FOR

VME2000 is a suite designed to secure data (primarily at desktop level), featuring a technology that Meganet calls virtual matrix encryption (VME). Meganet has in the past few years set challenges to all who would seek to break VME and interpret a hidden message. To date VME has remained secure in the face of the hackers.

The product sits typically on a desktop PC as modules running on a Windows platform - Windows 95 (second), Windows 98, NT, ME and 2000 are all capable of supporting VME2000. Through encryption services this suite protects data at an individual station from unintentional disclosure to others through theft or hacking. It is aimed to provide local physical security just as encryption on the 'Net provides security during transmission. It is entirely apart from any other security measures such as firewalls, and can be made to all intents seamless with normal local operation.

VME centers on a symmetric encryption algorithm with ten keys. Its central key is a full million bits long, and expert testimonials proclaim that to break the code would be daunting indeed. In fact the innovative method employed encrypts not the data being subjected to the algorithm but pointers to portions of the data. Even if all the keys are compromised, the data is still unavailable in clear text. The principal key (the one as long as one million bits) is not held alongside the encrypted document, but re-created when decryption is desired.

A virtual matrix, infinite in extent, is the resource by which encryption is performed. All possible characters are in the matrix, each in an infinite number of positions. A character is encrypted first by finding any one of its infinite instances within the matrix, and substituting this 'pointer' for the character within encrypted text. Even with the same matrix and all the same keys, identical characters may be substituted with different pointers. VME2000 employs other standard engines such as 40-bit, DES and triple-DES.

VME2000 consists of several independent modules. CipherLock (now available on Windows NT or 2000) offers strong access control and transparent immediate encryption. Users of a system may be equipped with tokens (typically USB tokens, or smartcards) that combine user identification with a secure password (encrypted within the system). Programs, database access or resource use can be restricted to authorized users who supply their token. Alternatively a user ID and password may be submitted when access is challenged. IDs and relevant passwords (securely encrypted) are stored in a database, for which an editor is supplied. Thus the administrator can quickly modify access rights related to each user.

Alongside this main function, temporary files and other components are 'shredded' to safeguard the system against aggressive hacking or sniffing. For controlled corporate environments' token-related passwords (though not for VME itself) there is a token/key recovery mechanism. With CipherLock in force, users need not fear that their computer may be used to compromise data security; when they leave the machine, any subsequent user is challenged anew. Folders may be nominated for automatic ('on-the-fly') treatment. In such folders all files will be kept encrypted. When any of these files is used (for example loaded into Word, or printed) it is decrypted for that purpose. Files copied into such folders are automatically encrypted in the process, and files within the folders are automatically decrypted as they are copied to elsewhere.

CipherFile is a component of VME2000 that encrypts (via VME or other user selected engines) selected files or whole folders (directories). A password is required that must be identical for encryption and decryption. Passwords are stored (themselves encrypted) and maintained in a 'keybook,' and a Manager routine is supplied to add, delete or change entries in the keybook. CipherFile also allows users to create self-decrypting files that may be sent to others who do not have VME2000.

CipherText is a wonderfully simple routine that enables the secure encryption of parts of a document. The user can move the mouse to specify the limits of encryption, and then a simple 'CTRL-CC' will take the selected text and encrypt it with a prearranged key. Note that if this document is exported to another person or machine, or sent as email, the recipient will need to know the password originally used to encrypt those portions of the data. A small executable file is supplied that may be distributed freely to any recipients of email in which VME2000 encryption is deployed. This will permit the recipient of a partially-encrypted document to deal with the email, but only when the same password is used. It should be noted that CipherText is aware of .RTF (rich text format), and will encrypt only the actual text within the .RTF document, leaving the control sequences unaltered. The net effect is that before decryption, displaying the .RTF will demonstrate its format (including color and font) correctly. (There is a problem with tables in encrypted .RTF files: it is advisable to encrypt the whole of a table rather than one or more entries within the table.)

VME2000 is direct to install, makes economic use of disk space, and will be up and running on a station readily. It makes intelligent use of Windows features, and optional encryption components may be activated simply by clicking on a distinctive symbol in the Windows tray. On-demand encryption or file-shredding may also be activated by clicking on the file or folder.

The encryption algorithm is, by all accounts, unparalleled in power. The integration of VME2000 into the Windows environment is thorough and well planned. The documentation supplied (a little wire-bound manual) is peerless. The installation process is easy, quick and painless. However, it must be noted that this sort of encryption suite, consisting of many parts and affecting many quite distinct operations, requires the intelligent attention of users. A training regime for all users is a must - but the rewards in terms of added security are great.

SC On-Line
SC Magazine
www.scmagazine.com