In this final part of the series, we look at how cloud computing will impact the use of cryptography and at the future of HSMs; and finally, we reflect on what you can do to be ready for the advances in cryptography that lie ahead.
Organizations are rapidly adopting cloud technology in the form of Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) because of the efficiency and flexibility benefits it provides, which ultimately results in reduced costs. However, utilizing any form of public or shared infrastructure raises unavoidable security concerns that must be addressed in some way. Thus, the financial industry has been slower to adopt cloud services than other sectors.
One means of protection is provided by encrypting data-at-rest in the cloud. This can be done either by encrypting data at the edge, i.e. before it enters the cloud, or by encrypting it within the cloud. Many solutions are available from cloud vendors, application vendors and other solutions providers. However, the optimum solution depends on a number of factors, such as trustworthiness of the cloud platform, the nature of the data and the type of application making use of the data.
Regardless of where and how the data is encrypted, the most important thing is to ensure the encryption keys are properly managed and kept secure. This is increasingly important when organizations are using many different cloud services and have many keys to manage. An extremely resilient enterprise key management system is a must-have, allowing keys to be generated and managed on-premises and uploaded to the cloud using whatever Bring-Your-Own-Key (BYOK) mechanisms your cloud provider supports.
The problem with encrypting all your data in the cloud is that you can no longer process it there. This is the challenge that homomorphic encryption sets out to solve, albeit with limited success to date. In principle, homomorphic encryption allows computations to be performed on the encrypted data such that the result, when decrypted, is the same of performing those same computations on the original, unencrypted data. Various partially homomorphic and fully-homomorphic systems exist, but their speed and range of application are limited. Nonetheless, we can expect further advances to be made in this field over the next 10 years.
For dependable cryptography, Hardware Security Modules (HSMs) are the solution-of-choice today. They can generate strong keys and perform cryptographic operations at high speed, all within a tamper-resistant device and typically with a recognized independent certification such as FIPS 140-2 or Common Criteria. Such devices are common in the financial industry, where they are even mandated for some applications. However, HSMs are relatively expensive, use complex APIs and are difficult to manage, requiring specialist skills for both development and operations.
Are “Cloud HSMs” the answer? Amazon Web Services (AWS), Microsoft Azure and IBM Cloud all offer Cloud HSMs, and Google is also trialing a new Cloud HSM service for its Cloud Platform. However, these offerings are still in their infancy in terms of the range of services they can provide, not to mention scalability problems. Therefore, if you want to do much more than simple encryption/decryption, and particularly if you want to make use of the functions that specialist payment HSMs offer, you are still stuck with using your own HSM on-premises or in a co-located facility. We may see this start to change as the finance industry seeks better solutions, thereby increasing demand, but it is likely to take many years.
However, there is an emerging class of solution, which includes Cryptomathic’s Crypto Service Gateway (CSG), that takes standard HSMs and turns them into a service, hosted anywhere, and accessible to both cloud and on-premises applications alike. This has numerous benefits, including efficiency, resilience and ease-of-use. Simpler APIs reduce the burden on developers whilst putting control over cryptographic policy in the hands of a single, specialist team. This promises to deliver the holy grail of crypto agility, as cryptographic parameters such as the choice of algorithm and key size can be managed centrally and thus changed quickly without impacting the applications that make use of them. This appears to be a promising solution to some of the challenges mentioned elsewhere in this article and is therefore likely to become increasingly popular over the coming 5-10 years, whilst Cloud HSMs remain immature.
One final twist comes in the form of threshold cryptography, an umbrella term which includes techniques such as multi-party computation (MPC). This field of research recognizes the real-world challenges of implementing cryptography securely, especially where it depends on underlying platforms, such as operating systems and hardware, and particularly where the infrastructure may be shared, such as in cloud environments. The goal of such techniques is to mitigate threats by building in some resilience to indirect attacks, including side-channel attacks.
MPC has the potential of creating robust cryptographic systems that are distributed in nature, rather than relying on rigid, expensive and hard-to-scale hardware implementations (such as HSMs), thereby enabling a more agile, cloud-friendly approach to cryptography. Unfortunately, it could easily take 5-10 years develop standards for threshold cryptography and, critically, to establish methods to validate implementations, and even longer to build trust in such novel solutions. Until then, for all their limitations, HSMs remain the safest option – their closed operating environment enables most threats to be mitigated, and products can be validated against proven standards (e.g. FIPS 140-2).
The progress of cryptanalysis is relentless, forcing a migration away from older, less safe algorithms such as 3DES and RSA towards newer, stronger algorithms such as AES and ECDSA. Moreover, the advent of quantum computing will force a rapid migration to quantum-safe algorithms one day, possibly within the next 10 years. The important take-away here is the need to build crypto agility into new (and even existing) applications to avoid getting locked into older algorithms when the inevitable need to change comes.
The drive to encrypt everything, along with whole new rafts of applications associated with blockchain and IoT, creates an ever-increasing number of keys to manage. A flexible, centralized, enterprise key management system should be introduced before the scale of the problem gets away from you and your ability to protect keys properly and demonstrate compliance are gone.
If quantum computing becomes a reality before reliable quantum-safe algorithms are available, then there will likely be a resurgence of symmetric key cryptography for key establishment, resulting in the need to manage, protect and securely distribute even more keys, maybe even using Quantum Key Distribution.
For applications that demand very high levels of assurance, HSMs are the best choice today and probably will be for many years to come. But it will become increasingly important to find better ways to manage HSMs and to decouple management of cryptography from the development of applications in order to increase crypto agility and simplify compliance.
High-assurance cryptography and cloud computing will remain uncomfortable bedfellows for the foreseeable future, but whatever solutions you apply to managing keys, using HSMs and increasing crypto agility, you’d better be sure they support the inevitable migration of applications to the cloud.
There is no doubt that the next 10 years are going to see major developments in cryptography, and there are doubtless other topics we haven’t even touched on. The only constant is change - are you ready?
References and further reading
- Cryptography – The Next 10 Years (Part 1) (2018), by Rob Stubbs
- Cryptography – The Next 10 Years (Part 2) (2018), by Rob Stubbs
- Cryptography – The Next 10 Years (Part 3) (2018), by Rob Stubbs
- Selected articles on Key Management (2012-today) by Ashiq JA, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Martin Eriksen, Peter Landrock, Peter Smirnoff, Stefan Hansen and more
- Entropy as a Service (retrieved August 2018), by NIST
- Post Quantum Cryptography (retrieved August 2018), by NIST
- Key Establishment Using Symmetric Block Ciphers (July 2018), by NIST
NIST SP800-130: A Framework for Designing Cryptographic Key Management Systems (2013) by Elaine Barker, Miles Smid, Dennis Branstad, and Santosh Chokhani
NIST SP800-57 Part 1 Revision 4: A Recommendation for Key Management (2016) by Elaine Barker
- Selected articles on HSMs (2013-today), by Ashiq JA, Peter Landrock, Peter Smirnoff, Steve Marshall, Torben Pedersen and more