Cross Domain Information Sharing and Redaction through Encryption
Lenexa, KS (PRWEB) October 22, 2008
ERUCES' Vice President of Global Security Solutions & Sales, Jon-Michael C. Brook, will present at the 2008 Federal Information Assurance Conference (FIAC) in January. Giving a talk entitled "Cross Domain Information Sharing and Redaction through Encryption" Mr. Brook will discuss how encryption may be used to compartmentalize information, share that information with lower domains when appropriate and even variably replace sensitive data on the fly.
"Currently, organizations within the federal, intelligence, and law enforcement communities have difficulties controlling the dissemination of data," said Mr. Brook. "We always hear 'It's all or nothing.' We feel encryption coupled with XML controls might be a good manner for restricting Cross Domain Solutions. Most people think of encryption as making information unreadable, but with some special encryption key server techniques, you can use cryptography as a parsing mechanism. At the same time, our Hidden Link allows pseudonymization which may be used for automated redaction."
A Cross Domain Solution allows controlled information flows from a classified environment to an environment with a lower sensitivity level. Maintaining the information flows is the critical problem. One method for defining information which may be transferred downward involves using XML.
XML controls such as tagging refer to the process of marking information with meta-data, or data about data. If you think in terms of a grocery store, each of the different stickers on a box of Wheaties could be characterized as meta-data. Companies utilize each of the stickers to divide information for the consumer, for the stocking shelf, for the checkout counter, etc… The circle around nutritional information really doesn't apply to the person scanning the bar code.
This same idea may be applied in a Cross Domain Solution to a terrorist warning. Some XML stickers show information destined for the state and local government, some for the FBI, and others still for the TSA. By encrypting the different XML marked pieces, only people within the appropriate group may read their part of the warning. The TSA might need access to the same info as the Law Enforcement Community, but not the warrant/search and seizure information that the FBI is looking for.
"We originally saw pseudonymization through encryption as very applicable in the research and medical communities," said Dr. Bassam Khulusi, President and CEO of ERUCES. "As we became more involved in the Federal market space, our customers recognized this technology could be used in CDS environments."
"Pseudonymization will be the next hot topic in data mining, and it's all predicated on the ERUCES' Hidden Link" according to Mr. Augie Vasic, Vice President of Software Development. "In multi-domain scenarios such as CDS, the techniques allow/disallow data searches and document references that something else exists. From that existence, a user may pursue the appropriate channels to reveal the hidden data, whether that be a trusted third party such as the Justice Department, or an entity within the higher level domains."
According to the FIAC's website, "For the past seven years the FIAC Conference has brought together the leading advocates for Information Assurance within the Federal Government, Industry, and Academia. In this our eighth year we intend to continue this trend while providing a venue which will be more accessible…" with a more centrally located venue.
ERUCES is redefining cryptographic security, providing encryption key server management and key distribution products that protect Databases, Workstations, Servers, Web Services/Application Servers and third-party applications. ERUCES Tricryption software utilizes standard encryption algorithms implemented in validated cryptographic modules. ERUCES is a privately held software company headquartered in Kansas City with offices in Tampa, Orlando, and Columbia, MD. For further information on ERUCES, visit http://www.eruces.com.