Are you ensuring the security of your keys?Malicious attacks against computer systems and electronic theft of private information has skyrocketed. Data compromise and exposure hurts a company's brand leaving others wondering if they'll be next and how they can prevent such an event from happening in the first place. To provide protection from these attacks, most companies have secured their systems and network from outsiders, implementing perimeter-based security strategies with firewalls and virtual private networks (VPNs) to ensure that external users without proper authorization cannot access sensitive data. However, companies are now looking beyond traditional perimeter-based security methods to secure data and are focusing on securing the data residing on the storage within their organizations (data at rest) and data moving between their systems on the network and storage devices (data in flight). This is known as storage security. Typically, storage security includes three components: * Authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. * Access control * Encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. Authentication ensures that users and systems are who they say they are. Access control limits the ability of the user or system to access data. Encryption is the process of scrambling data to prevent unauthorized persons from reading it, and has two primary components: the encryption algorithm A formula used to turn ordinary data, or "plaintext," into a secret code known as "ciphertext." Each algorithm uses a string of bits known as a "key" to perform the calculations. The larger the key (the more bits), the greater the number of potential patterns can be created, thus making and the key. Many encryption algorithms are in use today. The National Institute of Standards and Technology National Institute of Standards and Technology, governmental agency within the U.S. Dept. of Commerce with the mission of "working with industry to develop and apply technology, measurements, and standards" in the national interest. (NIST (National Institute of Standards & Technology, Washington, DC, www.nist.gov) The standards-defining agency of the U.S. government, formerly the National Bureau of Standards. It is one of three agencies that fall under the Technology Administration (www.technology. ) selected the Advanced Encryption Standard (cryptography, algorithm) Advanced Encryption Standard - (AES) The NIST's replacement for the Data Encryption Standard (DES). The Rijndael /rayn-dahl/ symmetric block cipher, designed by Joan Daemen and Vincent Rijmen, was chosen by a NIST contest to be AES. (AES); however other cryptographic cryp·tog·ra·phy n. 1. The process or skill of communicating in or deciphering secret writings or ciphers. 2. Secret writing. cryp algorithms and standard test criteria have been established by NIST under the Federal Information Processing Standard Federal Information Processing Standards (FIPS) are publicly announced standards developed by the United States Federal government for use by all non-military government agencies and by government contractors. (FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. ). Once an encryption algorithm is selected, a key is generated based on the specific security requirements. To ensure that security is maintained for encryption operations, processes must be put into place that allow for complete control and security of the keys used to encrypt See encryption. and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. the data. Key management is the process used to provide this control. Key Management Systems Key management combines the devices, people, and operations required to create, maintain, and control keys. The system contains operational practices that must be implemented to make it work effectively. Security plays an important part of key management, in the form of access control and logging. Access control ensures who or what has access to which keys. By limiting access to keys, the organization limits its vulnerability to security risks. An effective key management system has role-based access control The identification, authentication and authorization of individuals based on their job titles within an organization. Contrast with mandatory access control and discretionary access control. See least privilege. to ensure a single user doesn't have rights to all keys. A secure audit log server logs every event on the key management system. Administrators should have limited access to this server, and should not delete a log without first archiving it using encryption, authentication, and a digital signature for the encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science file. Access to the server for viewing the logs should be limited to audit users only. The security of the key management system should be independently certified See certification. (e.g. FIPS 140-2 certification) to validate a vendor's claims. A higher level (e.g. Level 3) of certification requires more testing than lower levels. The operational aspect of any key management system is probably the most overlooked aspect of the system as a whole. Processes must be repeatable, replicable, and secure to meet the requirements of key management in today's organizations. Key Generation. Keys can be created using either manual or automatic generation. The less human intervention, the more secure the key. Unique keys generated on a per-use basis (e.g., a unique key generated for each tape) provide greater security than a single key generated to encrypt data on all tapes in the enterprise. An automated key generator A key generator is used in many cryptographic protocols to generate a sequence with many pseudo-random characteristics. This sequence is used as an encryption key at one end of communication, and as a decryption key at the other. can be a standalone stand·a·lone adj. Self-contained and usually independently operating: a standalone computer terminal. device or included in a piece of cryptographic equipment. An absolute requirement is that the generator must be contained in a secure hardware component, rather than in software running on an off-the-shelf system. Key Distribution. A key must be distributed to all systems that will encrypt and/or decrypt data. There are several options to performing this action. The preferred method is electronic key distribution. The second method is manual distribution via smartcards. When using manual key exchange methods, the recommended practice for keys used for data or keys that protect other keys is to use "split knowledge systems." These systems split the key into pieces among multiple individuals. No matter how a key is distributed, it should be encrypted at least once using a strong method or split into multiple shares using split knowledge trust. Key Archiving. When a key is distributed, best practices are to send the key directly to an archive and, therefore, a backup facility. The key user should forward it to the archive before using the key to encrypt data. Key archiving provides the ability to quickly recover a key using tamper-proof hardware to ensure key security. Key Sharing. In some cases keys need to be shared outside of an enterprise with business partners. For example, an organization which sends an encrypted tape to a supplier requires a mechanism to share the encryption key to read the tape. Re-keying in a Storage Environment. Re-keying is the operation where a new key is used to encrypt and decrypt data. If the system re-key was a result of potential exposure of the key or data, the old key should be marked for deletion deletion /de·le·tion/ (de-le´shun) in genetics, loss of genetic material from a chromosome. de·le·tion n. Loss, as from mutation, of one or more nucleotides from a chromosome. . There are situations where re-keying data at rest must be planned. One case is tape media, where re-keying should be planned when media are rotated rotated turned around; pivoted. rotated tibia see rotated tibia. due to age. Because tape can be kept for many years, a good archiving mechanism is imperative to ensure the recoverability of the key when the media is recovered, replaced, or expired. A final consideration that can alleviate some of the concerns of constant re-key operations is to use granular granular /gran·u·lar/ (gran´u-lar) made up of or marked by presence of granules or grains. gran·u·lar adj. 1. Composed or appearing to be composed of granules or grains. 2. keys such that exist for each type of media such as Key per Tape, Key per LUN, or Key per File. Key Recovery. Key recovery from an archive in a data at rest scenario is extremely important. An archive should be capable of retaining keys for long periods of time and providing those keys when needed. If the organization chooses to implement automated key recovery, the process should be tested at regular intervals to ensure that it meets the organization's needs, no matter the type of archive the keys are stored. Key Deletion. The most challenging part of any key management system is ensuring that, once a key has been exposed or retired, or the data media on which it was stored has been lost, deleted, stolen, or replaced so it cannot be recovered by any malicious party. Key management systems should include automated and manual processes to ensure that all copies of a key are deleted from all devices, archives, and backups. Key Logging. A good key management system must track every key, logging which users have used it, and when and what actions the users conducted with the key. This is called key logging. From the time a key is generated until it is finally deleted, all events related to that key should be logged in one or more types of logs. Automating the alert process is important, simplifying the day-to-day operations of the key management system and ensuring that the appropriate individuals are notified in a timely fashion when an event occurs. Recommended Practices Different concerns exist when implementing key management at single or multiple sites. In a single-site implementation, particular attention must be paid to key backup and recovery. The organization must ensure that keys are regularly backed up to an offsite location, such as a disaster recovery site. On the other hand, multiple-site implementations have the benefit of a remote site at which to replicate rep·li·cate v. 1. To duplicate, copy, reproduce, or repeat. 2. To reproduce or make an exact copy or copies of genetic material, a cell, or an organism. n. A repetition of an experiment or a procedure. keys within the organization, as long as the appropriate security mechanisms are implemented. Not only should administrative versus security functions be separated but keys should be archived locally and regular backups should be conducted remotely to provide full recovery capabilities. Logging should be replicated between at least two sites for local as well as centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. secure audit logging. Key management is a critical part of encryption, no matter what is being encrypted. The longer data must be maintained in an encrypted form, the more important key management becomes. And when encryption is part of a storage security solution, ensuring that keys can be managed, maintained, and recovered can help an organization mitigate many of the risks that exist when encryption is used improperly. Key management systems today must provide three key elements: security, automation, and openness. Security delivers appropriate access limitations to keys based on the requirements of the organization and the type of data being encrypted. Automation ensures that keys are available when and where encrypted information is read. Openness ensures the seamless integration An addition of a new application, routine or device that works smoothly with the existing system. It implies that the new feature or program can be installed and used without problems. Contrast with "transparent," which implies that there is no discernible change after installation. into the enterprise security infrastructure. While architecting a complete key management system can be time-consuming, companies must implement a key archive and backup policy, with appropriate access controls, to minimize risk. In addition, by performing a risk analysis for the data in question--prior to implementing an encryption solution--organizations can help ensure that the right data is protected by the right solution. Dore Rosenblum is VP of marketing for NeoScale (Milpitas, CA). www.neoscale.com |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion