A Draft Framework for Designing Cryptographic Key Management Systems

Similar documents
SP A Framework for Designing Cryptographic Key Management Systems. 5/25/2012 Lunch and Learn Scott Shorter

A Profile for U.S. Federal Cryptographic Key Management Systems

A Framework for Designing Cryptographic Key Management Systems

Archived NIST Technical Series Publication

Lecture VII : Public Key Infrastructure (PKI)

Key Management Best Practices

Secure Network Communications FIPS Non Proprietary Security Policy

Cryptographic Modules, Security Level Enhanced. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Recommendation for Key Management Part 1: General (Revision 3)

Using BroadSAFE TM Technology 07/18/05

Key Management Interoperability Protocol (KMIP)

Pulse Secure, LLC. January 9, 2015

Key Management Interoperability Protocol (KMIP)

Subject: Public Key Infrastructure: Examples of Risks and Internal Control Objectives Associated with Certification Authorities

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

05.0 Application Development

Key Management Issues in the Cloud Infrastructure

Danske Bank Group Certificate Policy

VICTORIA UNIVERSITY OF WELLINGTON Te Whare Wānanga o te Ūpoko o te Ika a Māui

National Security Agency Perspective on Key Management

CERTIFICATE. certifies that the. Info&AA v1.0 Attribute Service Provider Software. developed by InfoScope Ltd.

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

Central Agency for Information Technology

INFORMATION TECHNOLOGY SECURITY STANDARDS

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Recommendation for Key Management Part 2: Best Practices for Key Management Organization

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Office of Inspector General

SRA International Managed Information Systems Internal Audit Report

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

Summary of CIP Version 5 Standards

Neutralus Certification Practices Statement

Alliance Key Manager Solution Brief

Cryptographic Key Management (CKM) Design Principles for the Advanced Metering Infrastructure (AMI)

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

User Authentication Guidance for IT Systems

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Supporting FISMA and NIST SP with Secure Managed File Transfer

Securing Distribution Automation

Certificate Policies and Certification Practice Statements

Information Security Basic Concepts

Credit Card Security

Cryptography and Network Security

Technical Proposition. Security

Account Management Standards

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

TELSTRA RSS CA Subscriber Agreement (SA)

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Information Security Policies. Version 6.1

Information security controls. Briefing for clients on Experian information security controls

Advanced Topics in Distributed Systems. Dr. Ayman Abdel-Hamid Computer Science Department Virginia Tech

Cryptography and Key Management Basics

Certification Report

SOFTWARE ASSET MANAGEMENT Continuous Monitoring. September 16, 2013

EMC Symmetrix Data at Rest Encryption

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Recommended Wireless Local Area Network Architecture

Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths

SYMMETRIC CRYPTOGRAPHIC KEY MANAGEMENT IN CLOUD PARADIGM

7. Public Key Cryptosystems and Digital Signatures, 8. Firewalls, 9. Intrusion detection systems, 10. Biometric Security Systems, 11.

Plain English Guide To Common Criteria Requirements In The. Field Device Protection Profile Version 0.75

Newcastle University Information Security Procedures Version 3

Certification Practice Statement

Cryptography and Network Security Overview & Chapter 1. Network Security. Chapter 0 Reader s s Guide. Standards Organizations.

Cryptography and Network Security Chapter 1

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

White Paper: Librestream Security Overview

Network & Information Security Policy

Build (develop) and document Acceptance Transition to production (installation) Operations and maintenance support (postinstallation)

Security Policy Revision Date: 23 April 2009

Security Controls What Works. Southside Virginia Community College: Security Awareness

Fundamentals of Network Security - Theory and Practice-

Complying with PCI Data Security

Securing Data on Microsoft SQL Server 2012

HIPAA Compliance and Wireless Networks Cranite Systems, Inc. All Rights Reserved.

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

Journal of Electronic Banking Systems

Keywords Cloud Storage, Error Identification, Partitioning, Cloud Storage Integrity Checking, Digital Signature Extraction, Encryption, Decryption

HIPAA Privacy & Security White Paper

Management of Official Records in a Business System

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

Supplier Information Security Addendum for GE Restricted Data

Certification Practice Statement

SUPPLIER SECURITY STANDARD

Protecting Business Information With A SharePoint Data Governance Model. TITUS White Paper

Transcription:

A Draft Framework for Designing Cryptographic Key Management Systems Elaine Barker Dennis Branstad Santosh Chokhani Miles Smid IEEE Key Management Summit May 4, 2010

Purpose of Presentation To define what we mean by a Framework for Cryptographic Key Management To explain how the Framework might fit in with other NIST recommendations regarding key management To present the main concepts and provisions of the draft To solicit comments on the draft Framework 2

Announcement NIST Second Key Management Workshop September 20 & 21 Gaithersburg, MD http://csrc.nist.gov/groups/st/key _mgmt/. 3

What is a Framework? A Framework specifies design requirements to be met by any Cryptographic Key Management System (CKMS) claiming compliance. A Framework is an organized list of components and CKMS design requirements. Components may include: goals, policy, key types, key metadata, key lifecycle, key and metadata management functions, testing history, etc. 4

Framework of Components and Requirements FRAMEWORK Candidate CKMS Design Selection Framework Components C 1 Requirements R 1,1 R 1,2 Conforming CKMS Design Documentation C i R i,1 C n R n,1 R n,2 R n,m 5

Scope and Construction Framework scope is limited to the generation, distribution, storage, use, revocation, and destruction of cryptographic keys and bound metadata. Framework places shall requirements on CKMS design specification. In this presentation we have changed the shall requirements into questions for the CKM designer. 6

Framework Advantages Encourages CKMS designers to consider the factors that make a comprehensive CKMS Encourages CKMS designers to consider factors that if properly addressed will improve security Helps define the CKMS design task by providing significant elements that require specification Assists in logically comparing CKMS and how they meet the specified requirements Improves security by specifying necessary considerations Forms the basis for a U.S. Government CKMS Profile 7

Profile of Components and Requirements CKMS PROFILE Conforming CKMS Design Framework Components C 1 USG Security Requirements R 1,1 R 1,2 CKMS Design for USG Applications Documentation. C i R i,1 C s R s,1 R s,2 R s,t 8

Framework Limitations Does not require specific techniques or CKMS design choices Does not guarantee security Does not mandate protections for U.S. Government sensitive information Any CKMS if properly specified should be able to comply with the Framework, but not all CKMS will comply with the U.S. Government CKMS Profile 9

Major Components 1. CKMS Goals 2. CKMS Security Policy 3. Roles and Responsibilities 4. Cryptographic Keys and Metadata 5. Interoperability and Transition Requirements 6. Security Controls 7. Testing and System Assurances 8. Disaster Recovery 9. Security Assessment 10. Other Considerations 10

1. CKMS Goals What are the required high level functions of the CKMS? How are cryptographic functions performed by humans designed for ease of use? How is human error detected and corrected? What are the required performance characteristics of the CKMS? How can the CKMS be scaled to exceed the peak performance characteristics if necessary? How are keys revoked and why was this method selected? 11

Goals (2) COTS Products What COTS products are used in the CKMS design? What security functions are performed by COTS products? How were the COTS products configured and augmented to meet the goals of the CKMS? 12

2. CKMS Security Policy How does the CKMS enforce the CKMS security policy? What security mechanisms are required to provide the protections of the security policy? Under what conditions may a key and its bound metadata be shared by two or more entities? Are the automated portions of the CKMS security policy expressed in tabular format or using a formal language such that the CKMS can interpret and enforce it? What administrators are notified when the CKMS Security Policy is modified? How are they notified? 13

3. Roles and Responsibilities System Authority, System Administrator, System Designer, Cryptographic Officer, Key Owner, System User, Audit Administrator, Registration Agent, Key Recovery Agent, etc. Which roles does the CKMS support? Which roles require separation (e.g., System Administrator and Audit Administrator)? What are the responsibilities of each role? 14

Roles and Responsibilities (2) How are the individuals performing each role authenticated by the CKMS? How is multi-person control used for critical system functions? How is individual accountability enforced? How is the performance of the roles audited? What automated provisions identify security violations by insiders or outsiders? 15

4. Cryptographic Keys and Metadata 1. Private Signature Key 2. Public Signature Key 3. Symmetric Authentication Key 4. Private Authentication Key 5. Public Authentication Key 6. Symmetric Data Enc/Dec Key 7. Symmetric Key Wrapping Key 8. Symmetric RNG Key 9. Asymmetric RNG Key 10. Symmetric Master Key 11. Private Key Transport Key Key Types 12. Public Key Transport Key 13. Symmetric Key Agreement Key 14. Private Static Key Agreement Key 15. Public Static Key Agreement Key 16. Private Ephemeral Key Agreement Key 17. Public Ephemeral Key Agreement Key 18. Symmetric Authorization Key 19. Private Authorization Key 20. Public Authorization Key 16

Cryptographic Keys and Metadata (2) Key Metadata 1. Key Type 2. Key Label 3. Key Identifier 4. Key Life Cycle State 5. Key Format Specifier 6. Product used to Create Key 7. Crypto Algorithm using key 8. Schemes or Modes of Operation 9. Parameters for the Key 10. Length of the Key 11. Strength of the Key 12. Applications for Key 13. Security Policies for Key 14. Key Owner 15. Key Access Control List 16. Key Counter/Version Number 17. Parent Key 18. Key Protections 19. Metadata Protection 20. Metadata Binding Protection 21. Date-Times 22. Revocation Reason 17

Cryptographic Keys and Metadata (3) Which key types does the CKMS employ? Which metadata elements are used with each CKMS key type? How are the syntax and semantics of key types and metadata specified (tables or formal syntax specification)? What protections are applied to keys and metadata (e.g., confidentiality, integrity, source of integrity authentication)? How are they bound? 18

Key Life Cycle States and Transitions 1 Pre- Pre - Activation Activation 2 3 4 9 Active 5 6 Suspended 7 Revoked 8 Deactivated (Process Only) 10 Compromised (process only) Destroyed 11 12 13 Destroyed Compromised 19

Cryptographic Keys and Metadata (5) What are the CKMS cryptographic key states and transitions? The Framework lists 31 key and metadata management functions Generation Owner Registration Activation Deactivation Etc. 20

Cryptographic Keys and Metadata (6) What RNGs are used to generate keys? How are keys activated and deactivated? What information is provided upon revocation? Under what circumstances may a key be suspended? How and under what conditions can metadata be modified? Etc. 21

Cryptographic Keys and Metadata (7) Storage How is authorization for submitting, retrieving and using keys and metadata in storage verified? How is the integrity and confidentiality of keys and metadata verified in storage Transport/Agreement What key establishment methods are used? How are keys protected during transport? How are the identifiers of the parties to key establishment assured? What key confirmation methods are used? 22

Access Control System KeyManagementFunctionCall: calling entity, entity authenticator function key metadata ACS Response: function output or function denied Name 1, PW 1 Name 2, PW 2... Name n, PW n Calling Entities and Passwords Sym enc Sym dec SK sign PK verify Com HMAC. Key Management Functions K 1, M 1 K 2, M 2 K 3, M 3... K i, M i Keys and Metadata 23

Cryptographic Keys and Metadata (9) Key Management Function Controls How is access to key and metadata management functions controlled (i.e., describe the ACS)? What rules are enforced by the ACS (e.g., key entry and output)? When is multi-party control and key splitting used? What are the cryptographic periods of the keys? How are key compromises handled and what other keys are affected? 24

Cryptographic Keys and Metadata (10) Cryptographic Modules What cryptographic modules are used and what data protections are provided by them? How is access to the cryptographic module contents restricted? What non-invasive attacks are mitigated by the module? What third party testing and validation was performed? What self-tests are performed? How does the module respond to detected errors? What is the strategy for replacement of failed modules? 25

Cryptographic Keys and Metadata (11) Compromise Recovery What are the envisioned compromise scenarios for the CKMS? How is the CKMS protected from unauthorized physical access? What security controls are used to detect unauthorized changes to the CKMS? What are the compromise recovery procedures? Who is to be informed of a CKMS compromise? What training is required for each CKMS role? 26

5. Interoperability and Transition Requirements What are the CKMS interoperability requirements? What standards, protocols, interfaces, supporting services, and formats are required for interoperability with envisioned applications and other CKMS? What interfaces are required for easy replacement of internal components (e.g., cryptographic algorithms)? 27

6. Security Controls What physical security is assumed? What redundancy (back-up) capabilities are envisioned? What operating system requirements does the CKMS require? What system monitoring is performed? What are the requirements for anti-virus and anti-spyware protection? What types of firewalls and firewall configuration are required? 28

7. Testing and System Assurances Vendor Testing, Third Party Testing, Interoperability Testing, Self-testing, Scalability Testing, Functional Testing What types of testing were performed on the CKMS? What are the intended environmental conditions under which the CKMS can be used? What environmental tests were performed on the CKMS? 29

8. Disaster Recovery Facility Damage, Utility Service Outage, Communication and Computation Outage, System Hardware/Software Failure, Cryptographic Module Failure, Corruption of Keys and Metadata What are the needed requirements? What backup or redundancy mechanisms and services exist for components and for keys and metadata? 30

9. Security Assessment What assurance activities have been undertaken prior to CKMS deployment? What validation programs have been passed (provide certificate numbers)? Was an architecture review performed? What testing was performed (provide results)? What is the period for security reviews (what is to be done)? What types of changes require an incremental security assessment and full assessment? What is the scope of each? 31

10. Other Considerations Standards, Ease of Use, National/International Regulations, Technology Challenges What standards are utilized by the CKMS and how is conformance tested? Which commercial products have been utilized in the CKMS design and to which security standards do they comply? What are the user interfaces and what principles are they based upon? What ease of use tests have been performed? 32

Other Considerations (2) Technological Challenges What technology assumptions were made in assessing the CKMS security? Which cryptographic algorithms are used by the CKMS? What is the estimated security lifetime of each? Which algorithm components are designed to be upgraded or replaced by improved components? What new technologies could easily be incorporated into the system to improve security? 33

Final Thoughts Although a CKMS is smaller in scope, it has all the elements of designing a secure system (e.g., computer security, facility security, disaster recovery, etc). This makes designing a secure CKMS almost as hard as designing a secure system. A CKMS Framework is complicated. However, a Framework could help classify, compare and standardize CKMS. To obtain a copy of initial draft SP 800-130, see http://csrc.nist.gov/publications/pubsdrafts.html on or about June 15. Comments due by August 15. 34

Discussion? 35

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information