Reference: ppnPRO and the related patent-pending technology, ppn Technology™ are the fundamental element of the PIN-SECURE two factor authentication system.  The following is a report on an independent review and analysis of the security of ppn Technology.

 

An Analysis of the Security Properties of the ppnPRO Software Suite of ACAP Security

 

Michael T. Goodrich, PhD

 

This white paper reports on a security analysis that I have performed on the ppnPRO software suite, evaluating it according to a set of specific security criteria, to the best of my professional judgment. 

 

Executive Summary

 

The ppnPRO software suite is a system for authenticated users to securely communicate and share documents.    Documents and messages are transmitted (for both uploading and downloading) in encrypted form using dynamically-generated session keys.  These session keys are different each time a user accesses the system, and can even be changed by the user with a simple menu selection. Documents are organized into folders owned by user groups and are stored in encrypted form using server keys.  Server keys are stored only in resident code, not on the server’s disk. The server decrypts documents for a user only if that user is authenticated to the system and a member of the group the document is stored under.

A typical usage scenario involves a user downloading the ppnPRO client software and setting up his/her account userid and password.  This initial communication is secured using the SSL protocol and is performed using an Internet browser interface.  Once authorized by the system, the user then can use this secure browser connection to download the ppnPRO client and setup any new groups that he/she wishes to create. Groups are identified by alphanumeric names and the administrator for a group has the ability to add and remove users for that group arbitrarily.  From this point on, all communication with the system is performed through the client software.  Upon invoking the client program, the user is prompted for his/her userid and password, the name of a ppnPRO server and a group on that server (to which the user belongs), after which the user clicks a simple “CONNECT” button to connect to that group on the requested ppnPRO server.  Once authenticated, the user can securely upload any document to the requested group, download any document stored in a folder owned by the group, leave a message for another user in the group, or initiate a secure chat window with another group member currently accessing the server.  The ACAP Security documentation identifies several applications of such usage scenarios, including communications of sensitive information in healthcare, business, and real estate transactions.

To the best of my professional judgment, I have determined that the ppnPRO software provides a secure solution to the problem of confidential communication and document sharing without a priori secret key distribution.  Its security is derived from the ability of users to confidentially define their own userids (user names), passwords, and group names, as well as allowing for group administrators to determine which users belong to a particular group.

 

Security Claims

 

In the remainder of this white paper, I report on my evaluation of the ppnPRO software suite according to an extensive set of security claims.  For each claim, I report on my assessment of how well the ppnPRO product achieves that claim, to the best of my professional judgment.

 

The Cryptographic System

 

  1. U.S. Government Approved and Authorized encryption algorithm. The encryption algorithm used by ppnPRO is the Advanced Encryption Standard (AES) algorithm.  This algorithm is the recent encryption standard approved by the National Institute of Standards and Technology (see http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf) .  It is considered to be one of the strongest symmetric encryption schemes in wide use.  It is a block encryption scheme, whereby a file is divided into consecutive blocks of 16 bytes (128 bits) each and these blocks is encrypted/decrypted using a key consisting of 128, 196, or 256 bits (with 256-bit keys being the strongest).
  2. No “Backdoor” access to the encryption algorithm. A “Backdoor” access to an encryption algorithm would consist of a special key or pass-phrase that would reveal the secret key(s) used by the encryption algorithm.  I found no backdoor accesses in the ppnPRO suite.
  3. Communications encryption with AES with 256-bit encryption keys. Communications between the client and the server are encrypted using the AES algorithm in Electronic Code Book (ECB) mode, whereby each block is encrypted independently using a shared session key, which is determined dynamically.
  4. Complies with FIPS 197, Advanced Encryption Standard (AES).  The encryption algorithm used by ppnPRO is indeed the AES algorithm.
  5. Encrypted data files and messages stored in encrypted form on secure servers (ppnVault) with hot backup. The data files are stored encrypted by the AES algorithm using one of several different 256 keys known only to the server. These keys are “hardcoded” into the ppnPRO software, are stored in its resident memory, and need not be stored on the same disk as user data.
  6. Separate AES 256-bit key issued for each ppnPRO user. The client software generates a new AES 256-bit key each time a user connects with the server. This key is used to encrypt the communications between the user and the client during this session.
  7. Dynamic AES key generation. User keys are generated dynamically; hence, each time a user connects with a ppnPRO server, he/she will be using a new 256-bit key for that session.
  8. Automatic AES re-keying using proprietary encryption management algorithm. The AES session key for a given client connection to the server is automatically changed after a given amount of time has passed.
  9. Manual over ride to immediately, upon-demand initiate AES re-keying. Users have the ability to generate a new 256-bit session key for communicating with the server, using a simple click on a “Change AES Key” item on a drop-down menu.
  10. User access password encrypted using SHA cryptographic hash function. User access passwords are not stored in plaintext, that is, they are not stored directly. Instead, the system computes a transformation on the password, using the SHA cryptographic hash function, and the result of this transformation is stored.  It is generally believed that, while the SHA function is easy to compute, it is computationally infeasible to determine an input for the SHA function that would result in a given output.  This property is referred to as SHA being a one-way function.
  11. Complies with FIPS 180-2, Secure Hash Standard (SHS) (SHA). The hash function used by ppnPRO to mask passwords is the SHS algorithm, which is also known as SHA. See http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf.
  12. Group access password masked using SHA. As with user passwords, group access passwords are masked using the SHA cryptographic hash function.
  13. No use of any Internet Browser in any ppnPRO data file, chat or message transfer operations. An Internet Browser is used in the ppnPRO system only for downloading the client software, setting up a userid and password, and administering groups.  The data file, chat, and message transfer tasks are done exclusively with the ppnPRO client software, with communications performed in an encrypted form. Thus, the data file, chat, and message transfer operations in ppnPRO client software are not subject to any security weaknesses that might exist in an Internet Browser.
  14. No use of the world wide web (www) in any ppnPRO data file, chat or message transfer operations.  Since the ppnPRO client performs all data file, chat, and message transfer operations, no use is made of the world-wide web (HTTP) protocol or its associated ports. Thus, the data file, chat, and message transfer operations in ppnPRO client software are not subject to any security weaknesses that might exist in the HTTP protocol.
  15. No use of ftp services in any ppnPRO data file, chat or message transfer operations. Since the ppnPRO client performs all data file, chat, and message transfer operations, no use is made of the file-transfer protocol (FTP) or its associated ports. Thus, the data file, chat, and message transfer operations in ppnPRO client software are not subject to any security weaknesses that might exist in the FTP protocol.
  16. No use of any commercial e-mail services in any ppnPRO data file, chat or message transfer operations. Since the ppnPRO client performs all data file, chat, and message transfer operations, no use is made of the email (SMTP) protocol or its associated ports. Thus, the data file, chat, and message transfer operations in ppnPRO client software are not subject to any security weaknesses that might exist in the SMTP protocol.
  17. Web based account management and financial transactions associated with ppnPRO services processed using secure links with certificates. The group management process is maintained through an Internet Browser interface that is secured using the SSL protocol.  This is the same protocol that is typically used to secure online banking transactions and Internet credit-card purchases.
  18. The ppnPRO secure servers and backup servers (ppnVault) are operated with state-of-the-art security systems and procedures. The AES and SHS algorithms that form the cryptography core of the ppnPRO software suite are respectively the most-advanced encryption and cryptographic hash functions established as standards by the U.S. National Institute of Standards and Technology (NIST). These algorithms for the cryptographic core of the ppnPRO client and server (ppnVault) systems.
  19. Data files deposited on the servers (ppnVault) are encrypted in with AES 256-bit keys. Any data files deposited on a ppnPRO server (ppnVault) are encrypted using a 256-bit AES key that is stored only in the server’s resident (main) memory. ppnVault keys are not stored or distributed to any user, ppnPRO client, nor need they be stored on the ppnVault disk.

 

Access Authentication Mechanisms

 

  1. Group Participation Access: User Name and User Password is combined with Group Name to establish access rights. The ppnPRO client takes a user’s password, uses it as input to the SHA cryptographic hash function, and passes the output from this function to the ppnPRO server. The server authenticates users by comparing the hashed password with the stored hashed password associated with that user’s ID.  If they match, then the system checks to see if the user belongs to the requested group.  If the user is a member of the group then the user is given access rights to the group. Thus, the user name and user password is indeed combined with the group name to establish access rights.
  2. Group Management Access: User Name and User Password is combined with Group Name and Group Password to establish access rights. For a user to be given group management access, then in addition to providing the necessarily credentials for gaining group access (as described above in the previous paragraph), the user must also provide a group password, which is passed as input to the SHA cryptographic hash function and compared to a stored hash value for the password of the group.  If the hashed values match, then the user is given group management access rights.
  3. Account Management Access: User Name and User Password. A user provides credentials for account management access rights in much the same way as described in paragraph 1 above.
  4. Access to Group Data Files (Temporary Storage) at ppnVault: User Name and User Password combined with Group Name. Once a user is given access rights to a group, as described in paragraph 1 above, they have access rights to all the data files stored in that group’s folder at the ppnPRO server, that is, the ppnVault. Thus, user name and user password combined with a group name provide the credentials for gaining access to the group data files.

 

 

About the Author

 

Michael T. Goodrich earned his Ph.D. in computer science from Purdue University in 1987. He has published over 150 refereed papers in the areas of algorithm design and computer security. His research has been supported in part by the National Security Agency (NSA), the Defense Advanced Research Projects Agency (DARPA), and the National Science Foundation (NSF).  He is currently a Professor of Computer Science at the University of California, Irvine, where he has served since 2001. Prior to this, Dr. Goodrich was a Professor of Computer Science at Johns Hopkins University. For further information, including a C.V. containing a listing of all his publications, please visit http://www.ics.uci.edu/~goodrich/.