Encryption key management worries loom

As long as IT managers encrypt data using only one vendor's products, the keys used to decrypt that data can be relatively easy to manage. But it will likely become much more complicated as more vendors build encryption into more and different types of storage devices, each with their own key management system, and as users need to move encrypted data among devices for disaster recovery, legal discovery or simply everyday business communications.

"If you share the key, you share the data; if you lost the key, you've lost the data," says Dennis Hoffman, general manager of the data security unit of RSA Security, now owned by EMC. The fear of losing decryption keys (and thus their data) has kept many organizations from encrypting stored data. But faced with regulations requiring that customer data be kept safe, and the prospect of hefty fines and bad publicity when backup tapes are lost, more and more companies are encrypting stored data. Another factor, security experts say, is that if the data on a lost or stolen tape or disk drive has been encrypted, the company that owns the data often isn't required to report the loss.

While in the past encryption usually required a standalone appliance, vendors including IBM, Sun Microsystems and Spectra Logic offer tape libraries with built-in encryption capabilities. In October, Seagate Technology announced it will include Full Disk Encryption (FDE) technology in all its enterprise-class drives, and vendors such as Oracle offer encryption in their databases.

That blizzard of encryption, and of keys, calls for a single, unified approach that puts "all the keys to the kingdom all in one place and managed, ideally, by one group in the organization," says Richard Moulds, vice president of nCipher Corp. Ltd., a security hardware and software vendor. Whether or not the storage group is in charge of key management, experts say, they need to understand how key management works and where storage keys fit into the big picture.

Encryption basics

Encryption converts plain text into unreadable form, and keys are numbers which are used by an algorithm to either encrypt or decrypt data.

In symmetric encryption, the same key is used for both encryption and decryption. Asymmetric encryption, also called public key encryption, employs two keys, one public and one private, and is often used to encrypt communication over unsecure channels such as the Internet. In public key encryption, the sender uses the recipient's public key (to which they have access) to encrypt the data, and the recipient uses their private key (to which only they have access) to decrypt it.

To assure the authenticity of the public keys, many organizations deploy a public-key infrastructure, or PKI, which consists of a certificate authority that issues and verifies digital certificates. The certificates identify an individual or organization and include the public key or information about it. PKIs also include a registration authority that verifies the certificate before it is issued, a directory to store the certificates and a system for managing the certificates.

Management needs

The key management systems found in most tape encryption systems "are fairly automated and (the customer doesn't) have to worry about it too much," says Walt Hubis, a software architect at LSI Logic and chair of the key management services subgroup at the Trusted Computing Group, a non-profit security standards organization.

But key management will become more complex, experts say, as encryption finds its way into more and more storage devices, in addition to the existing encryption used in networks and in applications such as databases.

Depending on the complexity of a company's environment, a management system may need to control which users, applications can create and destroy keys, send and receive keys and determine how long keys will remain in effect. Some keys (such as those used to encrypt data in transit) only have a lifecycle of a second or so, says Hubis, while others that protect medical data must be maintained for 20 years or more. In addition to managing keys for encrypting and decrypting data, a management system might also need to handle the keys used to encrypt and decrypt the keys themselves.

Page Break

At the low end, says Hubis, the key management can be as simple as a client requesting a key from a server, receiving it, and then using the key to decrypt the data. In client-server authentication, the client and server must authenticate their identity to each other (possibly using a third-party certificate, as with PKI) and use an encrypted channel for their communications.

Destroying a key at the end of its useful life, and insuring it has been destroyed, is especially important where regulations require the destruction of data after a certain time period, since the destruction of the key is considered (under some regulations) equivalent to destroying the data.

Security and Disaster Recovery

Maintaining key availability in the event of an equipment outage or disaster is also critical because without the key, the data can't be recovered. Moulds recommends building a distributed key management and delivery system so the failure of a single component, such as a key repository or key server, can't disable data access across the entire organization. It's also important, he says, to design the system so that the keys needed to decrypt data for legal or regulatory purposes can be quickly found and used to recover the needed data.

"The security of your key management system should be as high as the most secure data it protects," recommends Moulds. That might mean the use of smart cards or two-factor authentication to control access to highly sensitive keys, he says. "A lot of customers want to go further and insist that no single administrator control" the key management system, says Moulds.

Some key management systems also store the keys in hardware-based secure modules rather than in software.

Encryption in practice

Scott Chandler is on the cutting-edge of the storage encryption trend, but being a pioneer isn't too painful.

Chandler is a systems engineer at Adheris Inc., a Burlington, Mass. firm that delivers customized reminders to help ensure patients take their medication properly and properly manage their diseases. He is using a Spectra T120 tape library from Spectra Logic Corp. to encrypt data backups to ensure Adheris meets the patient privacy requirements of HIPAA (the Health Insurance Portability and Accountability Act.)

As for the keys which manage the encryption and decryption of the data, "there really isn't a lot to manage," says Chandler. "Once encryption was set up on the library, we exported copies of the key which are stored in secure locations and may be accessed in the event of a disaster."

Until recently, says Moulds, many organizations stored keys "on bits of paper locked away in a safe" and updated and changed encryption keys on servers manually. This becomes more and more expensive the more widely a company uses encryption, and makes it far more difficult to prove that the proper changes were made and that keys were destroyed at the end of their useful lives. In some cases, says Moulds, the reduction in manual effort can justify the cost of an enterprise-wide key management system.

Some vendors get around the need to exchange or manage keys by storing encrypted keys on the tape drive itself. Seagate's FDE technology stores the encryption key on the hard drive, which it says also eliminates the need to "escrow" the key in a safe location. Sun stores keys within its Key Management Station, a secure and dedicated workstation.

Given the number of highly publicized cases where backup tapes have been lost or stolen, tape is a logical first choice to deploy encryption. The challenge comes, says Moulds, "when you recover (the data.) How do you figure out which key goes with which tape?" nCipher sells it's keyAuthority Management Server along with IBM's Encryption Key Manager because the IBM software "does a good job of associating keys with tape, but it's not a good system for managing the keys themselves," Moulds says.

One of the challenges of key management is linking the keys with the identities of the users who are eligible for access for them, says Greg Schulz, founder and senior analyst at The StorageIO Group, Stillwater, MN. industry analyst and consulting firm.

Page Break

Voltage Security's Key Management Server aims to eliminate the need to make that connection through its identity-based encryption (IBE), which allows an organization to use any string of characters - even a user's email address - as a public key. The Key Management Server then automatically generates a key based on pre-determined policies about which users should have access to which data. This eliminates the need to create and communicate with a certificate server to map a user's identity to a specific public key, says Terence Spies, the firm's chief technology officer, and services, and helps ensure companies can quickly decrypt data whenever they need it.

Among the best practices in key management recommended by Hubis are not to use the same keys to encrypt both data and other keys. He also suggests avoiding the use of known weak keys, limiting the amount of time a key is in plain text format while it is in use and preventing humans from viewing keys in plain text.

Emerging standards

Currently, most enterprise level key management solutions "are going to be proprietary," says Hubis. That means hardware such as array controllers need special software to establish a secure link between the client (an array controller) and key management servers from various vendors. In the absence of such linking software, storage administrators must manually distribute the keys, he says.

Emerging standards such as the IEEE's 1619.3 will eventually help ensure interoperability among various key management servers , Hubis says, while a subgroup of the Trusted Computing Group is working to develop a uniform approach to managing keys across a variety of storage devices.

Experts advise storage managers to work with other IT planners throughout the organization to determine threats facing the , where encryption can help reduce those threats and then plan for how to manage the keys needed to provide that encryption.

Among the factors to consider are how many types of keys they will need to manage; the number of keys they will generate as the number of encrypted tapes or disks grows; how to collect and manage policy information about the keys (such as who can create and destroy them and how long they will be valid) as well as how to back up and recover the keys and to encrypt them for security.

But above all, storage administrators need to remember that encryption itself "is relatively easy," says Moulds. "The difficult thing is how to manage all those keys. If keys can be stolen, or be accessed by the wrong person, or if keys are inadequately copied and backed up, and distributed, and you have no idea how many copies [exist] encryption is a total waste of time."

Keys to key mnagement

• Plan for future growth in the number and types of keys you will need to manage, and for the length of time you will need to store them.
• Prepare policies for those keys (such as who can access which keys and now long various keys will exist.)
• Ensure encryption and decryption keys are protected in your backup and recovery and security plans.
• Plan for how to integrate key management with your identity and access management processes and tools (such as directories.)
• Communicate with others managing encryption on other platforms such as networks and applications to coordinate your key management efforts.
• Monitor the status of standards efforts such as the IEEE's 1619.3 which will make it easier for various key management systems to work together.

Robert L. Scheier is a free-lance writer who covers storage, security and related areas from Boylston, Mass. He can be reached at bob@scheierassociates.com.