Introduction
A cryptographic key is a piece of information (a parameter) used in an algorithm (a cipher) to transform plaintext into ciphertext (encryption).1* Encryption has been around for millenniums. One of the most famous encryption algorithms is the Cesar Cipher through which Julius Caesar sent encrypted messages to his battle front generals (1). However, the importance to securely manage cryptographic keys was defined by Auguste Kerckhoffs in the 19th century, in two of his journal articles on “La Cryptographie Militaire” (2 and 3). His definition is often referred as the “Kerckhoffs’s principle”: “The security of an encryption algorithm shall depend solely on the confidentiality of the key.”
Cryptographic keys increase the security of IT environments (George Becker, pexels)
In order to satisfy “Kerckhoffs’s principle”, i.e. to manage cryptographic keys securely, Cryptographic Key Management Solutions (CKMS) shall be used. Consequently, the following questions arise:
- What are functional and non-functional requirements that such solutions must meet?
- What Cryptographic Key Management Solutions are there in the market?
- What is the “best” solution?
This article aims to address these three questions. In the first part, we list functional and non-functional requirements relevant for such solutions. Next, we provide an overview of existing solutions in the market. Finally, we conclude by suggesting an approach for identifying the “best” solution.
In our Securing Cyberspace video series (4) we disuss more detailed definitions of cryptographic keys and key management solutions.
Requirements
This subsection introduces functional and non-functional requirements which shall be met by Cryptographic Key Management Solutions (CKMS).
Functional
This section lists the functional requirements that CKMS has to fulfil. These requirements have been derived from standard guidelines as well as best-practices. (5-8)
- Support full Key Life Cycle:
- Pre-operational phase
- Registration
- Generation
- Distribution
- Operational phase
- Storage
- Backup
- Rotation
- Recovery
- Post-operational phase
- Archiving
- De-registration
- Revocation
- Suspension
- Destruction
- Pre-operational phase
- Support automatic, flexible key rotation
- Support key grouping and segregation
- Support symmetric/asymmetric cryptography
- Support following key types:
- Private Signature Key
- Public Signature Key
- Symmetric Authentication Key
- Private Authentication Key
- Public Authentication Key
- Symmetric Data Encryption/Decryption Key
- Symmetric Key Wrapping Key
- Symmetric RNG Key
- Private RNG Key
- Public RNG Key
- Symmetric Master Key
- Private Key Transport Key
- Public Key Transport Key
- Symmetric Key Agreement Key
- Private Static Key Agreement Key
- Public Static Key Agreement Key
- Private Ephemeral Key Agreement Key a Public Ephemeral Key Agreement Key a Symmetric Authorization Key
- Private Authorization Key
- Public Authorization Key
- Support RESTful API
- Support of PCKS#11
- Support Key Management Interoperability Protocol (KMIP)
- Support integration with existing PKI
- Support separation of duties, for instance:
- System Authority,
- System Administrator, a Cryptographic Officer, a Domain Authority,
- Key Custodian,
- Key Owner,
- CKMS User,
- Audit Administrator,
- Registration Agent,
- Key-Recovery Agent, and
- CKMS Operator.
- Support Multi Factor Authentication
- Support Backup & Restore
- Support dual control
- Support split keys
- Support deployment on-premises
- Support security policy configurations
- Support multi-level security domains
- Support Accountability, Auditing & Reporting
- Support, if Hardware solution:
- Hot swappable RAID disk drives
- Dual redundant power supplies
- Independent network interfaces
- At least tamper evident, optionally tamper resistant and proof
- At least N+2 redundancy
- Support business continuity:
- Active-Active or Active-Passive secure key server mirroring
- Real time key mirroring
- Real time access policy mirroring
- Support confidentiality protection:
- Physical or logical
- Unauthorized disclosure, and use
- Support integrity protection:
- Key manager on start-up
- Key transmission, storage, reception before usage, and retrieval
- Support GUI that:
- Requires minimal user interactions with the FCKMS
- Is commensurate with the range of experience and capability of its expected users,
- Assists a user initiating the generation of cryptographic keys and associated metadata, and
- Provides one or more security-service-control interfaces.
- Support detection and/or mitigation of incor- rect user input
- Support and assist the user to select and use the appropriate security
Non-Functional
This section lists the non-functional requirements that CKMS has to fulfil. These requirements have been derived from standard guidelines as well as best-practices. (7-9)
- The design specifies:
- The use of each key type,
- Where and how the keys are generated,
- The metadata elements that are used in a trusted association with each key type,
- How keys and/or metadata are protected in storage at each entity where they reside,
- How keys and/or metadata are protected during distribution, and
- The types of entities to which keys and/or metadata can be delivered (e.g., user, user device, network device)
- High Availability, ideally over three geographical distributed sites
- Compliance to international starndards, e.g. FIPS 140-2
- Application-agnostic
- Strategic nature of the product
- Vendor credibility
- Vendor support
Existing Solutions
In order to identify existing Cryptographic Key Management Solutions (CKMS) we conducted a research survey. The goal of the research survey is to identify solutions that could fulfill the requirements introduced above. For the research survey the following key words are used: “cryptographic key”, “key management”, “encryption management system”, “hardware security module”, and “on-premises”. In addition, to increase the number, and provide a complete and consistent overview of existing solutions, two other sources are included in the research survey, namely NIST Validated Modules (10) and known KMIP Implementations (11). The complete findings of the survey are presented in table 1.
Conclusion
Cryptographic Key Management (CKM) is a fundamental part of security technology, in particular for ensuring confidentiality, integrity and authenticity of data and services. As our findings show, there exist a considerable number of CKM solutions. There might be even more existing solutions, when considering those that are offered only as Cloud services. However, from the solutions presented in this article, only few can be highlighted, refer to table 2. These do not only fulfill most of the listed requirements, but do also provide enhanced security, usability and scalability capabilities. Finally, in order to identify the “best” solution, we recommend a systematic approach based on the following sequential steps: a Specify the different use cases for which cryptographic keys are used.
- Derive the relevant functional and non-functional requirements from these use cases.
- Compare and extend the derived requirements based on the list provided in this article, or any other relevant, internal and external guideline.
- Identify which of the existing solution fits best in regard to the extended requirements.
- Implement a Proof of Concept to ensure that the identified solution does indeed meet the requirements. Remember that Usability is Key!
Sources:
- 1. Suetonius, Vita Divi Julii, http://thelatinlibrary.com/suetonius/suet.caesar.html#56
- 2. Kerckhoffs, Auguste (January 1883). “La cryptographie militaire”. Journal des sciences militaires. IX: 5–83, https://www.petitcolas.net/kerckhoffs/crypto_militaire_1_b.pdf
- 3. Kerckhoffs, Auguste (February 1883). “La cryptographie militaire”. Journal des sciences militaires. IX: 161–191, https://www.petitcolas.net/kerckhoffs/crypto_militaire_2.pdf
- 4. https://www.youtube.com/watch?v=y2PM7Uox8Pc and https://www.youtube.com/watch?v=nBljbb-nPY4 but mostly: https://www.youtube.com/watch?v=qlfm47J–ew
- 5. PKCS #11 Cryptographic Token Interface Base Specification Version 2.40
- 6. Key Management Interoperability Protocol Profiles Version 2.0
- 7. NIST SP 800-57 Part 1 Rev. 5: Recommendation for Key Management: Part 1 – General
- 8. NIST SP 800-152 A Profile for U.S. Federal Cryptographic Key Management Systems (CKMS)
- 9. FIPS 140-2 Security Requirements for Cryptographic Modules
- 10. NIST Validated Modules, https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search
- 11. Known KMIP Implementations, https://wiki.oasis-open.org/kmip/KnownKMIPImplementations
1* In modern cryptography, keys are not only used to ensure confidentiality, but also to ensure the integrity and authenticity of data and services.
Table1_and_Table2 (please view in dual page)
Table 1: CKMS findings of the research survey
Company | Solution | Reference |
Cavium Inc. | LiquidSecurity & NITROX HSM | https://www.marvell.com/products/security-solutions/nitrox-hs-adapters.html |
WISKey Semiconductors | VAULTIC Series | https://www.wisekey.com/products-services/secure-semiconductors/secure-elements/ |
securosys | HSM E-Series | https://www.securosys.com/en/product/pci-card-replacement-network-hsm |
securosys | HSM X-Series | https://www.securosys.com/en/product/high-availability-high-performance-hard-ware-security-module |
securosys | HSM Primus S500 | https://www.securosys.com/en/product/primus-hsm-s500 |
securosys | Decanus | https://www.securosys.com/en/product/decanus-remote-control-terminal |
Engage Communication Inc. | BlackVault | https://www.engageblack.com/products/black-vault/hardware-security-module |
Hancome Secure | Enterprise Key Management | https://www.hsecure.co.kr/1_1_e.php |
Kryptus | KNET | https://kryptus.com/en/network-hsm-knet/ |
Bloombase | KeyCatel | https://bloombase.com/products/keycastle/specifications.html |
Table 2: Comparison of selected solutions
Requirements | Vendor | Thales | Cryptomathic | Fortanix | QuintessenceLabs
|
Unbound | |
Solution | Cipher
Trust Manager |
Vormetric Data Security Manager |
Crypto-Key-Management-System
|
Self Defending KMS
|
qCrypt 300H | Unbound Key Control | |
Functional | |||||||
Key Life Cycle | + | + |
+
|
+ | + | + | |
Key:
-Grouping -Segregation -Splitting |
+
+ – |
+
+ – |
n/a n/a n/a
|
+
+ +
|
+
+ – |
+
+ + |
|
Cryptopgraphy:
-RSA -AES |
+
+ |
+
+ |
+
+
|
+
+ |
+
+ |
+
+ |
|
Key Types:
-Private Signature Key -Public Signature Key -Symmetric Data Encryption/Decryption Key -Symmetric Key Wrapping Key |
–
– + +
|
+
+ + +
|
+
+ + +
|
+
+ + + |
–
– + + |
+
+ + + |
|
APIs:
-REST -PCKS#11 -KMIP |
+
+ +(1.1 only) |
+
+ +(1.1 only) |
+
+ +(only symmetric profile)
|
+
+ +(up to version 1.4) |
+
+ +(up to version 1.4) |
+
+ +(up to version 1.2) |
|
Integration with existing PKI | – | + | +
|
+
|
– | + | |
Access Control:
-Sparation of Duties -MFA -Dual control |
+
+ – |
+
-(optional) – |
+
+ –
|
+
+ – |
+
– – |
+
– + |
|
Backup & Restore | + | + | +
|
+ | + | +
|
|
On-premises | + | + | +
|
+ | + | + | |
Policy configuration | + | + | –
|
+ | + | – | |
-Accountibility
-Auditing -Reporting |
+
+ + |
+
+ + |
+
+ n/a
|
+
+ + |
+
+ + |
+
+ – |
|
HW features:
-Hot swappable RAID -Dual redudnant power supply -Independent network interfaces -N+2 redundancy |
+
+ + + |
–
+ + + |
n/a
+ + +
|
–
+ + + |
+
+ + +
|
–
– – – |
|
Businsess continuity | + | + | +
|
+ | + | + | |
Security goals:
-Confidentiality -Integrity |
+
+ |
+
+ |
+
+
|
+
+ |
+
+ |
+
+ |
|
GUI | + | + | +
|
+ | + | + | |
Input validation | n/a | n/a | n/a
|
n/a | n/a | n/a | |
User assistance | n/a
|
n/a
|
n/a
|
n/a
|
n/a
|
n/a
|
|
Non-Functional | |||||||
Design specification | + | + | +
|
+ | + | + | |
HA | + | + | +
|
+ | + | + | |
FIPS level 3
|
+ | + | +
|
+ | + | – | |
Vendor-agnostic | – | – | –
|
– | – | – | |
Application-agnostic | -(additinal connectors for each application) | -(additinal connectors for each application)
|
-(additional key listerner)
|
+ | + | + | |
Strategic nature of the product | + | -(the vendor does not support this product in the long term) | +
|
+ | + | + | |
Vendor credibility | + | + | +
|
+ | + | + | |
Vendor support | + | + | +
|
+ | + | + |
Dr. Jurlind Budurushi – Chief cyber Security Officer
Jurlind is working on security challenges in the cloud native approach, focusing on Ku- bernetes. He is a passionate engineer and trainer, and aims to enable and establish an holistic security mindset. In addition, he is a lecturer on Cyber Security