The ability to communicate in secret is only as good as the ability to protect the keys.
Fundamental to all digital security systems is the ability to turn sensitive data into what looks like random incomprehensible jibberish and turn it back again into the same original information. But that is not all there is to it. You should be able to do that second bit of getting the original text only if you are allowed to do so. A classic way to deal with this problem is by using another secret, a key. A concept of keys and their usage predates cryptography by quite a long while, but the concept translates neatly into the information-focused world. An important observation regarding this translation is typically attributed to Auguste Kerckhoffs, whose principle in its modern interpretation reads: “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge”. Since one’s ability to communicate in secret is only as good as the capability to protect the keys, how should these keys be stored and used?
The answer to the question “where are my keys?” must not be overly complicated and should always include physical objects. A clear boundary with identifiable strong protection properties is a fundamental building block of a storage solution for secrets. Multiple boundaries, taking advantage of the defense in depth principle, are even better for storing high-value secrets. One of reasons that the “password on a sticky note” key management solution will not die is the fact that it has a very well-defined physical security perimeter. The password is on that piece of paper and nowhere else. The importance of the security perimeter also highlights the fact that storing keys in the cloud is risky.
When it comes to key and password management, one size does not fit all. Consider hardware-based password managers as an example. Password managers allow their users to have multiple strong passwords for different services being used. Which is great, because using strong unique passwords is the most secure approach. At the same time these password managers provide a high-level target for an attacker. Moreover, even without any external threat, they provide an opportunity to lose your keys all at once. Which essentially mandates the inclusion of the backup feature into a key management solution. In combination with the principle of a physical perimeter, this leads us to the need to rely on multiple physical devices. Is this additional complexity and expense worth the security advantages? The answer is not always a resounding “yes.” The best way to address the key management needs is to provide a complete solution designed to fit the purpose and the specific set of the requirements.
Important potential building blocks of a key management solution include smart cards, two factor authentication (2FA) and hardware security modules (HSM). For storing keys within a chip, we can employ a hardware root of trust core instantiated in its logic. Taking the Rambus Root of Trust RT-600 series family as an example, we can see how it implements the essential properties discussed above.
Firstly, it is purpose built for security leveraging a customized secure 32-bit processor. Further, it siloes storage of keys and cryptographic operations from general processing, creating a clear boundary between the two. In addition, it implements layered security to provide a defense in depth against attack. Critical to the safe storage of key, it is designed with state-of-the-art anti-tamper techniques to safeguard against side-channel attacks such as differential power analysis (DPA) and fault injection (FI).
With a hardware root of trust as the foundation for key storage in chips, a cloud-based software platform can be used to manage those keys. For example, the Rambus CryptoManager Device Key Management system provides a cloud-based software platform which enables the building of key management services for chips and devices. Customers can leverage these services to securely provision identities, device keys, and certificates to enable full lifecycle security management. CryptoManager Device Key Management enables an automated and secure capability to connect to trusted provisioning in manufacturing, and to leverage those provisioned identities and keys via the cloud to deliver value-add security services.
The “key” to key management is keeping it clear and physical. A root of trust core implemented at the chip level does both. It creates that clear boundary between general processing and the secured area for key storage and cryptographic functions. Additionally, it anchors security in hardware in the chip itself to provide that physical element. A hardware root of trust is the best strategy for safeguarding the keys foundational to all chip and electronic device security.
Additional Information:
Root of Trust Solutions
CryptoManager Device Key Management
 |
 |
 |
 |
 |
 |
 |
 |
 |
Leave a Reply