Guide: Achieving Real-world Crypto Agility

ABSTRACT

The use of cryptography is pervasive throughout modern businesses. There are well understood practices for protecting critical cryptographic keys using dedicated hardware devices - Hardware Security Modules (HSMs). But the adoption of these devices can remain time consuming, expensive and inflexible.

This white paper provides a business-focused look at the challenges of cryptography and benefits available from a centrally managed cryptographic platform.

For the general manager wanting to understand more about the practical use of cryptography or the business-process owner needing to rapidly deploy cryptography fro a product or service, this document explores the landscape of 'the business of cryptography'.

Cryptomathic's Crypto Serviced Gateway (CSG) product is introduced as a remedy to many of the challenges: a proven solution to providing an agile cryptographic service; enhancing the behavior of HSMs while improving the time-to-market of business applications

THE BUSINESS OF CRYPTOGRAPHY

Cryptography underpins the security and integrity of almost every aspect of modern business. Authenticating people and processes; securing communications; protecting data - all are made possible using cryptography.

In addition to technically enabling trust and security, most businesses are also covered by legislation, industry schemes or commercial obligations that mandate the use of cryptography (typically encryption) to protect sensitive data.

The business world is thus built and maintained by the pervasive use of cryptography. The consequences of not using cryptography, or doing it badly, are potentially catastrophic. But there are also pragmatic issues related to scaled cryptographic services efficiently and getting the best business value of of these services

CHALLENGES OF BUSINESS CRYPTOGRAPHY

If cryptography is so essential to any modern business, what are the pain-points that exist when deploying or extending its use?

Scaling cryptographic hardware: hsms

Most cryptographic processes use secret keys to identify entities and/or protect data in-flight or at-rest. To ensure good keys are created, and to protect critical keys from theft or misuse, many businesses make use of Hardware Security Modules (HSMs). These specialist devices typically have certifications to standards like FIPS 140-2.

HSMs have excellent security properties but have been slow to adapt to the agile and responsible needs of a modern business processes. They typically require specialists to configure and manage them; use complex APIs to integrate with applications; and provide only basic capabilities to manage keys.

Thus, while HSMs offer remedies to some essential problems, they bring their own challenges related to potentially increased costs, slower deployment times and increased friction when scaling a service or application.

A relatively new but significant problem is the emergence of 'shadow' or 'rogue' cryptography. If the official cryptographic service offered via HSMs is too slow or expensive or complex to be adopted, projects may use unofficial or informal services for they cryptographic needs. This can proliferate unmanaged keys and / or weak practices, exposing the business to high levels of risk.
Central policy control

Cryptography is a specialist field and it is unrealistic to expect this expertise to be widely distributed across a business. Specifically, the application developers that need to invoke functions like "encrypt item xxx" are unlikely to know what constitutes cryptographic best-practice for the data involved.

The challenge for a business is to ensure that cryptography is used consistently and appropriately wherever it is needed. This can be managed by policy, but requires developing, documenting and maintaining appropriate standards, training application developers and performing laborious code reviews and audits. Whenever the policy is updated, large quantities of existing code may have to be checked, updated, reviewed, recompiled, retested and redeployed.
rapid deployment

The consequences of using cryptography are frequently in tension with the desire of a business to innovate and quickly offer new products and services.

The consequence of poor cryptographic decisions (weak or inappropriate algorithms; poor key management) can be catastrophic - exposing sensitive data or allowing inappropriate access to a service. But an overly cautious approach can damage competitiveness and ultimately profitability.

A business needs to balance costs vs. risk and ideally find a solution that supports rapid deployment of services that meet security requirements 'out of the bod' and in a cost-effective way.
'future-proofing' and crypto agility

The algorithms used in modern cryptography have been matured through academic peer-review and industry scrutiny.

However, these are widely discussed attacks on some classes of algorithms that will be possible when quantum computers reach a particular level of scale and performance. And there is always the possibility of a vulnerability being discovered that weakens an algorithm to allow attack using conventional ('classical' computing power.

Both scenarios require some level of agility when planning the use of business cryptography: the phrase crypto-agility is increasingly used for the desirable property of being able to change the key-length, or even being able to change the underlying algorithm, without a disruptive effect on the business processes above.
good key management

The successful adoption of cryptography requires an orchestration of the appropriate keys to be available in the correct place at the correct time. If this fails, then services may fail, data will be made unavailable and a business will risk direct losses of reputational damage.

With a single application and small number of keys this is a relatively tractable situation to manage. But as the adoption of cryptography inevitably increases, the number of keys and the complex relations between applications and keys and HSMs means 'key management' rapidly becomes a significant challenge in its own right.

Many businesses attempt to manage this problem by simply applying more manual. human, effort but the exponential growth in the complexity of the problem means this is impractical.
certification & compliance
As well as ensuring cryptography is used wisely - to protect data and processes - a business will often have to prove compliance with internal of industry-mandated security standards. It's helpful if cryptographic solutions can support both goals: meaningfully improve security and reduce the time and cost to demonstrate compliance.

Common standards that may apply include:
- PCI-DSS
- PCI-PTS
- FIPS 140-2 LEVEL 2/3
- VISA / MASTERCARD Standards
- ISO 27001
Summary
Challenges to mature deployment of cryptography include:
- Scaling HSM use without large cost/inefficiencies
- Asserting and enforcing cryptographic policy correctly and consistently across numerous applications
- Quickly deploying crypto appropriately for new products/services
- Supporting Crypto-Agility for enabling rapid response to 'state of the art' and best-practices changes
- Managing the key life-cycle of an increasing number of keys and orchestrating their availability to applications
- Confidently complying with internal/external standards

INTRODUCING CSG

CSG (Crypto Service Gateway) is a central cryptographic platform that simplifies application integration while ensuring the highest availability and utilization of HSMs. HSM resources are shared between applications, allowing central policy enforcement and management of HSMs. The centralized crypto-policy ensures that correct algorithm and keys are used based on the application-specific crypto-parameters. The policy ensures that access to keys and the execution of crypto operations are limited to the individual applications. Centralized policy enforcement makes compliance audits simple and enables dynamic changes to cryptographic parameters without touching application code.

CSG provides easy-to-use APIs, streamlines application integration to allow more responsive business development and strengthens the process of deploying cryptographic applications. CSG integrates with Cryptomathic's CKMS product to address the key-management needs of applications. CKMS services CSG with keys; supports their full key-lifecycle and can orchestrate the delivery to other applications and services independent of CSG.

CSG 1

Acting as a crypto abstraction layer between the applications and the underlying HSMs, CSG's highly available and resilient architecture guarantees that critical business application have access to the keys they need without interruption. CSG delivers a high-performance service with minimal additional latency ensuring that cryptographic bottlenecks do not compromise business processes.

With CSG, a business can assert control over its crypto estate, reducing risk, increasing efficiency, and allowing confident compliance.

Typical Use-Cases

Banks and financial services which require various payment related operations, e.g. EMVV authorization, PIN management, CVV validation and tokenization.
Technology manufacturers and software companies who need code-signing or format preserving encryption.
Government/national agencies/large enterprises needing high assurance in relation to the use of cryptographic keys.
Organizations such as banks or cloud service providers that want to provide agile HSM crypto services for secure applications.
Enterprises wanting to consolidate the distributed use of HSMs into a more efficient and easier-to-manage pool.

Figure 2: High-Level Deployment Model

DEPLOYMENT MODEL

The figure above shows a typical deployment architecture operating within a single data center. In this setup essential elements, such as the CSG server, Key Management System and HSMs, are duplicated to ensure high-availability. The platform is operated with an active-active availability scenario where all requests are load-balanced across all available nodes.

The CSG infrastructure can also be distributed over multiple data centers/geographic locations. In this setup the core system would typically be running in a single data center, while the applications and HSMs can be co-located in other data centers. This highly flexible architecture allow for agility, both in the use of cryptography and in the location of applications and HSMs.

In addition, the same architecture for the core system would typically be duplicated in a second data center and configured for hot or cold standby. In even of a catastrophic availability event such as loss of an entire data center (or more likely total loss of connectivity to a data center:, this secondary instance of the entire software stack can be brought online.

Once installed, the system is managed using desktop applications and smart-cards for user authentication and authorization. Full control of critical key-policy and permissions is thus possible from an office environment with no routine access required to HSMs or data centers.

BENEFITS OF USING CSG

By using CSG an organization can make substantive improvements to the quality, efficiency, coverage and speed of deployment of business cryptography.

Where HSMs are recommended or mandated CSG can enhance the behavior of an estate by enforcing a centrally-defined policy between calling applications and the HSMs. This delivers confidence that applications only have access to the cryptography they require for correct operation - this 'least privilege' model dramatically reduces the risk of inadvertent (or malicious) application behavior exposing sensitive data or access to systems.

The centrally-defined policy also gives real-world support for Crypto-Agility - where changes can be made to (for example) key-length and/or algorithm support. In the event of a significant breakthrough in cryptanalysis (or other events that inform 'cryptographic best practice') changes can be made without major disruptions to applications and the services they provide.

For businesses that operate under a regulated environment, CSG can make a significant difference to proving cryptographic services and operations are compliant. The strong audit logs produced allow hard evidence of the policies that are applied - delivering proof that this application was granted access to (only) these keys and only for these permitted operations.

Using CSG reduces the friction and cost of using HSMs - so that more applications can benefit from them. When necessary, the HSM farm 'behind' CSG can be expanded to offer greater overall performance and/or specialist crypto functions. If the HSMs need to be updated or replaced these can be temporarily removed from the pool of available HSMs and later be reinstated without affecting the service.

Adopting CSG automatically brings the benefits of a proven key-management system: the integration with CKMS ensures good keys are generated and managed through their lifecycle. The same keys used by applications via CSG can be automatically shared with other applications and services. Keys are securely held and managed in CKMS's database.

CSG allows for the rapid on-boarding of new business applications. Security officers can easily enrol new applications by making the appropriate crypto functions and keys available. Application developers can then quickly hook-up to the cryptographic services CSG provides using its native or industry-standard APIs and start utilizing the pool of HSMs.

SUMMARY OF CSG BENEFITS

Reduce costs through shared infrastructure and increased HSM utilization
Centralizes policy and control over all crypto operations and key management; keeping crypto decisions in the hands of the security team and facilitating Crypto-Agility
Enables complete central management and monitoring over entire HSM real-estate
Provides easy-to-read audit logs for proof of compliance
Offers simple-to-use API for increased development velocity and reduced time to market

PRODUCT ARCHITECTURE

CSG is a software service layer that sits between business applications and a small cluster of HSMs. It consists of a server component, client libraries and a graphical administration client for managing server configurations. It is operated together with the Cryptomathic Crypto Key Management System (CKMS), to ensure that critical keys are well-managed from creation to retirement and available whenever and where they are needed.

CSG provides a variety of integration options that the applications can use to send commands to CSG, which among others cover client libraries, a RESTful interface and standard interfaces such as PKCS#11.

For an application to get access to CSG and the cryptographic keys, they must be enrolled into the system. Besides requiring TLS protected network connections from the applications, CSG enforces an additional layer of access control, which is used for authentication of the calling application to ensure that it only gets access to crypto operations and keys that it is permitted to use. Once commands have been authorized the work is distributed between the available hSMs, which typically are network attached and configured to work with more than one CSG instance for resilience reasons.

Configuration of the system is done through the provided administration clients for CSG and CKMS. These allow for the administrators to make changes to the system and also provides performance monitoring of CSG.

CSG 4 Figure 3: CSG Architecture & Components

INTEGRATION OPTIONS

CSG provides a variety of integration options both in terms of application interfaces and HSM integrations. Application developers can use one of the following APIs to send commands to CSG:

CSG client libraries
CSG RESTful
PKCS#11
Java Cryptography Extension (JCE)
Microsoft Crypto API (CSP)
Cryptography Next Generation (CNG)

The wide-range of API options gives flexibility of choice when integrating legacy of new applications whether 'home-grown' or commercial 'off-the-shelf'.

Client Libraries

The CSG client libraries are feature rich APIs which are available for JAVA, .NET, and C++. Each client library offers two different APIs: one based on CQL (Crypto Query Language) strings and one based on normal object-oriented principles. The client libraries have built in load balancing, failover and keep alive functionality to ensure high availability and resiliency.

RESTful API

The RESTful interface allows for simpler integration since there is no need for an additional client-side library.

A call to the RESTful API is performed via and HTTP request. The message body accompanying the request contains a JSON message identifying the cryptographic operation and its input. The JSON message format is inspired by the CQL language used in the other CSG libraries. For high availability it is recommended to use the RESTful API together with an external load balancer.

Standard Interface

Not all applications can use the CQL interface. Products bought from third-parties are typically unmodifiable, while legacy home-grown applications may not have budget (yet) to be adjusted to use CQL. For these situations, CSG also offer an industry-standards PKCS#11 interface, a JCE provider as well as a CSP and a CNG

HSM Integration

The 'back-end' integration is with a small estate of HSMs which delivers efficient service to applications, orchestrated by CSG. The HSMs are typically accessed via standard PKCS#11 API call, augmented with special commands for e.g. payments functions. The HSMs can optionally be customized by running custom-code to deliver bespoke commands - this code can be provided by Cryptomathic. CSG supports a wide-range of leading HSMs including:

Atalla - Utimaco (formerly HPE/Microfocus
nCipher nShield
SafeNet/Gemalto
Thales payShield
Utimaco

SECURITY PROMISES

CSG enhances the raw capabilities of an HSM estate by providing:

Fine-grained permissions of key use (policy application)
Strong authentication of applications
Strong authentication of users (managers) of the system
Dual control for policy changes
Secure logging of both configuration changes and system usage

CSG has a highly secure designing that is engineered to protect against sophisticated attacks. These include defences against:

Access to tun-time server memory
Replacing server code
Malicious admin clients/changes to client code
Read/write file system
'Man-in-the-middle' eaves dropping on system interfaces

The CSG system works in partnerships with Cryptomathic's CKMS Key Management product to ensure that keys are fully managed through their lifecycle, are generated in an HSM and are recoverable (With appropriate permissions). CKMS can also orchestrate the delivery of keys to online and offline applications, in parallel with those made available to CSG.

cryptomathic_symbol_core_negative_transparent

Achieving Real-World Crypto-Agility: A Guide for Banks & Financials

How A Business Can Assert Control Over Its HSM Estate, Reduce Risk, Increase Efficiency & Attain Confident Compliance - With Crypto Service Gateway

ABSTRACT

THE BUSINESS OF CRYPTOGRAPHY

CHALLENGES OF BUSINESS CRYPTOGRAPHY

Scaling cryptographic hardware: hsms

Central policy control

rapid deployment

'future-proofing' and crypto agility

good key management

certification & compliance