By John Flemming, Senior Software Developer, Echoworx
Any encrypted communication is only as secure as the keys used by the system that locked them. If the keys are compromised by hackers, negligence or other means, then any communication using those keys can be decrypted. So how can these keys be protected?
According to a recent Ponemon 2016 Global Encryption Trend Study, 67 per cent of IT professionals rated key management as one of the most important features of an encryption solution. As more organisations use encryption solutions, they also end up with more keys, and more varieties of keys. The successful management of these encryption keys is critical to the security of their private data.
How encryption keys are managed today
Public Key Infrastructure (PKI) is a type of key management system that uses digital certificates to provide authentication and public keys to enable encryption. PKIs use a specific class of encryption algorithms called asymmetric encryption. This involves two keys, one that encrypts the data (the public key) and another that decrypts the data (the private key).
The advantage of using asymmetric algorithms is that the public key can be distributed to anyone without risk of decrypting any of the data. It is only the private key that is capable of decrypting the data. Since only the private key decrypts, it does not have to be wildly available and can be kept in a secure place. Public keys are often stored in directories for other users to retrieve, while private keys are kept in key-stores accessible only to the key’s owner.
Another major component of a PKI is its ability to validate the authenticity of the public key. It ensures that any communication encrypted with a public key can only be decrypted with the corresponding private key.
How can one be sure “who” has the key?
Maybe a hacker has modified a directory and injected their public key. To prevent this from occurring a public key is embedded into a certificate. Think of it as a vetting process. A certificate typically contains information about who the public key is for (an email address, the owner’s nickname or a domain name) and is digitally signed by a certificate authority (CA). Imagine a paper certificate with the public key bound to it. There is the name and information about the owner of the key on it, plus the name and signature of the person who issued it.
The CA is a mutually trusted party. When two parties have each other’s public keys they can rely on the CA to ensure the encrypted communication can only be decrypted between them. If Alice wants to send a message to Bob and doesn’t directly trust him, she uses a CA to confirm that the key does in fact belong to Bob.
Introducing key recovery/escrow
Private keys, used to decrypt email messages, should be stored securely. The simplest method is to use a password to encrypt the private key. While it is well known that weak passwords can easily be broken, a strong and unique password is as good as almost any other kind of encryption.
But what happens when a user forgets their password, or they lose their key due to a hardware failure?
This is when key recovery or escrow is used. One way to achieve this is to use a secret sharing algorithm. Secret sharing is when a piece of data is broken up into a number of parts so that no one part is enough to determine what the original data is. In a PKI, the private key can be broken up this way. Each key part is encrypted for a unique individual and the only way to recover the private key is for all or some of the holders of the key part to agree to perform the key recovery. Once the key has been recovered it can then be securely delivered to the user. This method prevents any one individual from gaining access to the private key.
PKIs have revolutionised the world by allowing secure communication between parties, whether it is online banking, e-commerce, or secure email. Unfortunately, this is easier said than done for most. The same Ponemon study found that 53 per cent of respondents rated key management as a high pain level.
Making key management easier
As e-mail encryption usage continues to become more widespread and diverse in the way it is used, security teams are looking to eliminate islands of encryption built and acquired over the years.
This approach is helping to mitigate some of the historic key management challenges – a lack of ownership of the key management function, a shortfall in skilled personnel, isolated and fragmented systems and inadequate management tools.
It is a move that will be welcomed across industries. The paradox in the security sector today is that the more advanced the threat vector, the simpler the solution we need as users in order to manage the problem. Employees of organisations will always look for less secure workarounds, so creating more efficient, easy to manage, cloud compatible encryption and key management systems will help to take the protection of our private data to the next level and leave hackers collecting dust.