The “security by obscurity” obfuscation method involves concealing details of encryption algorithms to make them harder for threat actors to crack, but it often relies on the use of weak cryptography. Once the secrets of the algorithm’s implementation are discovered (as they often are), systems using these algorithms become vulnerable to attack. That’s why, according to Kerckhoffs’s Principle, the only secret element of an encryption algorithm should be the key itself.
Encryption keys are a fundamental component of the security of cryptographic systems and should be strongly protected. In order to properly protect your encryption key, you’ll need a key management system.
Designing and implementing a secure and usable key management system requires a clear understanding of how the system could go wrong. Here are the five most common challenges companies face when designing an encryption key management system.
The security of encryption keys is vital to the confidentiality of the data that they protect. A threat actor with access to keys can read sensitive data and potentially even generate valid signatures for false or modified records. It’s not uncommon for enterprises to place their encryption keys at risk by putting excessively restrictive permissions on employee access, which makes the data secure but inaccessible, or, more likely, storing encryption keys in a way that makes them convenient and easy to access, which makes the system vulnerable to threat actors.
Managing keys in a secure way, is extremely complex, especially when doing so across dozens or hundreds of applications. In order to minimize the impact to product schedules (and dev team’s anxiety levels), control over certain key management settings or requirements is put in the hands of the customers. But customers typically follow the path of least resistance and don’t always understand how to securely create, store, and access keys. This can lead to vulnerabilities that endanger the security of customer data when passwords and keys are reused, or keys are insecurely stored and do not have robust access rules in place to enforce authorization and authentication.
Encryption is designed to make it impossible to access encrypted data without access to the associated encryption key. This means that even the legitimate owner of the data needs the key to access it. As a result, key management needs to offer robust redundancy. Designing key management systems that are accessible and secure is extremely difficult.
In order to have keys available when needed, developers may make choices that sacrifice security for the sake of convenience, such as using embedded or hardcoded keys, setting weak passwords or failing to follow industry standards for hardware security module (HSM) redundancy.
An enterprise’s network environment is likely composed of a variety of different systems, each with different encryption key requirements and protocols. Additionally, each department within an organization may have their own systems and processes for managing and securing encryption keys. But the proper management of encryption keys for all of an organization’s systems is essential for security. Due to the interconnectedness of these systems, a compromised key on one system could enable access to data from another, violating trust boundaries and security guarantees of data compartmentalization.
The regulatory landscape is quickly growing more complex. The implementation of the EU’s General Data Protection Regulation spurred the creation of a number of national and state-level privacy laws like the California Consumer Privacy Act. These new regulations joined existing laws like PCI DSS, HIPAA and SOX as well as the requirements set by an organization’s internal security policy.
Data privacy laws set requirements for protecting sensitive data, including which algorithms should be used to encrypt the data along with key rotation policies. During an assessment, an auditor may only check to verify that AES-256 (or whatever the regulation dictates) is in use without going any deeper to confirm that it’s being used properly.
This creates difficulties if an organization takes a “check-the-box” approach to compliance. Organizations end up using misconfigured encryption algorithms or they may resort to using insecure cryptographic implementations which fail to store encryption keys securely and may not have robust authorization and access rules in place, which may leave data accessible to threat actors or may lead to data loss if keys are lost.
Damage Caused by a Poor Key Management System
Improper management of encryption keys is a common problem, and a poor key management system can have a number of negative effects, including increased likelihood of data breach or loss, failure to meet compliance audit requirements and an encryption system that may be rendered unusable or unmaintainable.
All of these potential impacts carry costs to an organization in the form of regulatory penalties, reputational damage, and the overhead of achieving recertification and the costs associated with lost productivity and repeated security reviews. For these reasons, it is often more cost-effective to invest in getting an encryption key management system right the first time than paying the price when it fails.
Effectively managing keys requires a thorough knowledge of the risks and access to the correct tools. The next set of articles will take on a deep dive into these common key management challenges, how to overcome them and the way Ubiq can help through our API-based encryption platform.