Published: 10 Oct 2006
Encryption is an effective way to secure data, but the encryption keys used must be carefully managed to ensure data remains protected and accessible when needed.
Encryption is pushing its way into more corners of the enterprise. From database fields for customer credit cards or social security numbers, to laptop hard drives with proprietary data, more storage is being encrypted more frequently. Every encrypted item needs a key to unlock the encrypted data, and managing the hundreds or thousands of keys used across an enterprise can be a big headache.
The specter of data loss is the biggest reason why encryption isn't implemented more widely. Most experienced system administrators are conservative when it comes to new technologies that could potentially lock them out of their own data. On the other hand, business requirements, legislation and liability for lost data are driving encryption forward. For the moment, centrally and securely managing encryption of all of the various types of data across the whole enterprise is only a dream--unless you use the same vendor for all of your encryption tasks.
Many vendors are pushing for a single encryption-key management standard. Decru Inc., nCipher Corp. Ltd., NeoScale Systems Inc. and Vormetric Inc. all have, or will shortly have, open platforms that should be able to manage keys from other vendors. All of these systems control key access, even if the storage systems are compromised and the keys aren't available locally. Keys are associated with specific data repositories, ensuring that the key necessary for a specific directory or file can be readily identified. Once access requirements are fulfilled, keys are provided on demand; management systems also encrypt keys in transit and delete keys when they're no longer needed. Audit logs show who has accessed what data, and when that access occurred. In addition, these systems limit key generation and modification to specific authorized personnel.
Key management standards
The Federal Information Processing Standard (FIPS) 140-2 Level 3 standard requires that the systems used to store encryption keys be physically secure, use two-part authentication, produce audit logs showing all accesses and encrypt all communications between systems. But this may be excessive for many organizations. As with administrators who set a requirement for strong passwords that change every two weeks, you may find that such stringent measures simply encourage everyone to write their passwords on sticky notes so they can remember them.
Requiring two-part authentication, 128-bit key lengths or keys that change every few weeks may be overkill, depending on why you're encrypting data. If you use the same 56-bit key for every encrypted tape, key management will be much easier. But the problem with doing that, or with storing all of your keys in an Excel spreadsheet, is that one security lapse leaves the whole system vulnerable. When many administrators see internal security as a bigger problem than data loss from outside sources, it's probably better to opt for more secure key management.
If you don't think you need the full capability of FIPS 140-2 Level 3, nCipher's keyAuthority provides and manages keys based on other standard encryption standards, such as Microsoft Cryptographic API (MS-CAPI), RSA Laboratories' PKCS #11, Java JCA/JCE CSP and OpenSSL. While these standards aren't specifically designed for high-security storage encryption, they can certainly be used to encrypt hard disk storage, if not at the same level of "uncrackability."
|Sampling of encryption-key management products|
Application Security Inc.
BrightStor Tape Encryption
EMC Corp./RSA Security Inc.
Authority Security Manager
Ingrian Networks Inc.
PGP Encryption Platform, PGP NetShare
Spectra Logic Corp.
Symantec Backup Exec
SecureDoc Enterprise Server
There are a number of issues to consider when storing keys:
- Will they be stored on each client that needs to access the information, on a central server that requires authentication to release the key, or in a hardware device such as a smart card or USB key?
- How will you ensure that keys will still be available in five, 10 or 50 years when access to archived data is required?
- Will an authorized staffer be able to access keys in a disaster when servers must be rebuilt from encrypted backups without the original backup software or tape drive that did the encryption?
- How do you track what data was encrypted with which key, and where the key is stored?
Some enterprise-oriented backup products, such as Symantec Corp.'s Backup Exec and Veritas NetBackup, or CA Inc.'s BrightStor ARCserv Backup, can address these issues as long as you're not backing up platforms that aren't supported by the software or using different backup apps at other sites. Other specialized products, such as those from WinMagic Inc., provide enterprise-oriented storage of keys for encryption of workstation or server disk storage.
Most encryption-key management products from established vendors (see "Sampling of encryption-key management products," at right) offer substantial benefits compared to home-grown solutions (such as keeping the keys in an Excel spreadsheet or Access database), including:
- Automatic key management. Users don't create the keys themselves and can't inadvertently leak them because the keys are always encrypted.
- Strings to create keys are randomly generated.
- Keys used to encrypt backup keys are separate and distinct. Keys are never stored or transmitted in the clear.
- Keys are generated automatically and stored securely so they can be changed regularly.
- Provisions for distributed and clustered key management systems provide quick responses at any location when data needs to be accessed; if necessary, keys can be replicated so that the failure of one appliance won't result in data loss.
- Provisions for software-based recovery of encrypted data using keys stored on hardware (smart cards or USB keys).
- Reporting tools make it easy to associate keys automatically with specific backup tapes or encrypted stores.
All of these features are required by the FIPS standard. Systems from Decru, nCipher, NeoScale and Vormetric satisfy these requirements if you're using the vendor's product throughout your enterprise. As open APIs and other standards are adopted, the benefits derived from these standards should extend to management of all storage keys throughout the enterprise. For now, however, managing keys from other systems requires API-level support from storage product vendors that produce encryption keys, which could take a while. For example, Decru and Cisco Systems Inc. have announced a development relationship, but it may be years before all Cisco products that use keys can be managed through Decru's Lifetime Key Management (LKM) system.
There have been some attempts to enable interoperability among cryptographic engines. For example, Sun Microsystems Inc. has proposed the Simple Key Management for Internet Protocol (SKIP) to the Internet Engineering Task Force to enable secure distribution of information among devices, which could include encryption keys. Other standards are also under development by the National Institute of Standards and Technology, which created FIPS 140-2. Those standards will define acceptable key establishment, agreement and transport schemes based on ANSI documents, which will allow secure storage systems to exchange data. The ANSI documents are currently in draft form, but are expected to be approved shortly.
The biggest differentiator among the key management vendors profiled here isn't how they manage keys. Because none of the vendors currently has any real compatibility with other products, the primary differentiator is the type of encryption supported. If you require inline, wire-speed Fibre Channel encryption, consider Decru or NeoScale. If you only need to encrypt a few folders on a network share, rather than the whole file system, Vormetric may be your ideal candidate. If you want to implement a key management solution that covers more than just storage encryption keys, nCipher is the strongest candidate.
Decru Lifetime Key Management
Decru's LKM is available as a software-only package or as an appliance (Network Appliance Inc. purchased Decru earlier this year). The LKM client software runs on Windows, while the LKM appliance uses DecruOS. The LKM system supports Decru's DataFort appliances for the encryption of NAS, DAS, SAN, tape and iSCSI storage. One key management appliance can support up to 100 encryption appliances and more than 10 million keys. As many as 16 LKM appliances can be clustered across multiple sites for high availability, with automated key replication among appliances. All LKM appliances can be managed through a single interface.
The system provides automatic, globally distributed backup, replication and recovery of encryption keys; automated key sharing ensures keys are provided securely without open transmission of keys in the clear and without the need for local, insecure key storage. Additional features include role-based access control, an OpenKey Partner Program that offers APIs and reference implementations, and a true hardware-based random-number generator that allows third-party encryption products to request a random number from the key management appliance.
The LKM appliance incorporates APIs to allow third-party encryption products to leverage Decru's key management system to generate, store and manage keys. Symantec and Quantum Corp. are charter members of Decru's OpenKey Partner Program, and have agreed to partner with Decru to use the LKM appliance for key management.
Each appliance is built on the DataFort FIPS-certified Storage Encryption Processor. Encryption keys never leave this processor in cleartext. The processor itself is coated in a hardened epoxy to prevent physical access from probes or other attempts to gain access to the chip. The chassis is hardened, has tamper-evident seals, and an intrusion-prevention system that can be configured to delete local copies of keys if the box is tampered with and/or compromised.
Administrators use smart cards for two-factor authentication. A comprehensive, cryptographically signed and tamper-evident audit log maintains detailed information about all key movement and administrative actions. The LKM software is priced at $10,000 per license; pricing for the LKM appliance hasn't been announced yet.
nCipher's keyAuthority is a key management app designed to work with other standard cryptographic APIs such as Microsoft's MS-CAPI and RSA Laboratories' PKCS#11, Java JCA/JCE CSP and OpenSSL, as well as the storage-centric FIPS 140-2 standard.
The server application is secured using FIPS-certified hardware security modules that meet the FIPS standard for two-part authentication. The software runs on leading server operating systems, and can use a variety of SQL databases for its back end. It delivers keys to "end points" (point of key use) running on a variety of common server operating systems.
keyAuthority contains policy-based rules for key delivery, and powerful archive and audit capabilities. The system is scalable to thousands of end points and has a resilient architecture that allows, for example, keys to be served from multiple keyAuthority systems at different locations, all of which can be managed from a central console. The system also provides secure audit logs of management and operational activities to ease audit compliance.
keyAuthority can automatically provision different key types to different applications; if you buy the system to manage storage encryption keys, you can also use it to manage SSL keys for your Web applications or Java keys for custom apps. Pricing starts at approximately $50,000 for a small system with a limited number of supported end points.
NeoScale CryptoStor KeyVault
The NeoScale Systems CryptoStor KeyVault is a secure, automated and open enterprise-class appliance for storage encryption-key management. It offers the features required by FIPS 140-2 Level 3 such as tamper-proof seals and two-part authentication, and provides open APIs to allow for third-party vendor integration. Multiple redundant KeyVaults allow for scalability, fault tolerance, key protection and support for up to 200 million keys per appliance.
CryptoStor KeyVault provides hardware and software random-number generators to ensure keys are truly random, and provides for secure long-term archiving of keys. Encrypted data and keys can be recovered at any site, using either a distributed local appliance or a software-only product.
The system provides for role-based security and authentication, and up to AES-256 levels of encryption. All communications between the appliance and the key consumer (the system using the key) are encrypted and never move as cleartext. Audit logs are cryptographically signed to ensure they haven't been tampered with, and can be exported as encrypted and signed files for forensic purposes.
Appliances can be deployed in a distributed, clustered environment, which allows for automatic key replication among multiple appliances. To maintain the highest security level, keys aren't accessed until they're actually needed. In addition to key management, KeyVault can manage the enforcement of data destruction to meet compliance requirements. The complete KeyVault appliance, including hardware and software, is priced from $25,000.
The Vormetric system consists of the CoreGuard Security Server appliance and a Policy Enforcement Module (PEM) that runs on Windows, Solaris, AIX, Linux (32- and 64-bit) and HP-UX. The CoreGuard Security Server appliance does storage encryption and key management. It offers the usual FIPS 140-2 Level 3 features.
Symmetric encryption keys are generated, managed and stored on the hardware appliance. They're also securely transmitted to hosts that have CoreGuard PEM. Keys are never disclosed to users. Encryption and access control are enforced automatically, with no user action required. Multiple appliances can be clustered for redundancy and scalability. In addition, encryption keys can be archived and protected with public or private keys, or hardware-based smart cards. Pricing for a security server and one PEM starts at $15,000.
Get started now
As encryption becomes more commonplace, the potential for improperly secured or lost encryption keys will grow. The obvious solution is an enterprise-wide system that can issue, track and secure encryption keys in a logical, uniform manner. For the most part, key management systems with those capabilities aren't widely available yet, but a number of vendors are developing them. Keeping track of proliferating encryption keys will only get tougher, so don't put off establishing key management policies and making use of available tools.