Managing Risks in Cryptographic Key Management

With the growing need for cryptography solutions to protect digital assets and communications, the ever-present security holes in modern computer systems, and the growing sophistication of cyber attacks, it has never been more important or harder to keep your cryptographic keys safe and secure.

A single compromised key could result in a massive data breach, resulting in reputational damage, punitive regulatory fines, and a loss of investor and customer trust.

In this article, we look at why cryptographic keys are one of your company’s most precious assets, how these keys can be compromised, and what you can do to better protect them—thereby reducing corporate risk and enhancing your company’s cyber-security posture.

Introduction

Cryptography solutions lay at the heart of the modern business - protecting electronic communications and financial transactions, maintaining the privacy of sensitive data and enabling secure authentication and authorization. New regulations like GDPR and PSD2, the commercial pressure for digital transformation, the adoption of cloud technology and the latest trends in IoT and blockchain/DLT all help drive the need to embed cryptography into virtually every application – from toasters to core banking systems!

The good news is that modern cryptographic algorithms, when implemented correctly, are highly-resistant to attack – their only weak point is their keys. However, if a key is compromised, then it’s game over! This makes such encryption key management solutions one of your company’s most precious assets, and they should be treated as such. The value of any key is equivalent to the value of all the data and/or assets it is used to protect.

There are three primary types of keys that need to be kept safe and secure:

1. Symmetric keys – typically used to encrypt bulk data with symmetric algorithms like 3DES or AES; anyone with the secret key can decrypt the data

2. Private keys – the secret half of public/private key pairs used in public-key cryptography with asymmetric algorithms like RSA or ECDSA; anyone with the private key can impersonate the owner of the private key to decrypt private data, gain unauthorized access to systems or generate a fraudulent digital signature that appears authentic

3. Hash keys – used to safeguard the integrity and authenticity of data and transactions with algorithms like HMAC-SHA256; anyone with the secret key can impersonate the originator of the data/transactions and thus modify the original data/transactions or create entirely false data/transactions that any recipient will believe is authentic

With an ever-increasing number of keys to protect, and an ever-increasing value of data being protected by those keys, not to mention the demands of PCI-DSS or GDPR, this is a challenge that nearly every business needs to face and address as a matter of urgency.

Key Management Risks - What dangers await?

There are many threats that can cause a key to be compromised. Most of the time, you won't know the key has been compromised until the attacker uses it, which makes the threats even more dangerous. Here are some of the biggest dangers to think about:

Weak keys

A key is essentially just a random number – the longer and more random it is, the more difficult it is to crack. The strength of the key should be appropriate for the value of the data it is protecting and the period of time for which it needs to be protected. The key should be long enough for its intended purpose and generated using a high-quality (ideally certified) random number generator (RNG), ideally collecting entropy from a suitable hardware noise source.

There are many instances where poor RNG implementation has resulted in key vulnerabilities.

Incorrect use of keys

Each key should be generated for a single, specific purpose (i.e. the intended application and algorithm) – if it is used for something else, it may not provide the expected or required level of protection.

Re-use of keys

Improper re-use of keys in certain circumstances can make it easier for an attacker to crack the key.

Non-rotation of keys

If a key is over-used (e.g. used to encrypt too much data), then it makes the key more vulnerable to cracking, especially when using older symmetric algorithms; it also means that a high volume of data could be exposed in the event of key compromise. To avoid this, keys should be rotated (i.e. updated / renewed) at appropriate intervals.

Inappropriate storage of keys

Keys should never be stored alongside the data that they protect (e.g. on a server, database, etc.), as any exfiltration of the protected data is likely to compromise the key also.

Inadequate protection of keys

Even keys stored only in server memory could be vulnerable to compromise. Where the value of the data demands it, keys should be encrypted whenever stored and only be made available in unencrypted form within a secure, tamper-protected environment and even (in extreme cases) kept offline.

There have been a number of vulnerabilities that could expose cryptographic keys in server memory including Heartbleed, Flip Feng Shui  and Meltdown/Spectre.

Insecure movement of keys

It is often necessary to move a key between systems. This should be accomplished by encrypting (“wrapping”) the key under a pre-shared transport key (a key encryption key, or KEK), which may be either symmetric or asymmetric. Where this is not possible (e.g. when sharing symmetric transport keys to bootstrap the system), the key should be split into multiple components that must then be kept separate until being re-entered into the target system (and then the components are destroyed).

Non-destruction of keys

Keys should be destroyed (i.e. securely deleted, leaving no trace) once they have expired, unless explicitly required for later use (e.g. to decrypt data). This removes the risk of accidental compromise at some future date.

Insider threats (user authentication, dual control, segregation of roles)

One of the biggest classes of threat that a key faces is insider threats. If a rogue employee has unfettered access to a key, they might use it for a malicious purpose or pass it onto someone else to the same end.

Lack of resilience

Not only must the confidentiality and integrity of keys be protected, but also their availability. If a key is not available when required, or worse still lost due to some fault, accident or disaster with no backup available, then the data it is protecting may also be inaccessible / lost.

Lack of audit logging

If the key lifecycle is not fully recorded or logged, it will be more difficult to identify when a compromise has happened and any subsequent forensic investigation will be hampered.

Manual key management processes

The use of manual key management processes, using paper or inappropriate tools such as spreadsheets and accompanied by manual key ceremonies, can easily result in human errors that often go unnoticed and may leave keys highly vulnerable.

Mitigating the threats

So, what can be done to counter these threats and keep your keys (and your company) safe?

The only effective way to mitigate these threats is to use a dedicated electronic key management system, ideally a mature, proven solution from a reputable provider with good customer references. Any such encryption key management solution should utilize a hardware security module (HSM) to generate and protect keys, and to underpin the security of the whole system. If well-designed, such a system will offer the following benefits:

• Full lifecycle management of keys

• Generation of strong keys using a FIPS-certified RNG and hardware entropy source

• Protection of keys using a tamper-resistant HSM

• Strict policy-based controls to prevent the misuse/reuse of keys

• Automatic key rotation

• Automatic secure key distribution

• The ability to securely import/export keys in components or under a transport key

• The ability to securely destroy keys at the end of their lifecycle

• Strong user authentication, segregation of duties, and dual control over critical operations

• Intuitive user interface and secure workflow management to minimize the risk of human error

• Support for high-availability and business continuity

• Tamper-evident audit log, usage log and key histories for demonstrating compliance

• Ability to respond quickly to any detected compromise

Not only will such an encryption key management solution help protect your keys, it will also boost efficiency, reduce reliance on highly-skilled personnel, and simplify achieving, maintaining and demonstrating compliance with a multitude of standards and regulations such as GDPR, PCI-DSS, HIPAA, SOX and ISO 27001.

The biggest danger of all …

.. is inaction! The impact of a key compromise can be substantial:

• Forensic investigation costs

• Remediation costs

• Loss of sensitive information (e.g. industry secrets)

• Loss of competitive advantage

• Direct financial losses (e.g. illegitimate financial transactions)

• Litigation

• Compensation to customers

• Fines

• Loss of reputation

• Loss of business

• Reduction in share price

• Dismissed executives

• Business closing down (as has been the result of some other data breaches)

Duty of reasonable care

An interesting court case in the USA as long ago as 1932, T.J. Hooper v. Northern Barge Corp., established that a company still has a reasonable duty of care towards using available technology, even where such technology may not be regarded as industry standard.

A company operates two tugs, each towing three barges full of coal for delivery. En route, the tugs encountered a storm which sank the last barge of each tug's tow. The evidence suggests that there was a weather report broadcast over radio which would have warned the tug-captains of the weather and persuaded them to put into harbor. However, the tug-captains only had private radio receiving sets which were broken and their employer did not furnish them with sets for work. At the time of the incident, there was no industry standard or custom of furnishing all boats with radio receivers. 

The ruling concluded that “There are precautions so imperative that even their universal disregard will not excuse their omission … We hold the tugs therefore because had they been properly equipped, they would have got the Arlington reports. The injury was a direct consequence of this unseaworthiness.”

If we translate that into today’s world of encryption key management solutions, in the event of a legal case resulting from a key being compromised, a court may well find that if the defendant wasn’t using an encryption key management solution, a readily-available technology that could have prevented the incident, even though the use of such key management systems may not be considered industry-standard, then the defendant could be held to not be exercising a reasonable duty of care. The moral is that it is better to be seaworthy than to capsize through a lack of reasonable care!

References

• Key Size (retrieved 2018), Wikipedia
• NIST Special Publication 800-90B “Recommendation for the Entropy Sources Used for Random Bit Generation” (2018), by Meltem Sönmez Turan, Elaine Barker, John Kelsey, Kerry A. McKay, Mary L. Baish, Mike Boyle, National Institute of Standards and Technology 
• Random Number Generator Attack, section "Prominent Examples" (retrieved 2018), Wikipedia 
• On the Practical (In-)Security of 64-bit Block Ciphers (2016), by Karthikeyan Bhargavan, Gaëtan Leurent  
• The Heartbleed Bug (2018), by Synopsis Inc.  
• Flip Feng Shui vulnerability (2018), Systems and Security Group, VU Amsterdam

• Meltdown & Spectre – What you Need to Know about Protecting your Keys (2018), Rob Stubbs

• Meltdown and Spectre - Vulnerabilities in modern computers leak passwords and sensitive data (2018), MeltdownAttack

• The Radio-less Industry Standard Case (1932 / 2018), by Jonathan Zittrain, edited and republished by: Shailin Thomas, T.J. Hooper v. Northern Barge Corp.: https://h2o.law.harvard.edu/collages/4968
• Cryptomathic blog articles relating to Key Management