Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
High-profile data losses and regulatory compliance requirements have caused a dramatic increase in the use of encryption in the enterprise. A single enterprise might use several dozen different and possibly incompatible encryption tools, resulting in thousands of encryption keys. Each key must be securely stored, protected and retrievable.
There are several encryption key management standards efforts underway. The best known is the Key Management Interoperability Protocol (KMIP) developed by vendors and submitted to the Organization for the Advancement of Structured Information Standards (OASIS). The goal of KMIP is to allow users to attach any encryption device to a key management system.
Cryptographic key management types
Encryption keys apply complicated algorithms to data and then convert that data into streams of apparently random alphanumeric characters. There are two basic types of cryptographic algorithms: symmetric (private key) and asymmetric (public key).
Symmetric key algorithms use a single key to secure communications and achieve confidentiality, integrity and authentication. A private key is a variable that is used with an algorithm to encrypt and decrypt code. While the algorithm doesn't need to be kept secret, the key does.
Asymmetric algorithms provide each user with a public key and a private key. Users can freely distribute the public key, while keeping the private key secret. These key pairs achieve all four goals of cryptography: confidentiality, integrity, authentication and nonrepudiation. A public key infrastructure supports the distribution and identification of public encryption keys, which allow users and computers to securely exchange data over networks such as the internet and verify the other party's identity.
Encryption key storage and backup
Key management means protecting encryption keys from loss, corruption and unauthorized access. Many processes can be used to control key management, including changing the keys regularly, and managing how keys are assigned and who gets them. In addition, organizations must evaluate whether one key should be used for all backup types or if each type should have its own key.
The importance of encryption key management cannot be overstated. Unless the creation, secure storage, handling and deletion of encryption keys are carefully monitored, unauthorized parties can gain access to them. When keys are lost or corrupted, it can lead to loss of access to systems and data, as well as make a system completely useless unless it is reformatted and reinstalled.
Encryption key management tips
- Key management is not simple: If encrypting data, somebody must manage the keys, and you must have key recovery procedures in place.
- Within large businesses, key management processes must be capable of being distributed across multiple business functions with the same standards, rules and quality levels.
- Have one point of contact for cryptography; don't spread it among operational users.
- Ensure the central key repository is well-protected.
- Decide whether your outsourcer will have any role in key management, such as key pair generation, recovery of keys and escrow access.
- Decide whether you will have a "two person" rule for aspects of key management.
- Decide whether information security should manage keys, as well as encryption policy. In practice, during development, key management is the responsibility of the project, but handed over to security at implementation.
Source: The Corporate IT Forum's Information Security Service
Having more than one person in charge of storing, backing up, referencing and rotating encryption keys is essential. The roles of key players should be defined, and the encryption key management policy should be accessible to everyone on an intranet site.
A major challenge is the lack of unified tools to reduce management overhead. A key management system purchased from one vendor can't manage the keys from another vendor because each one implements encryption in a slightly different way.
Amazon Web Services Key Management Service enables users to create and manage cryptographic keys that protect data in AWS. Encryption keys are generally used in a single region. For example, data encrypted in one region would be encrypted with a different key than a replicated version of that data stored in a different region. The challenge is keeping track of the keys used to encrypt data across regions.
Key aliases alleviate some of the cloud encryption key management burden by allowing administrators to associate a name string with each key. These aliases can be used in multiple regions. Code running in multiple regions doesn't need to manage multiple keys, and can instead refer to a key alias.
Key aliases prove helpful when rotating keys, as it lessens the risk of data leaks due to compromised keys. Key rotation serves the same purpose as changing passwords. If others learn an administrative password, they can access that account for as long as that password is in place. Likewise, a former employee with a copy of an encryption key or someone who obtained a copy of an encryption key can access all the data encrypted with that key.
The AWS Key Management Service allows admins to update a key alias without deleting the previous key first. While key aliases are not keys, their names should be protected. Aliases should be descriptive and easily distinguishable from one another so keys are not applied to the wrong data due to an unclear key alias.