A digital distributed escrow, what for ?

Business assets and the value of organizations are more and more unmaterial and digital. The only true way to protect these assets is to use encryption.

In this case, between the data and the organization, there is an intermediary that is both technical (the encryption key) and human (the passphrase that unlocks the key).

The purpose of our LEMS distributed digital sequestration system is to allow the protection of the key and / or the password in order to have a recovery procedure if necessary.

Digital distributed security

Distributed digital security has three distinct aspects:

  • To ensure security by requiring certain operations to be carried out by several persons. It is the principle of a safe with 10 locks that can only be opened with any 3 keys on the 10.
  • Providing an environment with guaranteed security properties for collaboration.
  • Increase the safety of all by pooling individual choices related to security.

Digital distribued escrow LEMS

The answer of organizations to cryptographic risk

Data protection = encryption

Cryptographic technologies are the only ones that guarantee the security of information in an organization. However, the diffusion of these technologies are rather slow in organizations : difficulty to use, to set up and to daily manage as well as the cryptographic risk explain this slow diffusion.

The cryptographic risk is the fact that losing few bytes (for instance the passphrase) is enough to lose access to the whole encrypted information. This risk is acceptable individually, but not at all for an organization.

Our solution

The escrow system of Lybero.net allows anyone to store a secret (file or text) on the escrow server. The secret is then encrypted. To gain access to secret, a quorum of secret administrators must allow it together. The secret then becomes accessible to the person asking for it.

User documentation

5 good reasons to use LEMS

Simple

An anonymous storage of a secret is possible. No account or password are required. 40 seconds is enough.

Secure

The java application is signed. The encryptions used are 2048 bits Elgamal and AES 256.

Scale up

Thanks to the quorum principle, there is no single point of failure.

Regulation

RGS V2.0, Annex A2, Section IV.12: Key Receipt and Recovery. LEMS is the solution to meet RGS key escrow requirements.

Innovative

The LEMS architecture is patented. The algorithms used come from proved digital vote software.

Scenario of use

In details

  • Bertrand stores a secret

    Bertrand is the expert of a specific financial application. He only accesses the server with the application via a vpn. The application is very complexe.

  • Bertrand has an accident

    Bertrand is run over by a car while riding a bicycle. He remains unconscious for 2 weeks.

  • Replacement of Bertrand and recovery of secret

    Joel must replace Bertrand during his abscence. After taking over the application that Bertrand maintains, he asks the security administrators to kindly provide him with the access key via VPN and the password. Secret Administrators then initiate the recovery process. Bertrand gets the PKCS12 certificate as well as the password after approval of a quorum of the secret administrators.