21st-Century 'Key' Ring

Hardware appliances can help you get a grip on your agency's encryption keys.

KEY LINGO: When dealing with storage of encrypted data, there's more than one kind of key.
Symmetric keys encrypt and decrypt the
data; asymmetric keys allow systems to
exchange the symmetric keys.

With agencies adding a protective wrapper of encryption to the data they create — specifically, sensitive and personally identifiable information — the technology dilemma looming on the horizon is how to handle the thousands (in some agencies, millions) of digital keys created in the process.

Although key management isn’t a mandate, it can make day-to-day life a lot easier for an agency’s IT managers. Key management isn’t “going to go away, and it is something that we will need to pay more attention to,” says William Burr, manager of the Security Technology Group at the National Institute of Standards and Technology’s IT Lab. Burr’s group crafts Federal Information Processing Standards guidelines and policies to help agencies with encryption practices.

The use of hardware-based key appliances can minimize security risks when tapes or other encrypted media become lost or stolen, points out Jon Oltsik, a senior analyst with Enterprise Strategy Group of Milford, Mass.

As encrypted data volumes grow and digital keys become more ubiquitous — spanning multiple sites, applications and technologies — the ability to effectively manage these environments will become paramount, Burr acknowledges.

Keeping Track

Digital keys, consisting of long strings of numbers and characters, enable or deny access to encrypted data. In other words, they lock or unlock data written to media (tape, optical or disk, for instance). Misplace a digital key and the encrypted data to which that particular key is associated would be as good as lost unless a duplicate copy of the key exists and its whereabouts are known.

Standalone key-management appliances — from Hewlett-Packard, nCipher (NeoScale), Spectra Logic and Sun StorageTek — can help agencies minimize the potential for lost keys or unauthorized access to data by managing key-making and -storing processes centrally. These types of appliances help organizations manage keys generated across their IT environments and by different types of encryption devices, which can have significant end-user benefits.

“The appeal of an appliance is its simplicity and ease of use,” says Greg Schulz, senior analyst for StorageIO.

Cost, performance and scalability are also important in deciding whether to choose an appliance over software. In fact, for one agency, these were deciding factors.

“We looked at encrypting data on the disk via our database, which is where all our sensitive data is, and found the performance hit too expensive,” says an IT project leader at a research agency. Instead, the agency, which did not want to be identified because of security concerns, has begun evaluating key management appliances.

Driving the research agency and countless other agencies is the need to encrypt a growing amount of PII and other data to remain in compliance with mandates of the Office of Management and Budget.

If it has a Social Security number, name or address in it, then it needs to be encrypted — whether it’s embedded in a Microsoft Word document or sent in an e-mail. “We eventually need to move to a hardware solution,” the IT project manager says. “We are often exceeding our backup window.” The agency currently is leveraging its backup application to do encryption.

Mix and Match

Another concern is interoperability, for managing keys generated by other encryption tools. “It’s all going to boil down to interoperability with other key managers,” says Schulz. He suggests reviewing interoperability matrices for any product under consideration.

fact: No. 3: Where key management ranks (behind performance and cost factors) among the
storage-related concerns that IT managers have with regard to increased encryption of sensitive data

SOURCE: ESG

Other important factors that Oltsik and Schulz says agencies should consider are:

• Security: How deep is the product’s feature set? What kind of access trails does the device have? What are the authorization and authentication processes? Does it have fingerprint or biometric scanning capabilities? How is the device itself secured?

• Management: How does the device manage a key over its lifecycle? Can a key be assigned to a particular type or source of data? If yes, how granular is this capability?

• Regulatory certification: Is the appliance FIPS-certified? Which standards organizations is the manufacturer involved with?

• Data protection and availability: What is the disaster recovery and continuity of operations approach? How is the device backed up or replicated? What is the process? What is the cost of adding a second device for redundancy?

Although the standards bodies are at work on key management specifications, Schulz recommends that agencies target the most key-intensive efforts now for centralizing management to mitigate risks and address specific pain points.

As Burr points out: Not addressing key management is not an option.

Be Smart About Key Management

Establish Keys Securely

• Generate symmetric keys by using either an approved random number generation method, a key update procedure that creates a key from the previous key, or an approved key derivation function that derives a key from a master key.

• Avoid concatenating split- or multi-key components as the combination function used to generate keys.

• Limit the distribution of data encryption keys to backups or to other authorized entities that may require access to the information protected by the keys.

• Keys must be protected using either encryption or an appropriate physical security mechanism/procedure throughout the distribution process.

Ensure Proper Operational Use

• Ensure that the installation of a key within the device or process that is going to use it does not result in leakage of the key or information about the key.

• Provide confidentiality for keying material in storage, using either encryption with an approved algorithm or physical protection (i.e., cryptographic module or secure storage with controlled access).

• Use reasonable measures to prevent modifications, to use methods to detect (with a very high probability) any modifications that occur, and to restore the keying material to its original content when modifications have been detected.

• Store symmetric data encryption keys in backup storage during the cryptoperiod of the keys in order to allow key recovery, and store in archive storage after the end of the key’s cryptoperiod, if required.

• Replace a key with another key (i.e., key change) when the key may have been compromised, the key’s cryptoperiod is nearing expiration, or to limit the amount of data protected with any given key.

Key Disposition

• Remove keying material and other related information from backups when no longer needed for operational use.

• Destroy keying material as soon as it is no longer required (e.g., for archival or reconstruction activity) in order to minimize the risk of a compromise.

SOURCE: Storage Networking Industry Association