Page 78 - CDM-Cyber-Warnings-March-2014
P. 78
So, if you use an algorithm that is absolutely bomb proof the only alternative is to attack the cryptographic key. This is what is used to encrypt and decrypt the data. Effectively this can be seen as the key to the lock. Is it possible to guess this string of numbers that comprise this key? If it is possible to guess this number then it does not matter how tough your mathematical algorithm may be. The algorithm protection can then be beat if this key can be accessed thus rendering the encryption null and void. So, where do you keep this key? I can tell you one place you absolutely do not want to store the key to your encrypted kingdom: Your main system memory. Bad choice. If it’s in main memory there are a number of methods an adversary can attack to gain access to the key. An internal foe, such as your sys admin, will also have full access. Do you really want to trust a human with the secret key that unlocks your crypto? Absolutely not. There are, of course some instances where it’s totally fine to use this approach. But mainly it’s a function of how critical your data is to your organization. What if your potential adversary is organized crime or a nation state? In these cases you would be foolish to “hide” the key in main memory. I like to compare this to hiding the key to your house under the mat. Don’t do this. So, let’s talk for a bit about the key itself. In order to ensure the key string can’t be guessed you need to begin the key generation process with a random number. If it is possible to guess the “seed” that is used to generate this ostensibly “random” number then it is trivial to guess the key. So the number must truly be random. There are two approaches to random number generation. The first is pseudo random number generation, which relies on software to generate what it deems a “random number.” Considering software speaks only in terms of 0s and 1s it is actually quite challenging for this approach to generate a number that is truly random. True random number generation takes a different approach and relies on abnormalities in the physical world to create the initial ‘seed’ value. Ambient noise, electrical noise and/or quantum mechanics are examples of physical world generators. The world of physics is an excellent arena for a truly random occurrence. So, if you take an electrical processor and select a blip in the output from a circuit for your seed number then you are off to a great start. OK, you now have a key that has been generated with a true random number. This key can’t be guessed. Perfect. You just succeeded in eliminating a potential backdoor. So, where do you generate and store this key? You need some hardware, such as a hardware security module (HSM). An HSM resides either within a dedicated server or in your network and is created to survive in hostile territory. The HSM should be manufactured in such a way that it is nearly impossible to crack open and if attacked it will zero out those keys in a fraction of a second. Inside the device itself is where you generate and store the actual key that is used to unlock your encrypted data. There are a variety of HSMs on the market today, but to ensure the product you choose doesn’t have any backdoors look for tests by a trusted unbiased third party and at industry certifications, such as FIPS and Common Criteria. You may also consider if the HSM is manufactured in a country that you trust. You should be confident that the HSM you choose doesn’t have any backdoors, as it is the foundation for your “root of trust” and veritable pillar to your encryption. If you can’t ensure your crypto keys are stored in a safe environment then nothing else matters. " # % " $ " # ! !
