«Version 1.0 Released: September 13, 2012 Securosis, L.L.C. Securosis, L.L.C. Author’s Note The content in this report was ...»
Pragmatic Key Management for
Released: September 13, 2012
Securosis, L.L.C. http://securosis.com
The content in this report was developed independently of any sponsors. It is based on material originally posted on the
Securosis blog but has been enhanced and professionally edited.
Special thanks to Chris Pepper for editing and content support.
Licensed by Thales e-Security
Thales e-Security is a leading global provider of data protection solutions – delivering high assurance data encryption and key management solutions to the ﬁnancial services, manufacturing, government, retail, healthcare, and technology sectors. The company has a 40-year track record of protecting sensitive corporate and government information across a wide range of technology areas including PKI, credential management, payment processing, network encryption, and many more. Thales e-Security solutions reduce the cost and complexity associated with the use of cryptography in today’s traditional, virtualized, and cloud-based infrastructures, helping organizations reduce risk, demonstrate compliance, enhance agility, and pursue strategic goals with greater conﬁdence. The company is represented in over 90 countries around the world. For more information, visit www.thales-esecurity.com. Copyright This report is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 license.
http://creativecommons.org/licenses/by-nc-nd/3.0/us/ Pragmatic Key Management for Data Encryption Securosis, L.L.C.
Table of Contents Introduction 2 The historic pain of key management Why key management isn’t as hard as you think it is The new business drivers for encryption and key management Key management isn’t just about data encryption (but that’s our focus here) Understanding Data Encryption Systems 5 The three components of a data encryption system Building a data encryption system The Four Key Management Strategies 8 The diﬀerences between key management and encryption operations Local key management Application stack key management Silo key management Enterprise key management Choosing Your Key Management Strategy 12 Who We Are 15 About the Author About Securosis Pragmatic Key Management for Data Encryption 1 Securosis, L.L.C.
Introduction Few terms strike as much dread in the hearts of security professionals as key management. Those two simple words evoke painful memories of massive PKI failures, with millions spent to send encrypted email to the person in the adjacent cube. Or perhaps it recalls the head-splitting migraine you got when assigned to reconcile incompatible proprietary implementations of a single encryption standard. Or memories of half-baked product implementations that worked ﬁne in isolation on a single system, but were effectively impossible to manage at scale. And by scale, I mean “more than one”.
Over the years key management has mostly been a difﬁcult and complex process. This has been aggravated by the recent resurgence in data encryption – driven by regulatory compliance, cloud computing, mobility, and fundamental security needs.
Fortunately, encryption today is not the encryption of yesteryear. New techniques and tools remove much of the historical pain of key management – while also supporting new and innovative uses.
We also see a change in how organizations approach key management – a move toward practical and lightweight solutions.
In this paper we will explore the latest approaches for pragmatic key management. We will start with the fundamentals of crypto systems rather than encryption algorithms, what they mean for enterprise deployment, and how to select a strategy that suits your particular project requirements.
The historic pain of key management Technically there is no reason key management needs to be as hard as it has been. A key is little more than a blob of text to store and exchange as needed. The problem is that everyone implements their own methods of storing, using, and exchanging keys. No two systems worked exactly alike, and many encryption implementations and products didn’t include the features needed to use encryption in the real world – and still don’t.
Many products with encryption features supported only their own proprietary key management – which often failed to meet enterprise requirements in key management lifecycle areas such as key generation, rotation, storage, backup, and destruction or important security and compliance needs like separation of duties and reporting. Encryption is featured in many different types of products but developers who plug an encryption library into an existing tool have (historically) rarely had enough experience in key management to produce reﬁned, easy to use, and effective systems.
On the other hand, some security professionals remember early failed PKI deployments that cost millions and provided little value. This was at the opposite end of the spectrum – key management deployed for its own sake, without thought given to how the keys and certiﬁcates would be used or even what they would be protecting.
Pragmatic Key Management for Encryption 2 Securosis, L.L.C.
Why key management isn’t as hard as you think it is As with most technologies, key management has advanced signiﬁcantly since those days. Current tools and strategies offer a spectrum of possibilities, all far better standardized and with much more robust management capabilities.
We no longer have to deploy key management with an all-or-nothing approach, either relying completely on local management or on an enterprise-wide deployment. Increased standardization (potentially powered in part by KMIP, the Key Management Interoperability Protocol) and improved, enterprise-class key management tools make it much easier to ﬁt deployments to requirements.
Products that implement data encryption now tend to include better management features, with increased support for external key management systems when those features are insufﬁcient. We now have smoother migration paths which support a much broader range of scenarios.
I am not saying life is now perfect. There are plenty of products that still rely on poorly implemented key management and don’t support standards or other ways of integrating with external key managers, but fortunately they are slowly dying off or being ﬁxed due to constant customer pressure. Additionally, dedicated key managers often support a range of nonstandards-based integration options for those laggards.
It isn’t always great, but it is much easier to mange keys now than even a few years ago.
The new business drivers for encryption and key management These advances are driven by increasing customer use of, and demand for, data encryption. We can trace this back to 3
More enforcement of more regulations, increasing use of outsiders to manage our data, and increasing awareness of data loss problems, are all combining to produce the greatest growth the encryption market has seen in a long time.
Key management isn’t just about data encryption (but that’s our focus here) Before we delve into how to manage keys, it is important to remember that cryptographic keys are used for more than just encryption, and that there are many different kinds of encryption.
Our focus in this report is on data encryption – not digital signing, authentication, identity veriﬁcation, or other crypto operations (although many of these issues apply to any implementation of key management). We will not spend much time on digital certiﬁcates, certiﬁcate authorities, or other signature-based operations. Instead we will focus on data encryption, which is only one area of cryptography.
Much of what we see is as much a philosophical change as improvement in particular tools or techniques. I have long been bothered by people’s tendency to either indulge in encryption idealism at one end, and or dive into low-level details that don’t practically affect security at the other end – both reinforced by our ﬁeld’s long-running ties to cryptography. But with the new pressures to encrypt more information in more places (while keeping auditors happy), we are ﬁnally seeing much more focus on pragmatic implementation.
Next we will cover the major components of an encryption system, and how they affect key management options. We will follow up with the four major key management strategies, and suggestions for how to pick the right one for your requirements.
Understanding Data Encryption Systems One of the common problems in working with encryption is getting caught up with the intimate details of things like encryption algorithms, key lengths, cipher modes, and other minutiae. Not that these details aren’t important – depending on what you’re doing they might be critical – but in the larger scheme of things these aren’t the aspects most likely to trip up your implementation. Before we get into different key management strategies, let’s take a moment to look at crypto systems at the macro level. We will stick to data encryption for this paper, but these principles apply to other types of cryptosystems as well.
The three components of a data encryption system
Three major components deﬁne the overall structure of an encryption system:
In a basic encryption system all three components are likely located on the same system. Take personal full disk encryption (the default you might use on your home Windows PC or Mac) – the encryption key, data, and engine are all kept and run on the same hardware. Lose that hardware and you lose the key and data – and the engine, but that isn’t normally relevant.
But once we get into SMB and the enterprise we tend to split out the components for security, management, reliability, and compliance.
Building a data encryption system Where you place these components deﬁnes the structure, security, and manageability of your encryption system. Here
are a few common examples:
Full Disk Encryption Our full disk encryption example above isn’t the sort of approach you would want to take for an organization of any size greater than 1. All major FDE systems do a good job of protecting the key if the device is lost, so we aren’t worried about
security too much from that perspective, but managing the key on the local system means the system is much less manageable and reliable than if all the FDE keys are stored together.
Enterprise-class FDE manages the keys centrally – even if they are also stored locally – to enable a host of more advanced functions; including better recovery options, audit and compliance, and the ability to manage hundreds of thousands of systems.
Database encryption Let’s consider another example: database encryption. By default, all database management systems (DBMS) that support encryption do so with the data, the key, and the encryption engine all within the DBMS. But you can mix and match those components to satisfy different requirements.
The most common alternative is to pull the key out of the DBMS and store it in an external key manager or HSM (Hardware Security Module). This can protect the key from compromise of the DBMS itself, and increases separation of duties and security. It also reduces the likelihood of lost keys and enables extensive management capabilities – including easier key rotation, expiration, and auditing.
But the key could be exposed to someone on the DBMS host itself because it must be stored in memory before it can be used to encrypt or decrypt. One way to protect against this is to pull both the encryption engine and key out of the DBMS. This could be handled through an external proxy, but more often custom code is developed to send the data to an external encryption server or appliance. Of course this adds complexity and latency.
Backup and storage encryption Many backup systems today include some sort of an encryption option, but the implementations typically offer only the most basic key management. Backup up in one location and restoring in another may be a difﬁcult prospect if the key is stored only in the backup system.