With the growing need for cryptography to protect digital assets and communications, the ever-present security holes in modern computer systems, and the growing sophistication of cyber attacks, it has never been more important or harder to keep your cryptographic keys safe and secure.
A single compromised key could result in a massive data breach, resulting in reputational damage, punitive regulatory fines, and a loss of investor and customer trust.
In this article, we look at why cryptographic keys are one of your company’s most precious assets, how these keys can be compromised, and what you can do to better protect them—thereby reducing corporate risk and enhancing your company’s cyber-security posture.
Cryptography lies at the heart of the modern business - protecting electronic communications and financial transactions, maintaining the privacy of sensitive data and enabling secure authentication and authorization. New regulations like GDPR and PSD2, the commercial pressure for digital transformation, the adoption of cloud technology and the latest trends in IoT and blockchain/DLT all help drive the need to embed cryptography into virtually every application – from toasters to core banking systems!
The good news is that modern cryptographic algorithms, when implemented correctly, are highly-resistant to attack – their only weak point is their keys. However, if a key is compromised, then it’s game over! This makes such cryptographic keys one of your company’s most precious assets, and they should be treated as such. The value of any key is equivalent to the value of all the data and/or assets it is used to protect.
There are three primary types of keys that need to be kept safe and secure:
Symmetric keys – typically used to encrypt bulk data with symmetric algorithms like 3DES or AES; anyone with the secret key can decrypt the data
Private keys – the secret half of public/private key pairs used in public-key cryptography with asymmetric algorithms like RSA or ECDSA; anyone with the private key can impersonate the owner of the private key to decrypt private data, gain unauthorized access to systems or generate a fraudulent digital signature that appears authentic
Hash keys – used to safeguard the integrity and authenticity of data and transactions with algorithms like HMAC-SHA256; anyone with the secret key can impersonate the originator of the data/transactions and thus modify the original data/transactions or create entirely false data/transactions that any recipient will believe is authentic
With an ever-increasing number of keys to protect, and an ever-increasing value of data being protected by those keys, not to mention the demands of PCI-DSS or GDPR, this is a challenge that nearly every business needs to face and address as a matter of urgency.
Key Management Risks - What dangers await?
There are many threats that can cause a key to be compromised. Most of the time, you won't know the key has been compromised until the attacker uses it, which makes the threats even more dangerous. Here are some of the biggest dangers to think about:
A key is essentially just a random number – the longer and more random it is, the more difficult it is to crack. The strength of the key should be appropriate for the value of the data it is protecting and the period of time for which it needs to be protected. The key should be long enough for its intended purpose and generated using a high-quality (ideally certified) random number generator (RNG), ideally collecting entropy from a suitable hardware noise source.
There are many instances where poor RNG implementation has resulted in key vulnerabilities.
Incorrect use of keys
Each key should be generated for a single, specific purpose (i.e. the intended application and algorithm) – if it is used for something else, it may not provide the expected or required level of protection.
Re-use of keys
Improper re-use of keys in certain circumstances can make it easier for an attacker to crack the key.
Non-rotation of keys
If a key is over-used (e.g. used to encrypt too much data), then it makes the key more vulnerable to cracking, especially when using older symmetric algorithms; it also means that a high volume of data could be exposed in the event of key compromise. To avoid this, keys should be rotated (i.e. updated / renewed) at appropriate intervals.
Inappropriate storage of keys
Keys should never be stored alongside the data that they protect (e.g. on a server, database, etc.), as any exfiltration of the protected data is likely to compromise the key also.
Inadequate protection of keys
Even keys stored only in server memory could be vulnerable to compromise. Where the value of the data demands it, keys should be encrypted whenever stored and only be made available in unencrypted form within a secure, tamper-protected environment and even (in extreme cases) kept offline.
There have been a number of vulnerabilities that could expose cryptographic keys in server memory including Heartbleed, Flip Feng Shui and Meltdown/Spectre.
Insecure movement of keys
It is often necessary to move a key between systems. This should be accomplished by encrypting (“wrapping”) the key under a pre-shared transport key (a key encryption key, or KEK), which may be either symmetric or asymmetric. Where this is not possible (e.g. when sharing symmetric transport keys to bootstrap the system), the key should be split into multiple components that must then be kept separate until being re-entered into the target system (and then the components are destroyed).
Non-destruction of keys
Keys should be destroyed (i.e. securely deleted, leaving no trace) once they have expired, unless explicitly required for later use (e.g. to decrypt data). This removes the risk of accidental compromise at some future date.
Insider threats (user authentication, dual control, segregation of roles)
One of the biggest classes of threat that a key faces is insider threats. If a rogue employee has unfettered access to a key, they might use it for a malicious purpose or pass it onto someone else to the same end.
Lack of resilience
Not only must the confidentiality and integrity of keys be protected, but also their availability. If a key is not available when required, or worse still lost due to some fault, accident or disaster with no backup available, then the data it is protecting may also be inaccessible / lost.
Lack of audit logging
If the key lifecycle is not fully recorded or logged, it will be more difficult to identify when a compromise has happened and any subsequent forensic investigation will be hampered.
Manual key management processes
The use of manual key management processes, using paper or inappropriate tools such as spreadsheets and accompanied by manual key ceremonies, can easily result in human errors that often go unnoticed and may leave keys highly vulnerable.
Mitigating the threats
So, what can be done to counter these threats and keep your keys (and your company) safe?
The only effective way to mitigate these threats is to use a dedicated electronic key management system, ideally a mature, proven solution from a reputable provider with good customer references. Any such key management system should utilize a hardware security module (HSM) to generate and protect keys, and to underpin the security of the whole system. If well-designed, such a system will offer the following benefits:
Full lifecycle management of keys
Generation of strong keys using a FIPS-certified RNG and hardware entropy source
Protection of keys using a tamper-resistant HSM
Strict policy-based controls to prevent the misuse/reuse of keys
Automatic key rotation
Automatic secure key distribution
The ability to securely import/export keys in components or under a transport key
The ability to securely destroy keys at the end of their lifecycle
Strong user authentication, segregation of duties, and dual control over critical operations
Intuitive user interface and secure workflow management to minimize the risk of human error
Support for high-availability and business continuity
Tamper-evident audit log, usage log and key histories for demonstrating compliance
Ability to respond quickly to any detected compromise
Not only will such a system help protect your keys, it will also boost efficiency, reduce reliance on highly-skilled personnel, and simplify achieving, maintaining and demonstrating compliance with a multitude of standards and regulations such as GDPR, PCI-DSS, HIPAA, SOX and ISO 27001.
The biggest danger of all …
.. is inaction! The impact of a key compromise can be substantial:
Forensic investigation costs
Loss of sensitive information (e.g. industry secrets)
Loss of competitive advantage
Direct financial losses (e.g. illegitimate financial transactions)
Compensation to customers
Loss of reputation
Loss of business
Reduction in share price
Business closing down (as has been the result of some other data breaches)
Duty of reasonable care
An interesting court case in the USA as long ago as 1932, T.J. Hooper v. Northern Barge Corp., established that a company still has a reasonable duty of care towards using available technology, even where such technology may not be regarded as industry standard.
A company operates two tugs, each towing three barges full of coal for delivery. En route, the tugs encountered a storm which sank the last barge of each tug's tow. The evidence suggests that there was a weather report broadcast over radio which would have warned the tug-captains of the weather and persuaded them to put into harbor. However, the tug-captains only had private radio receiving sets which were broken and their employer did not furnish them with sets for work. At the time of the incident, there was no industry standard or custom of furnishing all boats with radio receivers. [source]
The ruling concluded that “There are precautions so imperative that even their universal disregard will not excuse their omission … We hold the tugs therefore because had they been properly equipped, they would have got the Arlington reports. The injury was a direct consequence of this unseaworthiness.”
If we translate that into today’s world of key management, in the event of a legal case resulting from a key being compromised, a court may well find that if the defendant wasn’t using a key management system, a readily-available technology that could have prevented the incident, even though the use of such key management systems may not be considered industry-standard, then the defendant could be held to not be exercising a reasonable duty of care. The moral is that it is better to be seaworthy than to capsize through a lack of reasonable care!
- Key Size (retrieved 2018), Wikipedia
- NIST Special Publication 800-90B “Recommendation for the Entropy Sources Used for Random Bit Generation” (2018), by Meltem Sönmez Turan, Elaine Barker, John Kelsey, Kerry A. McKay, Mary L. Baish, Mike Boyle, National Institute of Standards and Technology
- Random Number Generator Attack, section "Prominent Examples" (retrieved 2018), Wikipedia
- On the Practical (In-)Security of 64-bit Block Ciphers (2016), by Karthikeyan Bhargavan, Gaëtan Leurent
- The Heartbleed Bug (2018), by Synopsis Inc.
- Flip Feng Shui vulnerability (2018), Systems and Security Group, VU Amsterdam
Meltdown & Spectre – What you Need to Know about Protecting your Keys (2018), Rob Stubbs
Meltdown and Spectre - Vulnerabilities in modern computers leak passwords and sensitive data (2018), MeltdownAttack
- The Radio-less Industry Standard Case (1932 / 2018), by Jonathan Zittrain, edited and republished by: Shailin Thomas, T.J. Hooper v. Northern Barge Corp.: https://h2o.law.harvard.edu/collages/4968
- Other Cryptomathic blog articles relating to Key Management: https://www.cryptomathic.com/news-events/blog/topic/key-management