What is Key Management? a CISO Perspective

Key management refers to managing cryptographic keys within a cryptosystem. It is concerned with the generation, exchange, storage, use, and replacement of keys at the user level.
Key servers, user procedures, and protocols, including cryptographic protocol design, will all be part of a key management system. The cryptosystem's security is dependent on successful key management.

This article introduces key management from the perspective of a CISO or any person in charge of maintaining information security within an organization.

What is a CKMS Policy?

The term "CKMS" stands for Cryptographic Key Management System. A CKMS Security Policy provides the rules that are to be used to protect keys and metadata that the CKMS supports. This policy establishes and specifies rules for this information that will protect:

• Confidentiality
• Integrity
• Availability
• Authentication of source

This protection covers the complete key life-cycle from the time the key becomes operational to its elimination.

A CKMS policy may also include the selection of all cryptographic mechanisms and protocols that the Key Management System may use. The policy must remain consistent with the organization’s higher-level policies. For example, if an organization's information security policy requires that electronically transmitted information be protected to ensure its confidentiality for 30 years, both the CKMS design and the CKMS security policy must be capable of supporting that policy.

When designing a key management system, a system designer may not necessarily be a member of the organization that will be using the system. Therefore, he may not have access to the policies of the organization. Often, the designer will come up with a set of policies and features that are typical for the organization's market. The designer will then usually give documentation that explains how these policies and features are used in the CKMS Security Policy. The organization may choose to work with the designer to modify the policy to better fit their needs. Overall, it is the responsibility of the organization to ensure that the key management system design is capable of supporting their CKMS security policy.

Often, organizations will use a hierarchy of policies to address their policy requirements. Depending upon the organization’s needs, their hierarchy may consist of multiple levels. A hierarchy may include:

• Top level – Information Management, which specifies the goals for information security and the requirements and expected control actions for lower levels, including:
  • Industry standards
  • Legal requirements
  • Organizational goals
• Second level – Information Security, which provides more information on the actual procedures that will be implemented and enforced to provide the security as specified by the top level. This level includes:
  • List of potential threats to keeping the organization’s information secure
  • Associated risks
  • Guidelines of Data Security Policy
  • Outputs to the KMS Security Policy
• Third level – Key Management System Security Policy, which establishes and provides specifics on protecting keys and metadata. This policy includes:
  • Protections used for each key type and its associated metadata
  • Retention period for keys and metadata according to the sensitivity of the data being protected
  • Domain Security Policy
    
    

Key Management Compliance

Key management compliance refers to the oversight, assurance and capability of being able to demonstrate that keys are securely managed. This includes the following individual compliance domains:

• Physical security – the most visible form of compliance, which may include locked doors to secure system equipment and surveillance cameras. These safeguards can prevent unauthorized access to printed copies of key material and computer systems that run key management software.
• Logical security – protects the organization against the theft or unauthorized access of information. This is where the use of cryptographic keys comes in by encrypting data, which is then rendered useless to those who do not have the key to decrypt it.
• Personnel security – this involves assigning specific roles or privileges to personnel to access information on a strict need-to-know basis. Background checks should be performed on new employees along with periodic role changes to ensure security.
  
  

Facing Problems and Challenges of Key Management

Managing cryptographic keys can be a challenge, especially for larger organizations that rely upon cryptography for various applications. The primary problems that are associated with managing cryptographic keys include:

• Using the correct procedure to update system certificates and keys
• Updating certificate and keys before they expire
• Dealing with proprietary issues when keeping track of crypto updates with legacy systems
• Locating remote devices that need to be updated
• Lacking overview as to the purpose, location and why various systems are used
  
  

Ten Security Tips for a Key Management System

1. Document the Security Policy so that it is easily understood.
2. Maintain malware protection
3. Patch vulnerabilities and turn off non-essential services on servers and devices
4. Perform third-party penetration testing
5. Make the system easy to use
6. Set up remote monitoring
7. Define appropriate crypto-periods for keys
8. Assign key management system roles and responsibilities
9. Meet the goals of the organization’s information security policies
10. Define and classify cryptographic zones

Reference and further reading

• NIST Special Publication 800-130 - A Framework for Designing Cryptographic Key Management Systems (2013) by E. Barker, M.Smid, D. Branstad, S. Chokhani

• Selected articles on Key Management (2012-16), by Ashiq JA, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Matt Landrock, Peter Landrock, Steve Marshall and Torben Pedersen  

  Cover-Photo courtesy of Sebastiaan ter Burg