Key management refers to managing cryptographic keys within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level.
A key management system will also include key servers, user procedures and protocols, including cryptographic protocol design. The security of the cryptosystem is dependent upon successful key management.
This article introduces into key management from a perspective of a CISO or any person in charge of maintaining information security within an organization.
What is a CKMS Policy?
The term CKMS stands for Cryptographic Key Management System. A CKMS Security Policy provides the rules that are to be used to protect keys and metadata that the CKMS supports. This Policy establishes and specifies rules for this information that will protect its:
- Authentication of source
This protection covers the complete key life-cycle from the time the key becomes operational to its elimination.
A CKMS Policy may also include selecting all the cryptographic mechanisms and protocols that may be utilized by the Key Management System. The Policy must remain consistent with the organization’s higher-level policies. For instance, if an organization’s Information Security Policy requires that electronically transmitted information is to receive protection to maintain its confidentiality for 30 years, both the CKMS design and CKMS Security Policy must be able to support that policy.
When designing a Key Management System, a system designer may be not necessarily be a member of the organization that will be using the system. Therefore, he may not have access to the policies of the organization. Often the designer will create a set of policies and features that are commonplace for the organization’s market. The designer will normally then provide documentation to explain how these policies and features are used within the CKMS Security Policy. The organization may choose to work with the design to modify the Policy to better fit their needs. Overall, it is the responsibility of the organization to ensure that the Key Management System design is capable of supporting their CKMS Security Policy.
Often, organizations will use a hierarchy of policies to address their policy requirements. Depending upon the organization’s needs, their hierarchy may consist of multiple levels. A hierarchy may include:
- Top level – Information Management, which specifies the goals for information security and the requirements and expected control actions for lower levels, including:
- Industry standards
- Legal requirements
- Organizational goals
- Second level – Information Security, which provides more information on the actual procedures that will be implemented and enforced to provide the security as specified by the top level. This level includes:
- List of potential threats to keeping the organization’s information secure
- Associated risks
- Guidelines of Data Security Policy
- Outputs to the KMS Security Policy
- Third level – KMS Security Policy, which establishes and provides specifics on protecting keys and metadata. This policy includes:
- Protections used for each key type and its associated metadata
- Retention period for keys and metadata according to the sensitivity of the data being protected
- Domain Security Policy
Key Management Compliance
Key management compliance refers to the oversight, assurance and capability of being able to demonstrate that keys are securely managed. This includes the following individual compliance domains:
- Physical security – the most visible form of compliance, which may include locked doors to secure system equipment and surveillance cameras. These safeguards can prevent unauthorized access to printed copies of key material and computer systems that run key management software.
- Logical security – protects the organization against the theft or unauthorized access of information. This is where the use of cryptographic keys comes in by encrypting data, which is then rendered useless to those who do not have the key to decrypt it.
- Personnel security – this involves assigning specific roles or privileges to personnel to access information on a strict need-to-know basis. Background checks should be performed on new employees along with periodic role changes to ensure security.
Facing Problems and Challenges of Key Management
Managing cryptographic keys can be a challenge, especially for larger organizations that rely upon cryptography for various applications. The primary problems that are associated with managing cryptographic keys include:
- Using the correct procedure to update system certificates and keys
- Updating certificate and keys before they expire
- Dealing with proprietary issues when keeping track of crypto updates with legacy systems
- Locating remote devices that need to be updated
- Lacking overview as to the purpose, location and why various systems are used
Ten Security Tips for a Key Management System
- Document the Security Policy so that it is easily understood.
- Maintain malware protection
- Patch vulnerabilities and turn off non-essential services on servers and devices
- Perform third-party penetration testing
- Make the system easy to use
- Set up remote monitoring
- Define appropriate crypto-periods for keys
- Assign key management system roles and responsibilities
- Meet the goals of the organization’s information security policies
- Define and classify cryptographic zones
Reference and further reading
- NIST Special Publication 800-130 - A Framework for Designing Cryptographic Key Management Systems (2013) by E. Barker, M.Smid, D. Branstad, S. Chokhani
Selected articles on Key Management (2012-16), by Ashiq JA, Dawn M. Turner, Guillaume Forget, James H. Reinholm, Matt Landrock, Peter Landrock, Steve Marshall and Torben Pedersen
Cover-Photo courtesy of Sebastiaan ter Burg