This article evaluates and compares manual and automated cryptographic key management. It looks at security-related issues as well as organizational and economic aspects.
Taking care of your crypto keys
Here’s an example of a system administrator’s “TODO” list at some company:
1. Change X.509 certificate and key in company website - the certificate is expired
2. Install boot key on new servers (written shortly, probably means keys in TPM)
3. Install new keys for a “client-bank”. Seven smart-cards
4. Re-encrypt file storage, as described by company policy
5. Change (planned) backup key
6. Install new key instead of expired one in workflow - messages stopped, no one can sign documents
7. Re-install corporate CA certificate to all machines (pain, pain!)
8. Add some new root CA to domain policy
9. One user has lost his smart-card, deploy a new one instead
10. A certificate revocation list is outdated. Investigate.
One day, 10 hours of installation, re-generation, change - all about certificates and keys. And all this supposing there is only one location and one central HSM ...
Modern corporate infrastructure is complex, filled by cryptographic operations, and big. The average corporation can use thousands of computers with disks, domains, digital signature keys, plus it has servers with TLS/SSL, plus some B2B system, plus smart-cards, etc. Furthermore, if you use special applications (like a bank), you will have additional policies about private data management, access control, inter-bank exchange. In many sectors, you have to go through security audits to meet external regulatory requirements and widely accepted security standards.
Disadvantages of ‘manual’ key management
1. It consumes a lot of time, even in simple cases
2. If you have hundreds of keys to watch, this is a problem
3. It is error-prone: for instance, no one can guarantee that you install the right key or trusted certificate
4. Even if you DO have explicit paper-based policies, you can just forget to follow some rule(s)
5. If you made a mistake, it can pause, stop or destroy your business
6. Security audits are very difficult to implement
7. Manual key management is size sensitive: the bigger, larger or heterogeneous an infrastructure is, the more complex and error-prone manual key management becomes
Automated key management
All my experiences assures me that a computer system is not a static building. It's a living organism, where cryptographic keys are an important part. Keys are like blood cells in a real biologic organism - they are being created, live and die. This synthetic life, and the life cycle of cryptographic keys, should follow specific rules, be consistent and shouldn’t take up too much resources, otherwise the whole organism gets sick or dies. In the same way automatic key management has many advantages:
1. It is faster and more economic during operation
2. Better at responding to changing requirements in a flexible way
3. All keys can be rotated on-time, automatically, with limited human intervention
4. All keys are demonstrably secure
5. All operations are logged
6. The whole system is observable and auditable
7. Keys can be managed centrally across locations and domains
8. Effective use of HSMs for new applications and legacy systems
On the other hand, there are disadvantages:
1. Automatic key management systems are expensive, if you only have a limited number of keys and applications
2. They can be difficult to set up in the short term
3. They require moderate human attention (for instance security incidents)
4. You have to adopt your software to a key management system
Location and time factors
In fact, even if you do have HSMs, you just have boxes, full of keys. Imagine an enterprise distributed across several locations. Instead of one person, looking after keys, you need to have many. It gets worse if locations have different GMT offsets - like Europe and the USA. This increases your nightmares. The nightmare has a name - “key dependencies”. A key may depend on another key and another. To provide key change integrity, we need a system managing all HSMs or secure end-points.
Now if we have a centralized and automated key management system (KMS), then we can, from one central console, monitor the keys, change them, and audit them. The system rotates your encryption keys - on time, and on every side in every location in every time zone. Your cryptographic security becomes well coordinated. Now nobody is able to hack your system because of one compromised or expired key, that has not been changed by somebody in the distant office.
Importance of centralized cryptographic policy
The topic I mentioned above has continuation. If you have some subordinates - a branch office, affiliates, partners, the policy should be united. This is hard to implement if your branch has a different approach and different rules. Imagine a newly invented technology that you need to keep secret. The technology files should be encrypted and transferred to a branch from the headquarters. Let say, the encryption key becomes compromised and the files must be re-encrypted by a new key. You DID re-encrypt files, what about your branch? Did they re-encrypt, didn't they? If you DO have a KMS, they DID. If you DON'T, the files in the branch may remain unprotected and you failed!
The universal, coordinated and united policy is important. To enforce policy across ALL your business, without exceptions you have to use a system - the key management system. People (in every country) are lazy (basically) - it's nature. Moreover, every human thinks differently and interprets papers differently.
There is another example, related to a central policy - it's a corporate network. If your company has many routers managed locally in separate branches, sometimes network segments will fail - due to human errors and misinterpretations. If you have the right management software and use OSPF (Open Shortest Path First) , you (alone) can see all routes in all network equipment and be sure that branch staff (may be not qualified enough!) will not mess the routing mechanism.
Cryptography is a complicated matter at any level. It has complicated theory, implementation and usage. It's quite unlikely that every branch you have has a cryptography-aware employee. So, it will be VERY wise from you side to use HSMs with a key management system - and hire the limited number of people required to supervise all keys.
References and further reading
- Selected articles on Key Management (2012-today) by Ashiq JA, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Martin Eriksen, Peter Landrock, Peter Smirnoff, Stefan Hansen and more
- Selected articles on HSMs (2013-17), by Ashiq JA, Peter Landrock, Peter Smirnoff, Steva Marshall, Torben Pedersen and more