This article discusses how various factors and related controls can affect the effectiveness and strength of the security protection for a cryptographic system.
It gives particular consideration to the requirements of the Payment Card Industry (PCI)
Effectiveness of a cryptographic system depends on many factors
There are several factors that can determine the strength of a cryptographic system. If any one of these factors is neglected, it will drastically lower the protection capability of the system, even though all other factors are operating at full strength. For example, an organization can sometimes make inappropriate choices for a key management system as they install a cryptographic system in their facility.
Understanding the purpose of a cryptographic system
The PCI DSS Requirement 3, “Protect stored cardholder data.” requires cardholder data to be protected at all levels, Cryptography is one important pillar to accomplish this task. Cryptography can be defined as the means to protect stored and transferred data from unauthorized use, and to ensure that such data is protected with appropriate encryption methods (which can be decrypted only by authorized users). Encryption and decryption involve the use of a key (or keys) to transform data between readable and unreadable states.
Although cryptography can be considered primary means of protecting data in computer networks, it is only one component of the total system security solution for an organization. PCI DSS (Payment Card Industry Data Security Standard) requires a set of additional methods to achieve a suitable level of security (the PCI term is “control objectives”) including
- Secure networks (i.e. through firewalls and suitable passwords)
- Vulnerability management programs (with regularly updated anti-virus software)
- Strong access control ( with unique ID numbers and restricted access to cardholder data)
- Regular monitoring and testing of the networks
- Security Policies
To be considered "strong cryptography", a cryptographic system must be based on industry-tested and accepted algorithms, along with appropriate key lengths. An up-to-date key management system should be installed, which is designed to handle all the tasks involved in cryptographic key usage, according to the key management policy and type of technology being used.
Examples of some of the standardized cryptographic algorithms commonly used, along with the minimum recommended key lengths, include:
- AES (128 bits and higher)
- TDES (minimum triple-length keys)
- ECC (160 bits and higher)
- RSA (2048 bits and higher)
- ElGamal (2048 bits and higher)
For more information on acceptable cryptographic algorithms key strengths see NIST Special Publication 800-57 Part 1 .
Hashing functions can also be used to provide stronger protection, and ensures that no part of the data has been modified from the original (the hashed form of data is not reversible. It is used to verify data by comparing it to decrypted data that has been hashed.)
The dependence of cryptographic strength on individual factors
Ultimately, the protection level provided by a cryptographic system depends directly on the strength of the keys, the effectiveness of algorithms, mechanisms, and protocols associated with keys and the protection of the keys themselves. These measures relate to the effectiveness of the key management system, and its ability to operate in accordance with the key management policies of an organization. The protection level for an entire computer network is no greater than the weakest of any of these factors.
Controls for added protection in a cryptographic system
Cryptographic systems which contain keys and cryptographic functions need additional controls to protect critical information from unauthorized disclosure and modification. Three types of controls are described below to explain how they can be applied to provide further protection.
- Accountability - The minimum requirement for accountability is to provide the means to account for all individuals who are able to view a copy of a cryptographic key. More advanced accountability systems are able to identify all individuals or entities that have any type of access to, or control of, cryptographic keys over their entire life span. This can be accomplished by keeping a chronological record of all activities related to key usage. This information is very useful in providing the necessary clues to efficiently recover from a key compromise or disclosure. By using this control method, unauthorized use of a key can be prevented, and if any such use is detected, it provides the means to pinpoint the exact time the compromise occurred, the data that was compromised, the person responsible, and whether or not any other keys were affected. So if any evidence of compromise is detected, the system can determine who, when, where, and what went wrong.
- Audit - Auditing should be performed periodically on a cryptographic system to ensure it is up-to-date, and provides a sufficient level of security according to the KMS policy. The auditing control for key management systems can be divided into three types:
- Policy support - A control should be set up to periodically audit the security plan and the procedures that are developed to support the plan. The key management policy should specify the roles, responsibilities, facilities, and procedures for routinely auditing the keying material and related records to ensure that they continue to support the policy.
- New developments - As new technology is developed and new types of attacks are discovered, the cryptographic functions and other protective mechanisms should be periodically reassessed in their ability to provide the present and expected future levels of security. Any action taken here must continue to support the key management policy.
- Human Use - Anyone that uses, operates, or maintains a cryptographic system has the potential for human error that may cause disruption in the system. Any action by a human on the system should be logged and periodically reviewed to ensure that the appropriate procedures are followed. Any unusual action can be deemed as an indicator of an attempted attack.
Conditions and procedures should also be set up for unscheduled audits that can be triggered anytime that a suspected compromise by an unauthorized user occurs.
The recovery process and damage assessment in these types of failures is much more difficult if involves a key that is used to share information with a large number of users. It is also possible for a large number of related keys to be affected. These tasks are made much simpler if the key can only be used between two users, for example. Therefore, the number of users that have any kind of access to a given key should be kept to a minimum. The issue of Survivability is covered in detail in the blog article: “Ensuring the Survivability of a Cryptographic System”.
- Survivability - Sometimes there are so many keys involved in encrypting and decrypting a message that the intended recipient isn't able to view the message because of the high level of security or some error in accessing a key or related material. Depending on whether the error is related to key access problems or some other type of failure occurs in the system, two possible methods of data recovery are as follows:
- Backup keys - If there is a possibility of error in accessing a key, backups should be maintained of all the keys involved in encrypting and decrypting a message, and any other related keying material
- System redundancy - It may become impossible for a recipient to decode a message if some part of the cryptographic mechanism fails, unless some form of contingency planning is made. Some types of failure include lost key cards or tokens, forgotten passwords, hardware failure, power loss, memory corruption, etc. A backup routine or method should be created to recover any form of lost data or communication capability in these types of cases. The contingency planning should also address these two issues:
- The restoration or accessing mechanisms
- Restoring critical processes while maintaining integrity protection and confidentiality for authorization and authentication.
References and further reading
Image: "-Secure Data-Cyber security-", courtesy of www.bluecoat.com, Flickr (CC BY 2.0)