Embed Size (px)
Citation preview
Scalability and Control realized with aCentralized Key Management Approach
NIST Key Management WorkshopJune 9, 2009; AM sessionGaithersburg, MD
John MarchioniARX, Inc.San Francisco, CAEmail: [email protected] http://www.arx.com
ARX, Inc.ARX, Inc.
Core focus: cost-efficient, scalable, and secure PKI applications for industry.
First to market with a network-attached, multi-user HSM (PrivateServer®);
First to market with a centralized key-management solution for end-user digital signatures (CoSign®);
ARX implements solutions for both public and private sectors;
ARX solutions are gaining in adoption precisely because of their scalability, security, ease of deployment and ease of use.
AgendaAgenda
Obstacles with Key DistributionDistributing & Managing Key Media
Revocation breaks down when key is out of reach
Auditing Key Actions and Key Usage
Overall, control and scalability are crude
Alternative: Centralized Key ManagementLower Administrative Burden
Lower Processing Overhead
Flattened Learning Curve for End Users
Result is refined control with scalability
Q&A
ObservationsObservations
“Traditional PKI systems are based on distributing keys to the end users, which, aside from security concerns [Marchesini], creates a high burden in logistics, cost, help desk support and user acceptance [Whitten] and also introduces training obstacles [Nielsen].”
[Ref] S. Turner and R. Housley, “Implementing Email Security and Tokens: Current Standards, Tools, and Practices” pp.159, Wiley Publishing, 2008.
Key Management BackgroundKey Management Background
Key management supports these 3 basic applications:
Digital Signatures
Access Control
Confidentiality
Key distribution may work well enough for things like session confidentiality, and devices that require access control, but the model does not scale well and tends to break down when end-users also require key services.
The Control Issue, e.g., A Runaway StageThe Control Issue, e.g., A Runaway Stage
Similar Issue with Key DistributionSimilar Issue with Key Distribution
Systems Admin, or Security Officer
I have work to do but left my key at home.
I can’t remember where I left mine.
Key Distribution IssuesKey Distribution Issues
Nature of Key Distribution Issue
Key Media
Opt 1 – Soft token:a file on the PC/Server
Opt 2 – HW token:USB stick or smartcard
The key user is tethered to that PC; Hard drive failure = lost keys; Users that need more than one certificate need to
maintain more than one key token {multi -token issue may also apply to Opt 2}.
Several scalability & logistical headaches: - provision and distribute tokens;- replace lost tokens;-must also replace all tokens when system needs to be
re-keyed;
-token driver and interface compatibility issues with the PC’s OS;
Added cost burden—must purchase the tokens.
- user-to-admin coordination issues when keys need to be refreshed;
Key Distribution Issues (cont’d)Key Distribution Issues (cont’d)
Certificate revocation alone does not turn the user off— a distinct disadvantage for maintaining proper controls; Extra operational overhead, must physically retrieve the key (i.e., the HW token or PC) for key revocation.
Delayed production, with administrative overhead; End-user learning curve (for the non-PKI literate, and most users are not PKI literate): - user is not familiar with key generation process; - user-to-RA/CA interaction is confusing.
Nature of Key Distribution Issue
Revocation
The key cannot be easily revoked, rather only the certificate
Administrative and computational overhead, andcompounding cost burden:must maintain CRL;must reconcile CRLs;slow processing of large CRLs that grow over time;must subscribe to (pay for) an OCSP service.
Control (key-user’s state = off/on)
The key user can continue to use the key even after certificate is revoked
The key user cannot start work until the key token is delivered and its driver is successfully installed
Key Distribution Issues (cont’d)Key Distribution Issues (cont’d)
Nature of Key Distribution Issue
Audit
Key usage and key actions are performed by the token at the local PC
Difficult to audit key usage and key actions when: - they are performed at the end-user’s PC, and/or, - when the computer is not on the network.
Centralized Key Management Centralized Key Management
Key Media
HW token: secure, centralized appliance, I.e., FIPS 140-2 level 3 evaluated, network- attached, multi-user HSM
Nature of Advantages
User’s that require more than one certificate need not self-maintain multiple tokens;
One (difficult -to-lose) secure hardware key media (forall key users);
Key users can roam from PC to PC as long as they have network access;
Entire community can be re -keyed (and keys can also be refreshed) from the central appliance in one step, and without end-user interaction.
Revocation
Both key and certificate can berevoked, usually in one step; key revocation is simplified for the administrator
Key revocation is the most critical of controls from an operational perspective, {proper control may not otherwise be possible};
If a centralized approach is used, no need for OCSP; - CRLwould also be less important, but a CRL can be useful to help maintain a historical record, although CRLs would not be needed for verification of key actions; {the above overhead is required only for parties that still rely on systems that distribute keys}.
Centralized Key Management
Centralized Key Management (cont’d) Centralized Key Management (cont’d)
Nature of Centralized Key Management
Advantages
Control (key-user’s state = off/on)
The key user can be instantly turned off/on by the central appliance, a distinct controladvantage
No need to wait for distribution of key media = n o delayed production;
Relatively very little administrative overhead; No user learning curve for key -generation, and, with
directory-driven HSM appliance acting as RA Proxy, no user-to-RA/CA interaction is required;
Key is revoked = user is instantly and reliably turned off.
Audit
Key usage and key actions are performed by the centralized HSM
Key usage and key actions can always be recorded by the centralized HSM; - in addition, this audit log can reliably inform the administrator who is using the key -driven application and who is not;
- this audit log can then also be relied on for charge -back (cost allocation) by user/department.
SummarySummary
Centralized key management offers obvious control and audit advantages over key distribution.
Centralized key management alleviates many administrative and cost burdens.
Scalability requires the end-user “low touch”, proper controls, and minimization of cost and administrative overhead as offered by the centralized approach.
Organizations of all sizes (very largest to the small) can benefit from the control and scalability, offered by centralized key management strategies, and will find such strategies are both more affordable and durable.
ReferencesReferences
C. Ellison, “Improvements on Conventional PKI Wisdom”, Proceedings of the 1st Annual PKI Research Workshop, pp. 165-176, August 2002.
[FIPS140] National Institute of Standards and Technology (NIST), “FIPS Publication 140-2: Security Requirements for Cryptographic Modules”, May 2001.
S. Gupta, “Security Characteristics of Cryptographic Mobility Solutions”, Proceedings of the 1st Annual PKI Research Workshop, pp. 117-126, August 2002.
M. Lorch, J. Basney and D. Kafura, “A Hardware-secured Credential Repository for Grid PKIs”, 4th IEEE/ACM International Symposium on Cluster Computing and the Grid, pp. 640-647, April 2004.
J. Marchesini, S.W. Smith, M. Zhao, “Keyjacking: Risks of the Current Client-side Infrastructure”, Proceedings of the 2nd Annual PKI Research Workshop, pp. 128-144, April 2003.
[NAMU and Directory-Driven HSM Appliance] S. Turner and R. Housley, “Implementing Email Security and Tokens: Current Standards, Tools, and Practices” pp.159-160, Wiley Publishing, 2008.
R. Nielsen, “Observations from the Deployment of a Large Scale PKI”, Proceedings of the 4th Annual PKI Research Workshop, pp. 159-165, August 2005.
A. Whitten and J.D. Tygar, “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0”, Proceedings of the 8th USENIX Security Symposium, pp. 169-184, August 1999.
What do you think?What do you think?
http://www.arx.com
For those viewing via webcast, please submit questions for this presentation to [email protected]
