an introduction to key management for secure storage data-at-rest (dar) “protecting the...
TRANSCRIPT
An Introduction to Key Management for Secure Storage
Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 22
SNIA Legal Notice
The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may use this material in presentations and literature under the following conditions:
Any slide or slides used must be reproduced without modificationThe SNIA must be acknowledged as source of any material used in the body of any document containing material from these presentations.
This presentation is a project of the SNIA Education Committee.
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 3
Abstract
An Introduction to Key Management for Secure Storage
As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices
to establishing effective key management policies. Without the proper generation, distribution, storage, and recovery of key material,
valuable data will be eventually compromised. Worse, without proper management of key information, data can be completely lost.
This session explores the fundamental issues and technologies that impact key management for disk, tape, array, and other storage devices. Major issues associated symmetric encryption keys are presented, along with practical advice on effective key management issues and practices.
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 4
The Key Management Problem
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 5
The Key Management Problem
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 6
The Key Management Problem
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 7
Data At Rest
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 8
Data At Rest
Random Access DevicesDisk Drives
Sequential Access DevicesTape Drives
Other MediaOptical Media
Data in Flight is Still Important!
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 9
Data At RestStorageElement Description
Data-At-Rest(DAR)
“Protecting the confidentiality, integrity and/or availability of data residing on servers, storage arrays, NAS appliances and other media”
Storage Resource
Management(SRM)
“Securely provisioning, monitoring, tuning, reallocation, and controlling the storage resources so that data may be stored and retrieved.”
Storage System Security
(SSS)
“Securing embedded operating systems and applications as well as integration with IT and security infrastructure (e.g., external authentication services, centralized logging and firewalls”
Data-in-Flight(DIF)
“Protecting the confidentiality, integrity and/or availability of data as they are transferred across the storage network, the LAN, and the WAN. Also applies to management traffic”
Data-At-Rest(DAR)
Storage Resource
Management(SRM)
Data-in-Flight(DIF)
Storage System Security
(SSS)
Source: Introduction to Storage Security, A SNIA Security Whitepaper, Oct 14, 2005
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 10
Key Management
Many Key Uses
Private signature keyPublic signature verification keySymmetric authentication keyPrivate authentication keyPublic authentication keySymmetric data encryption keySymmetric key wrapping keySymmetric and asymmetric random number generation keysSymmetric master keyPrivate key transport key
Public Key Transport KeySymmetric Key Agreement KeyPrivate Static Key Agreement KeyPublic Static Key Agreement KeyPrivate Ephemeral Key Agreement KeyPublic Ephemeral Key Agreement KeySymmetric Authorization KeyPrivate Authorization KeyPublic Authorization Key
Source: NIST Special Publication 800-57: Recommendation for Key Management
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 11
Key Management
Encryption Algorithm ModesElectronic Codebook Mode (ECB)Cipher Block Chaining Mode (CBC)Cipher Feedback Mode (CFB)Output Feedback Mode (OFB)Counter Mode (CTR)Galois/Counter Mode (GCM)LWR EncryptionXOR-Encrypt-XOR (XEX)XEX-TCB-CTS (XTS)CBC-Mask-CBC (CMC)ECB-Mask-ECB (EME)
Encryption AlgorithmsAES
128 Bit Key192 Bit Key256 Bit Key
DES56 Bit Key
3DES168 Bit Key
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 12
Key Management
Key and Data LifetimeForever
Assure Access to Data Years from Now
For a Limited Time PeriodEphemeral –
Milliseconds, SecondsWeeks, Months, Years
What Happens at End of Life?Mandatory Re-EncryptionDestruction of DataDestruction of Key
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 13
Key Management
PoliciesWho Can Establish Keys?Who Can Delete Keys?What is the Lifetime of a Key?Can the Key be Archived?Are the Keys Changed Periodically?Are Keys Automatically Deleted or Archived?Who Else Can Use the Key?
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 14
Key Management
AuditingTrack the Key over it’s LifetimeWho Created the Key and When?Who Changed the Key and When?Who Created a Copy of the Key and When?Where are the Copies of the KeyWho Deleted the Key and When?
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 15
Key Management
ThreatsConfidentiality
Key DisclosureData Accessible to Anyone
IntegrityKey has Been ModifiedData Accessible by None
ArchiveKey has Been Lost
AvailabilityKey Cannot be Accessed
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 16
Key Management Goals
Backup/Restore Key MaterialArchival and Retention of Key MaterialDistribution of Key MaterialExpiration, Deletion, and Destruction of Key MaterialAudit of Key's Life CycleReporting Events and Alerts
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 17
Keying Material
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 18
Keys
Two Major Types of EncryptionSymmetric KeysAsymmetric Keys
Storage Systems May Use BothAsymmetric Keys to Exchange Symmetric KeysSymmetric Keys to Encrypt/Decrypt Data
Check out SNIA Tutorial:
ABC’s of Data Encryption
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 19
Symmetric Keys
One KeyUsed for Both Encryption and Decryption
Requires Lower Computing Power
Encryption DecryptionABCDEF #*&^#@ ABCDEF
Plaintext Plaintext
Ciphertext
Key
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 20
Asymmetric Key
Uses Private and Public Key PairCan’t be Derived from Each OtherData Encrypted with One Can Only Be Decrypted With the OtherRequires Greater Computing Power
Encryption DecryptionABCDEF #*&^#@ ABCDEF
Plaintext Plaintext
Ciphertext
Public Key
Public Key
Private Key
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 21
Encryption Strength
Today 2010 2030
80 Bits
112 Bits
128 Bits
128-Bit AES1024-bit RSA
3DES128-bit AES
2048-bit RSA
128-bit AES3072-bit RSA
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 22
Key Formats
Key FormatsAny and All Key Formats Must Be ManagedKeys are Viewed as Objects
Key MaterialKey DataKey Information: Metadata
Storage Generally Uses Symmetric KeysA Secure Key Exchange AssumedEasier to ImplementLess Client Resources
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 23
Key Wrapping
Used to Move KeysBackupArchiving
Source: AES Key Wrap Specification (http://csrc.nist.gov/CryptoToolkit/kms/key-wrap.pdf)
AESEncryption
AESDecryption
KeyWrapped
Key
Key Encryption Key
Key
Key Encryption Key
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 24
Pass Phrase
Used to Generate Key Encryption Key
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 25
Basic Key Metadata
ValueThe Actual Key
Unique Identifier (GUID)Unique Within a Domain (Name Space)
The Domain May be World Wide Unique
May be a Globally Unique IdentifierWorld Wide Unique Name
May be a HierarchyImportant for Identifying Keys that are Moved
Across DomainsAcross CompaniesAcross Countries
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 26
Optional Key Metadata
NameUser readable name, not necessarily Unique
Creator nameDomain nameParent GUIDPrevious version GUIDVersion string
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 27
Optional Key Metadata
TimestampsCreationModifiedValid TimeExpiration Time
PoliciesUse of keyKey type
Access rights -
who can: AccessModifyDisableDestroy
Vendor-Specific Metadata
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 28
Key Management Components
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 29
Key Management Components
Client-Server ViewThe KeyThe Key ServerThe Key Transport Channel
Secure ChannelAuthentication
Key Exchange Protocol
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 30
Client-Server View
ClientUser or Consumer of Keys
ServerProvider of Keys
Server(Maintains Keys)
KeyRequest
Client(Needs a Key)
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 31
Client-Server Authentication
Client and Server Must AuthenticateAssures IdentitySecrets or CertificatesPre-Shared Keys or PKI
Communications are SecureChannel Encryption
Server(Maintains Keys)
Client(Needs a Key)
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 32
Key Clients - LightweightLimited Resources
Limited Computational RequirementsLimited Memory Requirements
CommunicationNetwork Based: Out of BandHost Based: In Band
ApplicationsDisk DrivesTape Drives, LibrariesArray Controllers
Simple ProtocolFixed Fields and ValuesSimilar to SCSI CDBs
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 33
Key Clients - Complex
Unlimited ResourcesApplications
Key ServersData BasesObjectsFile Servers
May Use a Complex ProtocolRequires Complex Protocol Parser
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 34
Key Server
Key ServerSoftware Application
Generic Hardware Platform
Dedicated Hardware ServersHardened
Multiple Key ServersKey Management Between Servers
Policy ManagementAccountingValidation
Backup
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 35
Key Clients and Servers - Disk
Typical KM ScenarioClient: Host PCPasses Key to Drive
Host
Key Request
Secure Disk
Key Server
Key Response
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 36
Key Clients and Servers - Disk
Client is the DriveDrive or SubsystemRequests Key Directly from Server
Host
Key Request
Secure Disk or Storage System
Key Server
Key Response
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 37
Key Clients and Servers - Tape
Manual Key Management
Backup
Restore
Host
-Tape Repository-Offsite Storage-Transit
Tape Drive Encrypted Tape
Host
Tape Drive
EncryptionKey
EncryptionKey
Encryption Key Exchange
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 38
Key Clients and Servers - Tape
Automated Key Management
Key ServerKey Management
Protocol
Backup Server Encrypting TapeDrive/Library
Interface Protocol(SCSI, FC, SATA, etc.)
Ethernet
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 39
Key Clients and Servers - Tape
Automated Key Management
Key Server
Backup Server Encrypting TapeDrive/Library
Management Commands
Key Management Protocol
Key Management Protocol
Interface Protocol(SCSI, FC, SATA, etc.)
Ethernet
Ethernet
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 40
Key Clients and Servers - Enterprise
Key ServerVendor A
Key ServerVendor B
Array Controller
Host
Array Controller
Host
Array Controller
Appliance
Host
Host
Key Management Protocol Key Management Protocol
Key Management Protocol
Key Management Protocol
Key Management Protocol
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 41
Two Primary OperationsSet key
Server ClientGet key
Client Server
Optional OperationsFind keyUpdate keyReplicate keyDisable keyDestroy keyAccess rightsGet service infoAudit log functions
KMS Protocol
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 42
Key Management Best Practices
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 43
Important Key Properties
Use a Cryptographic Key for Only One
PurposeDo Not use Key-Encrypting Keys or Wrapping Keys to Encrypt Data Do Not use Data-Encrypting Keys to encrypt other keys
Use Randomly
Chosen Keys from the Entire
Key SpaceUse Computer-Generated Keys Whenever PossibleEnforce a Broad Range of Entries in the Key Space
Avoid Weak Keys“00000000”
or “FFFFFFF”
or even “DEADBEEF”Dictionary Attacks (e,g., “password”)
Avoid Plain Text KeysAlways Encrypt Keys for TransferPrevent Observation of Plaintext Keys
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 44
Key Management Safety
Automate Key Management Whenever Possible
AuthenticationKey Generation
Observe and Enforce CryptoperiodAlso, Limit Keys to Maximum Amount of Data
Limit Keys with Long LifetimeArchived Keys Only
Separate Key FunctionsDon’t Mix Key Encryption and Data Encryption Keys
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 45
Key Management Safety
Document ObjectivesAuthorization ObjectivesProtection ObjectivesKey Management Services ObjectivesKey Material Destruction
Enforce Strict Access ControlsLimit User CapabilitiesSegregate Duties
AuditUserManagement
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 46
Establish Keys Securely
Symmetric KeysUse an Approved Random Number GeneratorUse an Approved Key Update Procedure Use an Approved Key Derivation Function from a Master KeyDon’t Concatenate Split Keys to Generate Keys
Limit Distribution of Data Encryption KeysNo Gratuitous DistributionLimit to BackupsLimit to Authorized Entities
Protect KeysWrap Keys Before DistributionUse Appropriate Physical Security
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 47
Operational Use
Secure Devices
and ProcessesInsure that Installation does not Result in Key LeakageInsure that Device or Process Meets Key Best Practices
Secure Key StorageCryptographic Security (e.g., Wrapping)Physical Security
IntegrityEmploy Methods to Detect ModificationsAbility to Restore Key Material when Unauthorized Modifications Occur
Backup and ArchiveBackup Keys During the Key’s CryptoperiodArchive Keys after the Cryptoperiod has Expired –
As Needed.
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 48
Key Backup and Archive
Time
Originator UsePeriod
Recipient UsePeriod
Cryptoperiod
Key Backup Key Archive
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 49
Operational Use
Change KeysWhen a Compromise is DetectedWhen the Key’s Cryptoperiod Nears ExpirationWhen the Key’s Data Limit Approaches
Destroy KeysRemove Keys from Backups when Not Needed for Operational UseDestroy Keys When No Longer needed for Backup or Archive
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 50
Other Issues
Import and Export ControlsUnderstand and Obey Government Import and Export Regulations
Plan for ProblemsHave a Recovery Plan in Place for a Key Compromise Event
Plan for DisasterHave a Recovery Plan in Place for Catastrophic EventsConsider an Escrow Plan to Protect Mission Critical InformationArchives May Need to Last for a Very Long Time
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 51
Archive Security
Active ArchiveContains Some Data Subject to Retention PoliciesRetention Policies Driven by Governmental Compliance Requirements
Long Term ArchiveData Life Exceeds the Life Span of Formats and Storage MechanismsPreserve Data Long Periods of TimeWills, Land Records, Medical Data, Criminal Case Files, etc.
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 52
Active Archive Security
Active Archive SecurityEnsure Read-Only Enforcement is AdequateEnsure Data Privacy
Access ControlsEncryption
Provide Appropriate Index and Search CapabilitiesPrepare for a DisasterEnforce Role and Access Policies
Governance and ComplianceData Retention Requirements Data Disposition Requirements Preserve Evidentiary Nature of the Data
Rigorous Authenticity ChecksChain of Custody (Audits)
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 53
Long-Term Archive
PoliciesEstablish Type of Data to be AcceptedDetermine Preservation PeriodDefine Archived Data Object Maintenance PolicyEstablish Authorization PolicySpecify the Preservation ActivitiesDefine a Cryptographic Maintenance Policy
SecurityAccess Control Mechanisms Must be Appropriate to the LifespanPerform Periodic Data Conversions and RevalidationsAddress Long-Term Non-Repudiation of Digitally Signed Data
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 54
For More InformationNIST Special Publication 800-57: Recommendation for Key Management (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-
revised2_Mar08-2007.pdf)ISO/IEC 11770 Parts 1-3: Information technology -
Security techniques -
Key management FIPS 140-2: SECURITY REQUIREMENTS MODULES (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) Trusted Computing Group (https://www.trustedcomputinggroup.org/home) IEEE P1619.3: Security in Storage Workgroup (SISWG) Key Management Subcommittee (http://siswg.net/) OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee (http://www.oasis-
open.org/committees/tc_home.php?wg_abbrev=ekmi) IETF: Provisioning of Symmetric Keys (KEYPROV) (http://www.ietf.org/html.charters/keyprov-charter.html)
An Introduction to Key Management for Secure Storage © 2008 Storage Networking Industry Association. All Rights Reserved. 55
Q&A / Feedback
Please send any questions or comments on this presentation to SNIA: [email protected]
Many thanks to the following individuals for their contributions to this tutorial.
SNIA Education Committee
Larry Hofer CISSP Blair SempleEric Hibbard CISSP SNIA SSIFMark Nossokoff SNIA Security TWG