation XX X Risk Factors in Derivatives XX X Correlation Risk X X X Counterparty Risk X X X Credit Risk XX X Currency Risk Illiquidity Risk X X X Leverage Risk X X X Market Risk X X X Valuation Risk X X X Volatility Risk X X X Futures XX X Swap Agreements XX X
Risk analysis Process to comprehend the nature of risk and to determine the level of risk Risk appetite Amount and type of risk that the organization is prepared to take in order to achieve its objectives. Risk assessment Overall process of risk identification , risk analysis and risk eva
A. Thomas Perhacs is the author, creator, and visionary behind the Mind Force Method. He is also the President of Velocity Group Publishing and Director of The
