Alliance AES Key Management

Transcription

1 Alliance AES Key Management Solution Brief Patrick Townsend Security Solutions Criteria for selecting a key management solution for the System i Key Management is as important to your security strategy as the encryption software you use. The loss of an encryption key can compromise your security and lead to expensive privacy notification procedures and the need to re-encrypt historical data. This paper discusses what you should know about Key Management. Compliance auditor trends in key management A new trend emerging from data security audits is the requirement to separate encryption keys from the data being encrypted. This means deploying a key server on a separate server or in a separate partition. A good key management solution must provide a secure and authenticated method of key retrieval. 406 Legion Way SE, Suite 300 Olympia, WA fax

2 What are encryption keys? Encryption keys are the secret part of data encryption. Encryption keys provide the one thing that is unique to your security and makes it impossible for anyone else to decrypt and use your sensitive information. So keeping your encryption keys private is crucial to your data security strategy. Just as the key to your house is not like any other house key, your encryption keys are unique to you. Losing an encryption key is like losing a house key. You will need to change the key to prevent unauthorized access. In data security systems the way you manage encryption keys is as important as how you encrypt your data. If you have strong encryption but a weak method of managing encryption keys, you will have weak overall data security. How are encryption keys protected? Encryption keys should be protected with special applications that are designed to prevent unauthorized access to the keys, and to allow the use of the encryption key by authorized users and applications. These special applications are call Key Management systems. Key management systems provide a number of functions including: Creation of new encryption keys Secure storage of encryption keys Definition of authorized users Definition of key expiration dates (90 days, 1 year, etc.) The changing of keys (key roll-over) Definition of encryption key policies Distribution of keys to end points where needed Periodic save of keys to secure backup This is a partial list of capabilities and key management systems implement different capabilities depending on the vendor. The minimum requirements of a key management system are to create, securely store, and provide keys to authorized users. Six approaches to encryption key management There are six basic levels of key management ranging from no key management (a really bad idea) to the use of high-end key management infrastructure systems. A key management strategy always involves a balance between security and system reliability and usability. Very secure key management systems such as those used in military applications may impose unreasonable constraints that would be unacceptable or unnecessary in commercial applications. Finding the right solution will mean balancing your security needs with your application needs. The following table shows the general relationship between key management approaches, security, and application reliability: Page 1

3 Key Management Approach Security Level Application Reliability Comments No key management Very poor High Encryption keys and passwords are usually stored in application source code. This is the poorest level of security as encryption keys are easily lost or compromised. Unsecured file storage Poor Very Good Encryption keys are stored in files in the clear. Even with normal file security mechanisms this is poor security as keys are easily lost or compromised. Key management on same system Key management on logical partition or virtual server Key management on external server Good Very Good This is better security for encryption keys as the keys cannot be used without a fully functional application environment. The reliability is high as the key store resides on the same system. Very good Good Security for encryption keys is much better as there is a separation between the applications that use keys, and the actual key store. High Good to Fair The physical separation provides much better security, but decreases the reliability of the application due to potential network and hardware failures. Good key management systems support real-time mirroring to redundant servers for better reliability. Page 2

4 Key Management Approach Security Level Application Reliability Comments FIPS-140 certified key management Very high Good to Fair The physical separation combined with FIPS-140 certification provides the best security, but decreases the reliability of the application due to potential network and hardware failures. Good key management systems support real-time mirroring to redundant servers for better reliability. The first two options in the table (No key management, and unsecured file storage) have very poor security profiles and should never be used for key management. They cannot be used to meet PCI and other regulations governing sensitive data. Key management system same system The first level of acceptable key management is to use a key management solution that resides on the same platform where you encrypt sensitive data. The key management solution should implement industry standard methods of securing the encryption keys and access to the management of encryption keys. In the event a file containing encrypted information is lost, the encryption keys remain protected. Of course, if the entire physical system and application set is lost the encryption keys will be lost with the system. Key management system logical partition The next level of acceptable key management is to use a key management solution that resides on a logical partition that is separate from the partition where you encrypt sensitive data. Logical partitions reside on the same physical system as the sensitive data, but are completely separate operating environments. The key management solution should implement industry standard methods of securing the encryption keys and access to the managing encryption keys. In the event a file containing encrypted information is lost, the encryption keys remain protected. The separation of the keys onto a logical partition provides better security. Key management system external server The next higher level of secure key management is to use a key management solution that resides on a completely separate platform from the one where you encrypt sensitive data. The key management Page 3

5 solution should implement industry standard methods of securing the encryption keys and access to the managing encryption keys. In the event a file containing encrypted information is lost, the encryption keys remain protected even if the entire system is lost. This separation of the keys onto a physically separate system provides a very high level of security. It should be noted, however, that application reliability is reduced by this approach. A failure in the network or a failure in the key management server hardware can make the encryption keys inaccessible for a period of time. This can have a major impact on certain business applications. Standards for key management While there are no specific standards for key management systems, the National Institute of Standards and Technology has published a technical document of recommendations for key management. Other standards organizations such as IEEE and Oasis are working on standards for key management interoperability. FIPS-140 certified key management system external server The highest level of secure key management is to use a FIPS-140 certified key management solution that resides on a completely separate platform from the one where you encrypt sensitive data. FIPS-140 certification is a testing process implemented by the National Institute of Standards and Technology (NIST) and provides more assurance of the security of the key management solution. In the event a file containing encrypted information is lost, the encryption keys remain protected even if the entire system is lost. This separation of the keys onto a physically separate system provides a very high level of security. It should be noted, however, that application reliability is reduced by this approach. A failure in the network or a failure in the key management server hardware can make the encryption keys inaccessible for a period of time. This can have a major impact on certain business applications. Patrick Townsend Security Solutions Patrick Townsend Security Solutions provides data encryption, key management, and compliance logging solutions to Enterprise customers on a variety of server platforms including Windows, Linux, UNIX, IBM System i, and IBM System z. The company can be reached on the web at or by phone at (360) Page 4