Encryption Key Management
This article is about Encryption key management, and will highlight what needs to be done to effectively store the keys to your encrypted data. Information in this article will prove useful and in many instances you may find that only after reading this article it will become apparent that encryption and key management needs to be well managed, to avoid catastrophe.
Encryption, a brief background
Man has always wanted to communicate with a trusted party in a confidential manner. In times of war the encryption used to transmit and store information was vital to winning the war. Today organizations are connected to the internet, using the internet as a medium the organization can communicate and transact with clients, suppliers and its own employees. Keeping the transactions confidential and the stored data confidential is a challenge, and many organizations have started to employ strong technical controls like device encryption and content (data) encryption to better secure their data and communications.
Encryption by virtue is a way of keeping data confidential and unreadable by unauthorized users. Typically a cipher is used; the cipher can be described as a lock, together with a key to process or Encrypt - lock and Decrypt - unlock the data. What was readable data, once processed, now becomes unreadable without the correct cipher and most importantly the key.
But why is the key so important? Well let's look at this question logically. You have a safe. In the safe you have valuables. You need a key to get into the safe. If you lose the key to the safe it will take too long to get to your valuables. In turn this will cause a denial of service, meaning you will be denied access to your valuables. Now we have a few questions to ask ourselves. Where do we keep the key? Would it be a good idea to keep the key on top of the safe? If an intruder were to get into the location where the safe is, then he would most likely search for the key then gain access to the valuables. Even keeping the key in the same room as the safe is potentially a problem, as this could result in an unauthorized person locating the key.
It is clear that keys are fundamental to opening locks; similarly encryption keys are used to decrypt encrypted data and communication. It is clear that if the keys were found and copied, destroyed or lost, you would have a problem gaining access to whatever the keys were protecting. Ever lost the keys to your car? Not a good feeling... If you have a spare set, then you can find those and use them, but you are left wondering about who found the keys and what they might do with the keys.
Types of keys
Below are some different types of keys as described by NIST in the Key lifecycle documentation available
- Signing Keys
- Transport Private Keys
- Public Keys Used to Verify
- Static Key Agreement Private Keys
- Digital Signatures
- Static Key Agreement Public Keys
- Secret Authentication Keys
- Domain Parameters
- Public Authorization Keys
- Initialization Vectors
- Long term Data Encrypting Keys
- Shared Secrets
- Encrypted Keys
- Master Keys Used to Derive
So what is the solution?
It is very important to treat keys with the same, if not higher, regard to what the keys protect. If the encryption key protects your laptop and the prime is lost, it can result in you losing access to all the data on your laptop. Then it may be a good idea to have proper key management.
Good key management entails 10 simple yet necessary steps which will ensure that you will be able to gain access to your data or communications in a secure manner when you need it. Reference: NIST
Generally Should Archive
- Signature verification key,
- Secret authentication key,
- Public authentication key,
- Long term data encryption,
- Key encrypting key used,
- Key for key wrapping
- Domain parameters
Should Not Archive
- Signing key,
- Private authentication key,
- Short term data encryption key,
- RNG key,
- Key transport public key,
- Ephemeral key agreement,
- Private keys,
- Secret authorization key,
- Private authorization key,
- Public authorization key,
- Intermediate results and key material.
- Make a backup of your encryption keys. If the encryption keys change, ensure that the changes are also backed up. This includes the restorability of the keys that are used for your archived data. If ever you need to restore the data you will need to decrypt the data. Countless organizations fall victim to this because of poor key management.
- Ensure that the backups are recoverable and an effective disaster recovery plan that details the recovery of the keys from backup is in place. If historical data has been encrypted then this data should also be recovered and decrypted as part of your test.
As discussed in this article, storing the decryption keys with the encrypted data is bad practice, for this reason the keys should not be stored on the tapes that contain the encrypted achieved data.
- Make sure that the logical access control to your encryption keys is secure and available to authorized users. Logical access to keys plays a vital role in keeping your data encrypted. Storing encryption keys on your local drives can lead to compromise, especially if the computer or device is partially encrypted. Typically keys are stored securely out of reach in a secure location.
- Ensure that the keys are stored in a physically secure environment and that only authorized users can gain access to the keys. Physical access controls are of high importance as disruption in the key availability may result in failure in the decryption process.
- Escrow the keys with a trusted third party, although you may feel that this is not a necessary step when things go wrong, I can assure you, you will wish you had escrowed the keys. Typically keys are escrowed and kept safely for many organizations without incident.
- Ensure that the keys are not stored logically where someone could make a duplicate or destroy the key. Logical access controls are not enough if an unauthorized user can alter the state of the machine that the keys are stored on remotely or physically you will have a denial of service on your hands, resulting in the data not being able to be decrypted.
- Ensure that you have a way of disposing the keys, locking out older, possibly compromised keys and creating new keys that will decrypt the data. This process needs to be carefully managed and security needs to be monitored throughout. It is common that through the key issue and revocation process a key compromise is structured by an unauthorized user.
- Understand what data and communications has been encrypted by the keys so that if you have to issue a new key you are able to first decrypt and encrypt the data if your software does not perform this function automatically.
- Ensure that the key is only used and issued from a secure system; often this rule is overlooked and will result in compromise. Not all computer systems are secure and as rootkits and software recording software become more pervasive caution needs to be taken when using the decryption key. Systems like the ones found at internet kiosks and other public facilities are good examples where more caution is needed.
- Ensure that the key generation process has high security and that the process has integrity.
The above ten rules are guidelines that will aid an organization and individual in effectively managing keys to their most confidential information. On many occasions, decryption fails because of fundamental pitfalls made by key staff members that manage keys but lack the experience to make the right decisions.
Keeping an organization secure has many facets. In particular one of them is Encryption key management without the careful consideration of how the keys are managed. You may find yourself or your organization in a sticky situation. This article has taken you through a brief yet useful key management journey that will aid in keeping your organization and its encrypted data available and secure.