Blueprint For an Electronic Citadel

Security and encryption expert Mark Merkow discusses a new method for providing a stronger defense against attacks on your sensitive e-business data by building an electronic fortress.
This spring, the e-business division of the Software and Information Industry Association (SIIA) released a white paper that explores a new method of protecting consumer data and outlines more than a dozen different data security threats facing e-business.

The 27-page white paper, An Electronic Citadel: A Method for Securing Credit Card and Private Consumer Data in e-Business Sites, focuses on the architecture, processes, and benefits of the citadel method to protect consumer and sensitive e-business data.

The paper was written by Tom Arnold, chief technology officer of Cybersource Inc. and chairperson of the Technology Working Group.

The intended readers and users of the paper include security experts, chief information officers, chief technology officers, and a broad range of systems-related personnel from administrators to information systems architects. The paper stresses the need to consider information security as a multi-faceted system of interacting components rather than single-point solutions that can't offer the needed protections for sensitive consumer and corporate information.

The citadel analogy is used to describe a method for securing Web site data that's in direct contrast to the eggshell model for security, where users install a hard outer shell but leave everything soft and squishy on the inside.

A citadel, as the paper describes, was the first use of the "defense in depth" principle. Citadel defenses in the 18th and 19th centuries were based on geometrical shapes and angles that enabled multiple fields of musket firing to cover all approaches to the innermost stone fortress.

"The future of electronic commerce largely rests in the ability of companies to secure consumer and corporate data," said Fred Hoch, director of the e-business division of SIIA. "The citadel method is a new and extremely strong method of protecting data."

The paper's method and system builds in new layers of defense behind the hard outer shell of firewalls and router protections in e-commerce sites. The following recommended precautions (countermeasures) and practices that supplement the Electronic Citadel include:

    1. Approach security as a system and associated processes.
    2. Establish appropriate security policies.
    3. Implement a "layered" security model using "defense in depth" principles.
    4. Use secure message digests to assure the integrity of sensitive data, such as credit card numbers.
    5. Use advanced encryption (e.g., 3DES with at least double-length keys) to protect sensitive data like credit card numbers.
    6. Properly manage encryption keys using either a hardware device or secure key storage system (like the Electronic Citadel) to store encryption keys. Rotate the keys frequently and provide the physical and logical controls over who can access these keys.
    7. Destroy data when it is no longer needed for processing or needed for compliance with archiving regulations.
    8. Look for new security developments and best-practices in techniques.
    9. Subscribe to information services and react to new developments as possible and appropriate to your systems.
    10. Monitor security compliance against security policy for both internal employees and external users, and report exceptions to senior executives of your company.

With these measures in place, the Electronic Citadel system provides another barrier to attacks, using advanced cryptography and effective cryptographic key management practices. The Electronic Citadel model for both the methods and system specifications for managing cryptographic keys enables the secure storage of sensitive data that can always be validated, but places limits on the retrieval of data to a specific lifetime.

The white paper then goes on to describe key processing steps that can take advantage of the system to build in the needed degrees of trust demanded by e-commerce. Processing steps defined include:

  • Key generation
  • Key recovery
  • Selling process protections
  • Refund process protections
  • Capture process protections

Cybersource's Arnold hopes that a lively comment period on the paper completes with a reference implementation as a utility class library that anyone may use. It's his intent that his contribution remains in the public domain for good of the Internet and e-business community.

Click here to download your own copy of the Electronic Citadel White Paper.

Mark Merkow writes for, an site, where this story first appeared.

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.