1 / 67

Auditing Cryptographic Key Management Andrew Moore BSc ACA CISA CISSP IT Audit Manager Barclays Bank PLC 19 October 200

ISACA Northern Chapter meeting 19 October 2005. Session Overview. Basic cryptographic mechanismsImportance of cryptographic controlsControl objectives for cryptographic keys

darshan
Download Presentation

Auditing Cryptographic Key Management Andrew Moore BSc ACA CISA CISSP IT Audit Manager Barclays Bank PLC 19 October 200

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Auditing Cryptographic Key Management Andrew Moore BSc ACA CISA CISSP IT Audit Manager Barclays Bank PLC 19 October 2005

    2. ISACA Northern Chapter meeting 19 October 2005 Session Overview Basic cryptographic mechanisms Importance of cryptographic controls Control objectives for cryptographic keys & Large-scale Key Management in Financial Services Audit approach

    3. ISACA Northern Chapter meeting 19 October 2005 International Standards

    4. ISACA Northern Chapter meeting 19 October 2005 Basic Cryptographic Mechanisms General principles Symmetric cryptography (e.g. DES) Asymmetric cryptography (e.g. RSA) Hash functions (e.g. SHA-1) Message authentication codes (e.g. HMAC) Digital signatures (e.g. DSA) Digital Certificates (e.g. X.509)

    5. ISACA Northern Chapter meeting 19 October 2005 General principles Kerckhoff’s Principle. Only the key should be secret. Cryptographic mechanisms depend on the confidentiality of keys. Algorithms are in the public domain. Over time algorithms become ‘less secure’ as research and technology progresses To engage in secure communications there is a need to securely distribute a secret key or public key. Keys should be changed on a regular basis.

    6. ISACA Northern Chapter meeting 19 October 2005 Symmetric Cryptography

    7. ISACA Northern Chapter meeting 19 October 2005 Symmetric Cryptography (continued) Example algorithms

    8. ISACA Northern Chapter meeting 19 October 2005 Asymmetric Cryptography

    9. ISACA Northern Chapter meeting 19 October 2005 Asymmetric Cryptography (continued) Example algorithms

    10. ISACA Northern Chapter meeting 19 October 2005 Hash Function

    11. ISACA Northern Chapter meeting 19 October 2005 Hash Function (continued) Example algorithms

    12. ISACA Northern Chapter meeting 19 October 2005 Message Authentication Codes

    13. ISACA Northern Chapter meeting 19 October 2005 Message Authentication Codes (continued) Example algorithms

    14. ISACA Northern Chapter meeting 19 October 2005 Digital Signatures

    15. ISACA Northern Chapter meeting 19 October 2005 Digital Signatures (continued) Example Algorithms:

    16. ISACA Northern Chapter meeting 19 October 2005 Digital Certificates

    17. ISACA Northern Chapter meeting 19 October 2005 Basic Cryptographic Mechanisms General principles Symmetric cryptography (e.g. DES) Asymmetric cryptography (e.g. RSA) Hash functions (e.g. SHA-1) Message authentication codes (e.g. HMAC) Digital signatures (e.g. DSA) Digital Certificates (e.g. X.509)

    18. ISACA Northern Chapter meeting 19 October 2005 Auditing Cryptographic Key Management Basic cryptographic mechanisms Importance of cryptographic controls Control objectives for cryptographic keys & Large-scale Key Management in Financial Services Audit approach

    19. ISACA Northern Chapter meeting 19 October 2005 Importance of cryptographic controls Authentication Access Control Data Confidentiality Data Integrity Non-repudiation

    20. ISACA Northern Chapter meeting 19 October 2005 Security Services and Mechanisms Per ISO 7498 -2

    21. ISACA Northern Chapter meeting 19 October 2005 War Stories –Cryptographic controls Sumitomo Mitsui – Police foil Ł220m bank theft Cardsystems Solutions inc – 40million credit card numbers stolen Natwest shut off features to its million-plus online banking customers in response to phishing attacks (BBC News 2004) Positives: “Chip & PIN cutting card fraud” – Fraud involving the stealing and counterfeiting of debit & credit cards has fallen 29% year-on-year. BBC News Online 9 October 05.

    22. ISACA Northern Chapter meeting 19 October 2005 Example 1: Online Banking SSL for authentication of the website. Password or token for authentication of client. Authentication for each component of the infrastructure. Kerberos, PKI. Encryption of data transmitted across each component of the infrastructure to ensure data confidentiality. Data integrity. MAC, Hash. Non-repudiation – Provably secure authentication and processing.

    23. ISACA Northern Chapter meeting 19 October 2005 Example 1: Online Banking

    24. ISACA Northern Chapter meeting 19 October 2005 Example 2: Credit card processing Credit card processing requires multiple parties: Scheme (VISA, Mastercard, etc) Issuer Bank Acquirer Bank Merchant / ATM Card Bureau Card Supplier PIN Mailer Requires: Authentication, confidentiality, integrity, non-repudiation.

    25. ISACA Northern Chapter meeting 19 October 2005 Example 2: Credit card processing Chip & PIN. Validation of the PIN input in an ‘online’ transaction at a merchant or ATM.

    26. ISACA Northern Chapter meeting 19 October 2005 Example 3: Public Key Infrastructure (PKI)

    27. ISACA Northern Chapter meeting 19 October 2005 Auditing Cryptographic Key Management Basic cryptographic mechanisms Importance of cryptographic controls Control objectives for cryptographic keys & Large-scale Key Management in Financial Services Audit approach

    28. ISACA Northern Chapter meeting 19 October 2005 Control Objectives for Cryptographic Keys Integrity of public and private keys Authenticity of public and private keys Availability of public and private keys Confidentiality of private keys

    29. ISACA Northern Chapter meeting 19 October 2005 War Stories – key management weaknesses Ex Microsoft employees obtained Verisign certificates DVD encryption broken because one licensee omitted to encrypt the decryption key. Cambridge researchers publish cryptographic attack to obtain PIN codes. Hackers encrypt business critical data and extort money from the owner for disclosure of the cryptographic key.

    30. ISACA Northern Chapter meeting 19 October 2005 The Challenge: Characteristics of cryptographic keys

    31. ISACA Northern Chapter meeting 19 October 2005 Key Management standards

    32. ISACA Northern Chapter meeting 19 October 2005 Key lifecycle (per ISO 11770)

    33. ISACA Northern Chapter meeting 19 October 2005 Key lifecycle (per ISO 11770)

    34. ISACA Northern Chapter meeting 19 October 2005 Key lifecycle (per ISO 11770)

    35. ISACA Northern Chapter meeting 19 October 2005 Key lifecycle (per ISO 11770)

    36. ISACA Northern Chapter meeting 19 October 2005 Key lifecycle (per ISO 11770)

    37. ISACA Northern Chapter meeting 19 October 2005 Key lifecycle (per ISO 11770)

    38. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 “Principles of key management” Keys shall only exist in those forms permitted by ISO 11568 No one person shall have the capability to access or ascertain any plaintext secret key. Systems shall prevent the disclosure of any secret key that has been or will be used to protect any data. Secret keys shall be generated using a process such that it is not possible to predict any resultant value or to determine that certain values are more probable than others from the total set of all the possible values. Systems should detect the attempted disclosure of any secret key and the attempted use of a secret key for other than its intended purpose.

    39. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 “Principles of key management” (continued) Systems shall prevent or detect the use of a secret key, or portion of that key, for other than its intended purpose, and the accidental or unauthorised modification, use, substitution, deletion or insertion of any key. A key shall be replaced with a new key within the time deemed feasible to determine the old key. A key shall be replaced with a new key within the time deemed feasible to perform a successful dictionary attack on the data enciphered under the old key. A key shall cease to be used when its compromise is known or suspected.

    40. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 “Principles of key management” (continued) The compromise of a key shared among one group of parties shall not compromise keys shared among any other group of parties. A compromised key shall not provide any information to enable the determination of its replacement. A key shall only be loaded into a device when it may be reasonably assured that the device is secure and has not been subjected to unauthorised modification or substitution. _____________________________________________

    41. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 Principle 1 1. Keys shall only exist in those forms permitted by ISO 11568 Within a secure cryptographic device In an enciphered form using a Key Encryption Key (KEK) which either exists in a cryptographic device or is encrypted under a higher level KEK In the form of at least two separate key components protected by split knowledge and dual control

    42. ISACA Northern Chapter meeting 19 October 2005 Hardware Security Modules HSM devices store keys and perform cryptographic functions in a secure, tamper evident environment. NIST FIPS 140-2 defines the security requirements for hardware security modules. Levels 1 to 4. IBM 4758 cryptographic co-processor first to be certified as level 4 compliant.

    43. ISACA Northern Chapter meeting 19 October 2005 Key Hierarchy

    44. ISACA Northern Chapter meeting 19 October 2005 Storage of key components using split knowledge

    45. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 Principles 2 and 3 “No one person shall have the capability to access or ascertain any plaintext secret key.” “Systems shall prevent the disclosure of any secret key that has been or will be used to protect any data” Segregation of duties controls Logical access controls Physical security controls Control Vectors

    46. ISACA Northern Chapter meeting 19 October 2005 Issues to look for – Dr Strangelove

    47. ISACA Northern Chapter meeting 19 October 2005 Segregation of duties controls

    48. ISACA Northern Chapter meeting 19 October 2005 Logical Access Controls

    49. ISACA Northern Chapter meeting 19 October 2005 Physical Security Controls

    50. ISACA Northern Chapter meeting 19 October 2005 Control Vectors What is to stop the application making the following call… Decrypt (EKEK(Data Key), KEK name) …and getting the data key out in clear? Answer: Control Vectors

    51. ISACA Northern Chapter meeting 19 October 2005 Control Vectors (continued) When a key is Imported into the HSM for use, the key is encrypted with the master key exclusive OR’ed with a Control Vector (CV). The CV used depends on the type of key. E MK?CV(Data Key) When the key is used, cryptographic functions in the HSM re-apply the CV depending on the function being used. If the function is different to that which the CV allows, then the result is nonsense – as the wrong CV is used. This is used to protect Key Encryption Keys being used to decrypt data keys.

    52. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 Principle 4 “Secret keys shall be generated using a process such that it is not possible to predict any resultant value or to determine that certain values are more probable than others from the total set of all the possible values.” Key Generation: Must be ‘random’ or non-deterministic (NIST FIPS 140-2)

    53. ISACA Northern Chapter meeting 19 October 2005 Importance of randomness

    54. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 Principle 5 “Systems should detect the attempted disclosure of any secret key and the attempted use of a secret key for other than its intended purpose.” Tamper evident bags Control Vectors

    55. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 Principle 6 “Systems shall prevent or detect the use of a secret key, or portion of that key, for other than its intended purpose, and the accidental or unauthorised modification, use, substitution, deletion or insertion of any key.” Tamper evident bags Control Vectors Monitoring of use of ‘sensitive’ cryptographic functions Review of key check values during key management functions

    56. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 Principle 7 & 8 “A key shall be replaced with a new key within the time deemed feasible to determine the old key.” “A key shall be replaced with a new key within the time deemed feasible to perform a successful dictionary attack on the data enciphered under the old key.” Demonstrable capability to replace keys Key replacement schedule Risk analysis NIST SP 800-57 provides guidance regarding factors to take into account when determining the “Cryptoperiod”

    57. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 Principles 9, 10, 11 “A key shall cease to be used when its compromise is known or suspected.” “The compromise of a key shared among one group of parties shall not compromise keys shared among any other group of parties.” “A compromised key shall not provide any information to enable the determination of its replacement” Defined key compromise plans Demonstrable ability to change cryptographic keys Robust & segregated key hierarchy Non-deterministic key generation / replacement

    58. ISACA Northern Chapter meeting 19 October 2005 ISO 11568 Principle 12 “A key shall only be loaded into a device when it may be reasonably assured that the device is secure and has not been subjected to unauthorised modification or substitution.” HSM Acceptance procedures HSM Maintenance procedures Physical security controls

    59. ISACA Northern Chapter meeting 19 October 2005 Auditing Cryptographic Key Management Basic cryptographic mechanisms Importance of cryptographic controls Control objectives for cryptographic keys & Large-scale Key Management in Financial Services Audit approach

    60. ISACA Northern Chapter meeting 19 October 2005 Audit approach Select & orient the audit team Understand the business Determine the primary risks Identify the primary controls Obtain evidence of design and operational effectiveness Report

    61. ISACA Northern Chapter meeting 19 October 2005 Select & Orient the audit team Suitably skilled & experienced Understanding of cryptographic controls Key Lifecycle awareness Understanding of control objectives for cryptographic keys Familiar with Governance and business processes Familiarity with cryptographic hardware and software in use Generally, good auditors

    62. ISACA Northern Chapter meeting 19 October 2005 Understand the business Obtain Security Policy & Standards Map roles & responsibilities across the organisation Cryptographic usage register Cryptographic key inventory Operational procedures documents Output from Governance and risk processes

    63. ISACA Northern Chapter meeting 19 October 2005 Determine the primary risks Governance & Risk Management always of high importance. Use ISO 11568 as a baseline Based on an understanding of your business, select a subset of the risks to audit. By key usage By key management function By ISO 11568 objective By key lifecycle

    64. ISACA Northern Chapter meeting 19 October 2005 Determine the primary controls The primary controls that mitigate each risk selected Note: Given the dependence on centralised key management operations, there is a requirement for layered control. Each risk may have several layers of controls. Therefore, do not underestimate the time required to audit a key management function.

    65. ISACA Northern Chapter meeting 19 October 2005 Obtain evidence of design and operation of controls Design of controls is likely to be easy as all key management functions should be documented in detail. Operation may be less easy as some functions, such as key renewal, may be performed infrequently.

    66. ISACA Northern Chapter meeting 19 October 2005 Report Link control weaknesses identified back to business impact. Difficult because: Controls are layered. Weaknesses in one does not necessarily result in an immediate business impact. Business impact is not always immediately obvious. Tempting to document the worst case scenario which may have low probability. Tempting to focus on fraud, when impact on availability, reputational damage, regulatory censure, cost of remediation may be more likely. Tempting to document impact as non-compliance with ISO 11568

    67. ISACA Northern Chapter meeting 19 October 2005 Further Reading The Code Book, Simon Singh The music of the primes, Marcus du Sautoy Applied Cryptography, Bruce Schneier Practical Cryptography, Neils Ferguson & Bruce Schneier Users Guide to Cryptography and Standards, Alexander W Dent & Chris J Mitchell Protocols for authentication and key establishment, Colin Boyd, Anish Mathuria Understanding PKI, concepts, standards and deployment considerations, Carlisle Adams and Steve Lloyd.

More Related