If you're seeing this message, it means we're having trouble loading external resources on our website. Show
If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked. The encryption keys that are used to encrypt data are described. An encryption key is typically a random string of bits generated specifically to scramble and unscramble data. Encryption keys are created with algorithms designed to ensure that each key is unique and unpredictable. The longer the key constructed this way, the harder it is to break the encryption code. Both the IBM and T10 methods of encryption use 256-bit AES algorithm keys to encrypt data. 256-bit AES is the encryption standard that is recognized and recommended by the US government, which allows three different key lengths. 256-bit keys are the longest allowed by AES. Two types of encryption algorithms can be used by the encryption key server: symmetric algorithms and asymmetric algorithms. Symmetric, or secret key encryption, uses a single key for both encryption and decryption. Symmetric key encryption is used for encrypting large amounts of data efficiently. 256-bit AES keys are symmetric keys. Asymmetric, or public/private encryption, uses a pair of keys. Data encrypted with one key are decrypted only with the other key in the public/private key pair. When an asymmetric key pair is generated, the public key is typically used to encrypt, and the private key is typically used to decrypt. The encryption key server uses both symmetric and asymmetric keys; symmetric encryption for high-speed encryption of user or host data, and asymmetric encryption (which is necessarily slower) for protecting the symmetric key. Encryption keys can be generated by the encryption key server, by applications such as Tivoli Storage Manager, or by a utility such as keytool. The responsibility for generating AES keys and the manner in which they are transferred to the tape drive depends on the tape drive type and the method of encryption management. However, it can be helpful to understand the difference between how the encryption key server uses encryption keys and how other applications use them. How the encryption key server processes encryption keysTS1120 and later tape drives In system-managed and library-managed tape encryption, unencrypted data (clear text) is sent to the tape drive and converted to ciphertext with a symmetric 256-bit AES Data Key (DK) generated by the encryption key server. The ciphertext is then written to tape. The encryption key server uses a single, unique data key for each 3592 tape cartridge. This data key is also encrypted, or wrapped, by the encryption key server with the public key from an asymmetric Key Encrypting Key (KEK) pair. This process creates an Externally Encrypted Data Key (EEDK). The EEDK is written to the cartridge memory and to three more places on the tape media in the cartridge. The tape cartridge now holds both the encrypted data and the means to decrypt it for anyone that is holding the private part of the KEK pair. Figure 1 illustrates this process. The data key is also wrapped a second time, possibly with the public key of another party, to create an extra EEDK. Both EEDKs can be stored on the tape cartridge. In this way, the tape cartridge can be shipped to a Business Partner that is holding the corresponding private key that would allow the data key to be unwrapped and the tape that is decrypted by the Business Partner. Figure 1. Encryption with both symmetric and asymmetric encryption keysEncryption key processing by other applications (an encryption key server not used)In application-managed tape encryption, unencrypted data (clear text) is sent to the tape drive and converted to ciphertext with a symmetric Data Key (DK) provided by the application, and is then written to tape. The data key is not stored anywhere on the tape cartridge. When the encrypted volume is written, the data key must be in a location available to the application, a server database, for example, in order for the volume to be read. TS1120 and later tape drives can use applications such as Tivoli Storage Manager for application-managed encryption. Tivoli Storage Manager uses a single, unique data key for each tape cartridge. Alternatively, the tape drives can be used by applications that use the T10 command set to complete encryption. The T10 command set uses symmetric 256-bit AES keys that are provided by the application. T10 can use multiple, unique data keys per tape cartridge, and even write encrypted data and clear data to the same tape cartridge. When the application encrypts a tape cartridge, it selects or generates a data key with a method determined by the application and sends it to the tape drive. The key is not wrapped with an asymmetric public key and it is not stored on the tape cartridge. When the encrypted data is written to tape, the data key must be in a location available to the application in order for the data to be read. The process for application-managed tape encryption is shown in Figure 2. Figure 2. Encryption with only symmetric encryption keys
An encryption key is a random string of bits created explicitly for scrambling and unscrambling data. Encryption keys are designed with algorithms intended to ensure that every key is unpredictable and unique. The longer the key built in this manner, the harder it is to crack the encryption code. An encryption key is used to encrypt, decrypt, or carry out both functions, based on the sort of encryption software used.
Encryption is a type of security that converts data, programs, images or other information into unreadable cipher. This is done by using a collection of complex algorithms to the original content meant for encryption. Symmetric forms of encryption systems make use of a single password to serve as both decryptor and encryptor. Symmetric types use algorithms that are very safe. One of such type was adopted by the US Government as Advanced Encryption Standard (AES) to store classified information. However, one drawback is that since a single key is shared, it can be leaked or stolen. As part of key management, it is very important to change the key often to enhance security. Public asymmetric encryption systems make use of highly secure algorithms as well, but using a different strategy for encryption and decryption. The asymmetric encryption method uses two keys, referred to as a key pair. One is a public key, and the other one is a private key. The public key can be freely shared among various users as it is only meant for encryption. The private key is not shared, and is used to decrypt anything that was encrypted by the public key. The algorithms used in the encryption process depends on the key pair. In order to reverse the encryption process, only the private key of that particular key pair can be used. The message or mail is then delivered to the public key owner. When the mail is received, the private key requests a passphrase before the decryption process. In order to maintain optimal security, this passphrase must be delivered manually; however, the software lets a user locally store the passphrase so that messages may be automatically decrypted. Since the key that causes decryption is not shared, asymmetric encryption is believed to be more reliable when compared with symmetric encryption.
Share this Term
^Back to Top The Full Life-Cycle of KeysThe encryption key life-cycle, defined by NIST as having a pre-operational, operational, post-operational, and deletion stages, requires that, among other things, a operational crypto period be defined for each key. A crypto period is the "time span during which a specific key is authorized for use" and in Section 5.3 of NIST's Guide, the crypto period is determined (for example, with a symmetric key) by combining the estimated time during which encryption will be applied to data (the Originator Usage Period (OUP)) and the time when it will be decrypted for use (the Recipient Usage Period (RUP)).
But, since an organization may reasonably want to encrypt and decrypt the same data for years on end, other factors may come into play to when factoring the crypto period: You may want to limit the:
The general rule: as the sensitivity of data being secured increases, the lifetime of an encryption key decreases. Given this, your encryption key may have an active life shorter than an authorized user's access to the data. This means that you will need to archive de-activated keys and use them only for decryption. Once the data has been decrypted by the old key, it will be encrypted by the new key, and over time the old key will no longer be used to encrypt/decrypt data and can be deleted. (see graphic below) See below for a more thorough understanding of a keys full life-cycle. Key Creation (Generation & Pre-Activation)The encryption key is created and stored on the key management server. The key manager creates the encryption key through the use of a cryptographically secure random bit generator and stores the key, along with all it’s attributes, into the key storage database. The attributes stored with the key include its name, activation date, size, instance, the ability for the key to be deleted, as well as its rollover, mirroring, key access, and other attributes. The key can be activated upon its creation or set to be activated automatically or manually at a later time. The encryption key manager should track current and past instances (or versions) of the encryption key. You need to be able to choose whether or not the key can be deleted, mirrored to a failover unit, and by which users or groups it can be accessed. Your key manager should allow the administrator to change many of the key’s attributes at any time. Key Use and Rollover (Activation through Post-Activation)
Key RevocationAn administrator should be able to use the key manager to revoke a key so that it is no longer used for encryption and decryption requests. A revoked key can, if needed, be reactivated by an administrator so that, In certain cases the key can be used to decrypt data previously encrypted with it, like old backups. But even that can be restricted. Back Up (Escrow)NIST (Section 8.3.1) requires that an archive should be kept for deactivated keys. The archive should “protect the archived material from unauthorized [disclosure,] modification, deletion, and insertion.” The encryption keys need “to be recoverable … after the end of its cryptoperiod” and “the system shall be designed to allow reconstruction” of the keys should they need to be reactivated for use in decrypting the data that it once encrypted. Key Deletion (Destruction)If a key is no longer in use or if it has somehow been compromised, an administrator can choose to delete the key entirely from the key storage database of the encryption key manager. The key manager will remove it and all its instances, or just certain instances, completely and make the recovery of that key impossible (other than through a restore from a backup image). This should be available as an option if sensitive data is compromised in its encrypted state. If the key is deleted, the compromised data will be completely secure and unrecoverable since it would be impossible to recreate the encryption key for that data. ^Back to Top Segregated Roles in Key ManagementSeparation of DutiesIn “Recommendation for Key Management – Part 2” NIST defines Separation of Duties as: A security principle that divides critical functions among different staff members in an attempt to ensure that no one individual has enough information or access privilege to perpetrate damaging fraud. The practice of Separation of Duties reduces the potential for fraud or malfeasance by dividing related responsibilities for critical tasks between different individuals in an organization. It is common in the financial and accounting procedures of most organizations. For example, the person who prints the checks at a company would not be the person who signs the checks. Similarly, the individual who signs checks would not reconcile the bank statements. A company would ensure that business critical duties are categorized into four types of functions: authorization, custody, record keeping, and reconciliation. In a perfect system, no one person should handle more than one type of function. Regarding information security practices, the implementation of Separation of Duties is critical in the area of encryption key management. To prevent unwanted access to protected data, it is important that the person who manages encryption keys not have the ability to access protected data, and vice versa. This is no more difficult to accomplish in an information technology context than in a financial context, but is often overlooked or misunderstood in complex computer systems. Dual ControlAgain, NIST, in Recommendation for Key Management – Part 2, defines Dual Control: While Separation of Duties involves distributing different parts of a process to different people, Dual Control requires that at least two or more individuals control a single process. In data security practice it is common to find requirements for Dual Control of encryption key management functions. Because a key management system may be storing encryption keys for multiple applications and business entities, the protection of encryption keys is critically important. Split KnowledgeThe concept of Split Knowledge applies to any access or handling of unprotected cryptographic material like encryption keys or passphrases used to create encryption keys, and requires that no one person know the complete value of an encryption key. If passphrases are used to create encryption keys, no one person should know the entire passphrase. Rather, two or more people should each know only a part of the pass phrase, and all of them would have to be present to create or recreate an encryption key. ^Back to Top The Domains to Secure Encryption Keys
Physical SecurityMany, when talking about securing a key manager, will naturally turn to securing the key manager itself with a hardware security module (HSM). While that is a necessary topic (and we will discuss it), we should first talk about securing the physical environment in which your key manager is housed.In NIST’s Special Publication 800-14, they offer this definition of physical security: “Physical and environmental security controls” should be “implemented to protect the facility housing system resources, the system resources themselves, and the facilities used to support their operation.”An organization's physical security plan need to include things like:
Now comes securing the cryptographic module itself. The Federal Information Processing Standards (FIPS) has identified four levels of increasing security in FIPS 140-2 that can be applied to the module, each corresponding to the commensurate threat level:
Logical Access SecurityThe next arena in which you can protect your encryption keys is by logically separating the different cryptographic components housing the keys from the rest of the larger network. There are three main items to consider:
User/Role AccessOnce Physical Security and Logical Security are addressed, the final component is user roles and privileges. The core concept promulgated by NIST is the concept of least privilege: where you restrict “the access privileges of authorized personnel (e.g., program execution privileges, file modification privileges) to the minimum necessary to perform their jobs.”NIST gives guidance, in Sections 5.3.5 of Recommendation for Key Management – Part 2, on the access controls and privileges necessary to properly manage user access to the key management system.
Beyond limiting access to the key management server, you should also limit access to the keys themselves based on user and group. The users and group access can be defined on a system level, or at the level of each key. When you create a key you can define the restrictions on user and group access. As an example: There is an AES encryption key available on the key management server used to protect an employee's personal data. It is restricted so that only members of the Human Resources group can use that key. So any individual with "Human Resources" defined as their individual or group role can successfully request that key, all others are turned away. High Availability and Business ContinuityOnce you have physical security, logical security, and user roles in place, you must also consider business continuity. If an intruder does comprise your data or your production server(s) are taken offline for a variety of reasons, you must be able to bounce back in a relatively short time with pre-prescribed steps. Here are a couple definitions to start us off:Business Continuity: As defined by ISO 22301:2012 (Section 3.3), it is the “capability of the organization to continue delivery of products or services at acceptable” levels after a “disruptive incident.” Hot failover: In a network environment, a hot failover is switching to a backup server that is regularly updated from the production server and is ready, at any time, should the production server no longer be able to function normally for any length of time. In the case of key management, each production key management server should be mirrored with a high availability server in a geographically separate location in case the production server is compromised and taken offline for any length of time. As an abbreviated list, here are some features to look for in key management solutions or what you will want to address if you build your own:
^Back to Top Platforms for Housing the Key ManagerHSMThe hardware security module (HSM) has been discussed already in “Physical Security” mostly referred to as the “cryptographic module.” But, to summarize, a HSM is typically a server with different levels of security protection or “hardening” that prevents tampering or loss. These can be summarized as:
Hosted HSMWith many organizations moving some or all of their operations to the cloud, the need for moving their security has also arisen. The good news, many key management providers have partnered with cloud hosting providers to rack up traditional HSMs in cloud environments. The same levels of “hardening” would still apply, as it is a traditional HSM in an offsite environment. VirtualVirtual instances of an encryption key manager offer a great deal more flexibility than their HSM counterparts. In many cases, a virtual key manager can be downloaded from a vendor in a matter of minutes and deployed in a virtual environment. An HSM, on the other hand, can take days or weeks being shipped to the site and then requires a physical installation. Further, virtual instances can be installed anywhere that supports the virtual platform that the key manager runs in, VMware, as an example. The downside, of course, is that by it’s nature of being virtual with no set physical components, a virtual key manager’s software can only be FIPS 140-2 compliant, but not validated. So, if your business need(s) or compliance regulation(s) require FIPS 140-2 validation, then a HSM is your only option. That being said, the logical security that FIPS 140-2 compliant virtual key managers provide is normally more than enough for most organizational needs. AWS, Microsoft Azure, and More: Dedicated or “as a Service”Cloud providers, such as Amazon Web Services (AWS), Microsoft Azure (Azure), and more have marketplace offerings for encryption key management as well as their own key management as a service (KMaaS). AWS and Azure’s KMaaS is typically multi-tenant, meaning more than one user’s key(s) are present on the same key management instance. This can raise concerns for organizations that need dedicated services to mitigate security concerns of other users accessing the same key data stores. To combat this issue, most cloud providers will also offer dedicated services. In their marketplaces, there are also independent vendors that provide dedicated services that typically come in two forms: Pay-Per-Usage and “bring your own license.” Townsend Security provides for both platforms and for both licensing models: Alliance Key Manager for AWS and Alliance Key Manager for Azure. Both the AWS and the Azure instances are dedicated key managers in an IaaS virtual instance and also enjoy the flexibility of being the same key manager that is deployed as an HSM, Cloud HSM, and VMware instance so that your environment can scale past AWS and Azure, if needed. This is useful for organizations with existing (or future) physical data center(s), because having the same technology secure your data everywhere reduces complexity for your IT staff as they use and maintain it. ^Back to Top Encryption Key Management in Meeting CompliancePCI DSSPayment card industry Data Security Standard (PCI DSS) is a widely accepted set of regulations intended to secure credit, debit and cash card transactions and cardholder data. PCI DSS requires that merchants protect sensitive cardholder information from loss and use good security practices to detect and protect against security breaches.In Section 3.5 of PCI DSS, organizations that process, store, or transmit cardholder data should, “document and implement procedures to protect keys used to secure stored cardholder data against disclosure and misuse.” This includes:
HIPAA HITECHThe Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act both seek greater adoption and meaningful use of health information technology. Both also lay out guidelines and regulations for proper data security around Electronic Protected Health Information (ePHI). Compliance with the HIPAA Security Rules and HIPAA Privacy Rules for ePHI requires the use of security technologies and best practices to demonstrate strong efforts towards complying with this federal regulation.SOXThe Sarbanes-Oxley (SOX) Act was passed to protect investors from the possibility of fraudulent accounting activities by corporations. The Sarbanes-Oxley Act (SOX) mandated strict reforms to improve financial disclosures from corporations and prevent accounting fraud. Sections 302, 304, and 404 of the Sarbanes-Oxley Act mandate that organizations build, maintain, and annually report on the data security and internal controls used safeguard their sensitive data from misuse and fraud.Cloud Security AllianceWhile the Cloud Security Alliance is not a governmental agency able to levy fines for non-compliance of their standards, it is an not-for-profit organization of cloud vendors, users, and security experts whose mission is “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.” They currently have over 80,000 members and growing. So conforming to their standards is in the best interest of many companies worldwide. As a part of this mission the organization has published a document, “Security Guidance For Critical Areas of Focus In Cloud Computing,” to help vendors and customers achieve more secure applications in cloud environments. The published guidance is now in its third edition and is available from the organization’s web site. The guidance provides recommendations for encryption key management in the section “Domain 11 – Encryption and Key Management”. Domain 11 - Encryption & Key ManagementHere are the three main points that the CSA stresses for encryption key management:
Here also is a curated list of their requirements for encryption and key management:
EU GDPRThe new European Union General Data Protection Regulation (EU GDPR) has now passed both the EU Council and Parliament and replaces the earlier Data Protection Directive (Directive 94/46/EC). In Provision 83 it states:In order to maintain security and to prevent processing in infringement of this Regulation, the controller or processor should evaluate the risks inherent in the processing and implement measures to mitigate those risks, such as encryption.Article 32 also calls for “the pseudonymisation and encryption of personal data.” If an organization does so, Article 34 states that the strict data breach disclosure laws of Article 33 will not be enforced if, the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption. The GDPR places a high priority on protecting data at rest with encryption. Since encryption key management is part of an overall encryption strategy, it should be considered part in parcel with complying with EU law. ^Back to Top Bonus ContentA Brief History - the Need for Encryption Key ManagementEncryption has been around for millenniums. Some of the earliest mentions of it come from the Arthashastra, a treatise on Imperial Indian governance written c2nd century BCE. In it, it describes giving messages to state spies in "secret writing”. Later, and in arguably the most famous form of ancient encryption, Julius Caesar sent messages to his battle front generals in code. Known as the Caesar Cipher, it is a:“substitution cipher in which each letter in the plaintext is 'shifted' a certain number of places down the alphabet. For example, with a shift of 1, A would be replaced by B, B would become C, and so on.”Unfortunately for Caesar, and fortunately for his opponents, once the cipher is known, all messages can be easily read. Thus rendering the cipher useless. There needed to be a better way. Fast forward to the electronic age. In the 1921 Edward Hebern patented the Hebern Electric Super Code Cipher Machine. It was the first to code the message with a secret key embedded in a detachable rotor. In recently declassified documents, the NSA showed that the machine enciphered the message by having the operator type the message in and the ciphertext would appear in a light-board, one letter at a time. But since the encryption key was limited by the use of one rotor, consisting of 26 circuit points, it was ultimately broken by cryptanalysis, specifically letter frequencies. The real leap forward was the Enigma Machine of World War II, developed by the Germans in the 1920s. It used three rotors and was thought unbreakable since the Germans, during the war, changed the rotors once a day, “giving 159 million million million possible settings to choose from,” estimates Bletchley Park. But, the Enigma machine was compromised by the Poles in 1932 using mathematical techniques. Later, this early work was used to read encrypted messages during World War II by, among others, Alan Turing (at Bletchley Park) and the use of the then latest data crunching computers. Sending messages securely had come a long way from simple substitution ciphers. Keys were now being used - but they could be cracked using the brute force of the latest computers. Enter: Data Encryption Standard.First published as the FIPS 46 standard in 1977, in 1987 the US Government, under the Computer Security Act, mandated that the National Institute of Standards and Technology (NIST) issue the Data Encryption Standard (DES) in which it “specifies two FIPS approved cryptographic algorithms.” It also mandated that the “DES key consists of 64 binary digits ("0"s or "1"s) of which 56 bits are randomly generated and used directly by the algorithm. The other 8 bits, which are not used by the algorithm, may be used for error detection.” DES was considered very secure at the time. But in little more than a decade, and as computers became exponentially faster, DES keys quickly became vulnerable to brute force attacks.Two options were proposed to address the issue around the same time. The first, introduced in 1997, was Triple Data Encryption Algorithm (TDEA) or as it is more commonly know: Triple Data Encryption Standard (3DES). As NIST describes the cryptographic technique: [3DES] encrypts each block three times with the DES algorithm, using either two or three different 56-bit keys. This approach yields effective key lengths of 112 or 168 bits But 3DES, when using only 112 bits, is still vulnerable to attacks such as chosen-plaintext attacks. Also, since 3DES is a multi-step encryption process using two or three encryption keys, a stronger, more efficient method was needed.In 1997 NIST started a process to identify a replacement for DES. NIST invited cryptography and data security specialists from around the world to participate in the discussion and selection process. Five encryption algorithms were adopted for study. Through a process of consensus the encryption algorithm proposed by the Belgian cryptographers Joan Daeman and Vincent Rijmen was selected. Prior to selection Daeman and Rijmen used the name Rijndael (derived from their names) for the algorithm. After adoption the encryption algorithm was given the name Advanced Encryption Standard (AES) which is in common use today. In 2000 NIST formally adopted the AES encryption algorithm and published it as a federal standard under the designation FIPS-197. AES encryption uses a single key as a part of the encryption process. The key can be 128 bits (16 bytes), 192 bits (24 bytes), or 256 bits (32 bytes) in length. Given that the fastest computer would take billions of years to run through every permutation of a 256-bit key, AES is considered an extremely secure encryption standard. This brings us to today. AES is a very sophisticated encryption standard with an encryption key and can withstand the onslaught of the fastest computers. It’s only vulnerability? The encryption keys falling into the wrong hands. That is why, after you have deployed your encryption, your best line of defense is a robust encryption key management strategy. |