Docstoc

Auditing Cryptographic Key Management - ISACA

Document Sample
Auditing Cryptographic Key Management - ISACA Powered By Docstoc
					Auditing Cryptographic Key
Management
Andrew Moore BSc ACA CISA CISSP

IT Audit Manager Barclays Bank PLC

19 October 2005
Auditing Cryptographic Key Management


          Session Overview

          • Basic cryptographic mechanisms
          • Importance of cryptographic controls
          • Control objectives for cryptographic keys & Large-
            scale Key Management in Financial Services
          • Audit approach




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          International Standards
           Organisation                          Example standard
                 IETF             RFC 1321 MD5 Hash Algorithm

                                  RFC 2459 X.509 digital certificates
                  ISO             ISO 14888-3 Digital Signature Algorithm

                 NIST             FIPS 140-2 Security requirements for
                                  cryptographic modules
                ANSI              ANSI X 9.24 – Financial Services Key Management
                                  using the DEA
             RSA Labs             PKCS 1 to 13. Public Key Cryptography Standards

                 IEEE             P1363 standards on Public Key cryptography


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Basic Cryptographic Mechanisms

          • General principles
          • Symmetric cryptography (e.g. DES)
          • Asymmetric cryptography (e.g. RSA)
          • Hash functions (e.g. SHA-1)
          • Message authentication codes (e.g. HMAC)
          • Digital signatures (e.g. DSA)
          • Digital Certificates (e.g. X.509)



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          General principles

          • Kerckhoff‟s Principle. Only the key should be
            secret. Cryptographic mechanisms depend on the
            confidentiality of keys. Algorithms are in the
            public domain.
          • Over time algorithms become „less secure‟ as
            research and technology progresses
          • To engage in secure communications there is a
            need to securely distribute a secret key or public
            key.
          • Keys should be changed on a regular basis.


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Symmetric Cryptography

           Encryption             C=Ek(P)
               Plaintext                         Encryption   Ciphertext
                                                 Algorithm
                   Key

           Decryption P= Dk(C)
            Ciphertext       Decryption                       Plaintext
                                                 Algorithm
                   Key


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Symmetric Cryptography (continued)

          Example algorithms
            Algorithm     Key Length       Block          Standards
                                            Size

               DES,       56 112/168         64       FIPS 46 / ANSI X3.92
            Triple-DES

               AES            128           128            FIPS 197

             KASUMI           128            64               #1

               IDEA             128            64              #2
            #1 – likely to be included in ISO 18033     #1, #2 included in ISO 9979
            Other algorithms: Lucifer, Madryga, NewDES, FEAL, REDOC, LOKI, Khufu, Khafre, RC2,
            MMB, CA-1.1, Skipjack, GOST, CAST, Blowfish, SAFER, 3-Way, Crab, MBAL, RC5, Crypto-
            Meccano, McEliece, Rao-Nam, Li-Wang, CALC, TEA, Vino, MacGuffin, BaseKing.



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Asymmetric Cryptography

           Key Generation:                  Private Key       Public Key

           Encryption C=Ek1(P)
                Plaintext      Encryption                             Ciphertext
                               Algorithm
               Public Key
           Decryption              P=Dk2(C)
                   Ciphertext                    Decryption
                                                                      Plaintext
                                                 Algorithm
                  Private Key

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Asymmetric Cryptography (continued)

          Example algorithms
             Algorith          Key length                Based on                   Standard
                m

               RSA         512/1024/2048/4096     Factoring large primes         RSA PKCS #1

             ElGamal       512/1024/2048/4096        Discrete logarithms                -

              ECC              130 - 200
           Other standards: IEEE 1363, ISO 18033-2     Elliptic Curves           RSA PKCS #13

           Other algorithms: Knapsack, Pohlig-Hellman, Rabin, Williams, McEliece, LUC, FAPKC.




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Hash Function

           Generate Hash Code
                Input                             Hash         Fixed
              (any size)                         Function   length Hash
                                                               Code
           Requirements of a Hash Function:
                 • One way
                 • Collision resistance




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Hash Function (continued)

          Example algorithms

               Function       Hash size                      Standards
                                (bits)

                SHA-1            160             IETF RFC 3174 / NIST FIPS 180 / ISO
                                                              10118-3

              RIPEMD-            128                        ISO 10118-3
           Other examples include: SHA-224, SHA-256, SHA-384, SHA-512, RIPEMD-160,
                 128
           WHIRLPOOL, MD2, MD4, MD5
                 MD5            128                     IETF RFC 1321




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Message Authentication Codes

           MAC generation
               Plaintext                           MAC       Fixed length
                                                 Algorithm       MAC
                   Key

           Requirements of a MAC Algorithm:
           •Usability – Computing a MAC from a message and a
           key must be straight-forward
           •Infeasible to find a MAC for a given message without
           the secret key

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Message Authentication Codes (continued)

          Example algorithms

                       Algorithm                     Type             Standard

                SMAC, EMAC, ARMAC,               Block cipher         ISO 9797-1
                        MacDES                       CBC

                         HMAC                    Hash function   ISO 9797-2, IETF RFC
                                                                        2104

                          MAA                     Dedicated           ISO 8731-2




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Digital Signatures

           Key Generation:                   Private Key        Public Key

           Signing
               Plaintext                                                       Signed
                                             Hash          Asymmetric
                                                           Encryption         message
             Private Key                                    Algorithm

           Verification
                 Signed
                message                          Verification           “Valid”or
                                                  Algorithm             ”invalid”
               Public key

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Digital Signatures (continued)

          Example Algorithms:

              Algorith                           Standards
                 m

                DSA          NIST FIPS 186, ANSI X9.30 & x9.62, IEEE 1363, ISO
                                                  14888-3
           Other algorithms: GOST, ElGamal, Ong-Schnorr-Shamir, ESIGN, Cellular Automata,
               RSA                   ANSI
           Matsumoto-Imai, Cade, Yagisawax9.31, ISO 9796-2 & 14888-3
              based
           Note:
           Digital signatures do not provide confidentiality – just message
           integrity, confirmation of source and possibly non-repudiation (if
           ownership and confidentiality of the private key is provable).


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


         Digital Certificates
           Include:
           •Distinguished Name
           •Public Key
           •Key usage
           •Signed by a trusted third party (digital signature)


           IETF RFC 2459 defines the X.509 v3 certificate
           format


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Basic Cryptographic Mechanisms

          • General principles
          • Symmetric cryptography (e.g. DES)
          • Asymmetric cryptography (e.g. RSA)
          • Hash functions (e.g. SHA-1)
          • Message authentication codes (e.g. HMAC)
          • Digital signatures (e.g. DSA)
          • Digital Certificates (e.g. X.509)



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Auditing Cryptographic Key Management

          • Basic cryptographic mechanisms
          • Importance of cryptographic controls
          • Control objectives for cryptographic keys & Large-
            scale Key Management in Financial Services
          • Audit approach




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Importance of cryptographic controls
          ISO 7498-2 (OSI Security Architecture) defines thirteen
          Security Mechanisms that deliver five Security
          Services:
          1. Authentication
          2. Access Control
          3. Data Confidentiality
          4. Data Integrity
          5. Non-repudiation
          In addition to the security services defined above there are also
          privacy and availability security requirements.
          Note: Definitions of the above can be found in IETF RFC 2828

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Security Services and Mechanisms

          Per ISO 7498 -2
              Security Service                          Security Mechanisms

            Authentication            Encipherment, digital signature, authentication
                                      protocols

            Access Control            Access control mechanisms (e.g RACF). Privileged
                                      Management Infrastructure (PMI).

            Data Confidentiality      Encipherment

            Data Integrity            Encipherment, digital signature, MAC

            Non-repudiation           Digital signature, data integrity, notarisation (e.g.
                                      Kerberos, PKI).



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          War Stories –Cryptographic controls

         • Sumitomo Mitsui – Police foil £220m bank theft
         • Cardsystems Solutions inc – 40million credit card numbers
           stolen
         • Natwest shut off features to its million-plus online banking
           customers in response to phishing attacks (BBC News 2004)
         Positives:
         • “Chip & PIN cutting card fraud” – Fraud involving the
           stealing and counterfeiting of debit & credit cards has fallen
           29% year-on-year. BBC News Online 9 October 05.



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Example 1: Online Banking

          • SSL for authentication of the website. Password or token for
            authentication of client.
          • Authentication for each component of the infrastructure.
            Kerberos, PKI.
          • Encryption of data transmitted across each component of the
            infrastructure to ensure data confidentiality.
          • Data integrity. MAC, Hash.
          • Non-repudiation – Provably secure authentication and
            processing.



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Example 1: Online Banking

            Customer     SSL session    Webserver          HSM
             browser


                                                 A, E, I

                          HSM             Content                    TTP                   HSM
                                          delivery
                                           server                PKI, Kerberos
                                                                   or other
                                                 A, E, I
                          HSM            Internet
                                        Application
              HSM                         Server
                                                                                 Key
                                                 A, E, I
                              A, E, I                                            A: Authentication
         Legacy System                  Transaction
           Customer                       handler                                E: Encryption
            account                                        HSM                   I: Integrity



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Example 2: Credit card processing

          Credit card processing requires multiple parties:
          • Scheme (VISA, Mastercard, etc)
          • Issuer Bank
          • Acquirer Bank
          • Merchant / ATM
          • Card Bureau
          • Card Supplier
          • PIN Mailer
          Requires: Authentication, confidentiality, integrity, non-
            repudiation.
ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Example 2: Credit card processing

          Chip & PIN. Validation of the PIN input in an „online‟
          transaction at a merchant or ATM.
             Card             POS device         Eawk(PIN)       Acquirer Bank
                                or ATM
              PIN

                         1. Encrypt PIN                                   Eawk(PIN)
                         Eawk(PIN)
                                                                 Card Scheme     2. Decrypt Eawk(PIN)
                                                                  (e.g. VISA)    and re-encrypt
                                                                                 Eiwk(PIN)

                                                                           Eiwk(PIN)
                                          3. Decrypt Eiwk(PIN)    Issuer Bank
                                               and re-encrypt
                                                    Eihwk(PIN)
                                      4. Compare Eihwk(PIN)
                                         to stored Eihwk(PIN)
ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Example 3: Public Key Infrastructure (PKI)
                         FO1                                           Smartcard
                                           Registration                fulfilment
                         FO2                Authority
                                              (RA)
                         FO3
           End-Users




                                                                       Certification
                                                                        Authority
                         App1              OCSP                           (CA)


                         App2
                                           LDAP
                         App3                                                  Root


                                                                Sub-CA       Sub-CA      Sub-CA


                                                          Use    Use        Use        Use   Use
                                                           r      r          r          r     r


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Auditing Cryptographic Key Management

          • Basic cryptographic mechanisms
          • Importance of cryptographic controls
          • Control objectives for cryptographic keys & Large-
            scale Key Management in Financial Services
          • Audit approach




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Control Objectives for Cryptographic Keys

           Cryptographic controls are only effective if the
           following are assured:

          • Integrity of public and private keys
          • Authenticity of public and private keys
          • Availability of public and private keys
          • Confidentiality of private keys




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          War Stories – key management
          weaknesses
          • Ex Microsoft employees obtained Verisign certificates
          • DVD encryption broken because one licensee omitted to
            encrypt the decryption key.
          • Cambridge researchers publish cryptographic attack to
            obtain PIN codes.
          • Hackers encrypt business critical data and extort money
            from the owner for disclosure of the cryptographic key.




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          The Challenge:
          Characteristics of cryptographic keys
              Characteristic                                 Examples
            Symmetric /                Single secret key or public / private key pairs
            Asymmetric

            Variable lifetime          Single use to 20 years+

            Variable key length        56/112/168 bit DES 512/1024/2048/4096 bit RSA

            Different functionality    Key Encryption Key, Session key

            Control requirements       Archive, export

            Physical location          Generated and stored in same device  generated,
                                       stored, used in multiple devices in multiple third parties.

            Storage                    In hardware security modules, encrypted under a KEK in
                                       software, in multiple key parts on paper.

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Key Management standards

              Standard                             Description
               ISO 11770         Three part general purpose standard on key
                                 management
              ANSI X9.17         Key management issues between banking
                                 establishments. Based on Single DES. Now
                                 withdrawn.
               ISO 8732          Based on X9.17

              ANSI X9.24         Key management between retail banking devices.

               ISO 11568         Based on X9.24

             NIST 800-57         Recommendation for Key Management

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Key lifecycle (per ISO 11770)

               Generation

                Activation

              Deactivation

              Reactivation

               Destruction


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Key lifecycle (per ISO 11770)

               Generation                        Generate Key     Mandatory
                                                 Register Key     Optional
                                                 Create key       Optional
                Activation                       certificate
                                                                  Optional
                                                 Distribute key
                                                                  Optional
              Deactivation                       Store key




              Reactivation

               Destruction


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Key lifecycle (per ISO 11770)

               Generation                        Install key      Mandatory
                                                 Create key       Optional
                                                 certificate
                                                                  Optional
                Activation                       Derive key
                                                                  Optional
                                                 Distribute key
                                                                  Optional
                                                 Register key
              Deactivation                                        Optional
                                                 Store key


              Reactivation

               Destruction


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Key lifecycle (per ISO 11770)

               Generation

                Activation
                                                 Archive key   Optional
              Deactivation                       Revoke key    Optional
                                                 Store key     Optional


              Reactivation

               Destruction


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Key lifecycle (per ISO 11770)

               Generation

                Activation

              Deactivation
                                                 Install key      Mandatory
                                                 Create key       Optional
                                                 certificate
              Reactivation                                        Optional
                                                 Derive key
                                                                  Optional
                                                 Distribute key
                                                                  Optional
               Destruction                       Store key




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Key lifecycle (per ISO 11770)

               Generation

                Activation

              Deactivation

              Reactivation                       Destroy key      Mandatory
                                                 Deregister key   Mandatory
                                                 Archive key      Optional
               Destruction


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 “Principles of key management”

          1.    Keys shall only exist in those forms permitted by ISO 11568

          2.    No one person shall have the capability to access or ascertain any
                plaintext secret key.

          3.    Systems shall prevent the disclosure of any secret key that has
                been or will be used to protect any data.

          4.    Secret keys shall be generated using a process such that it is not
                possible to predict any resultant value or to determine that certain
                values are more probable than others from the total set of all the
                possible values.

          5.    Systems should detect the attempted disclosure of any secret key
                and the attempted use of a secret key for other than its intended
                purpose.
ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 “Principles of key management”
          (continued)
          6.    Systems shall prevent or detect the use of a secret key, or portion
                of that key, for other than its intended purpose, and the accidental
                or unauthorised modification, use, substitution, deletion or
                insertion of any key.

          7.    A key shall be replaced with a new key within the time deemed
                feasible to determine the old key.

          8.    A key shall be replaced with a new key within the time deemed
                feasible to perform a successful dictionary attack on the data
                enciphered under the old key.

          9.    A key shall cease to be used when its compromise is known or
                suspected.


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 “Principles of key management”
          (continued)
          10. The compromise of a key shared among one group of parties shall
              not compromise keys shared among any other group of parties.

          11. A compromised key shall not provide any information to enable the
              determination of its replacement.

          12. A key shall only be loaded into a device when it may be reasonably
              assured that the device is secure and has not been subjected to
              unauthorised modification or substitution.

                       _____________________________________________




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 Principle 1

          1. Keys shall only exist in those forms permitted by ISO 11568

                – Within a secure cryptographic device

                – In an enciphered form using a Key Encryption Key (KEK) which
                  either exists in a cryptographic device or is encrypted under a higher
                  level KEK

                – In the form of at least two separate key components protected by
                  split knowledge and dual control

           Note: If a compromise would affect only one party, plaintext secret keys
           may also exist in a physically secure environment operated by, or on
           behalf of, that party.


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Hardware Security Modules

          HSM devices store keys and
          perform cryptographic
          functions in a secure, tamper
          evident environment.
          NIST FIPS 140-2 defines the
          security requirements for
          hardware security modules.
          Levels 1 to 4.
          IBM 4758 cryptographic co-             What makes a device NIST
          processor first to be certified        FIPS 140-2 L4 complaint?
          as level 4 compliant.


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Key Hierarchy

                                                            Recovery Key
                                   Offline


                         HSM in clear &           Master Key          Master Key

                     Database Erk(MK)


                                                 Key Encryption     Key Encryption   Key Encryption
                    Database Emk(kek)              Key (KEK)          Key (KEK)        Key (KEK)




           Database Ekek(DK) and/or              Data / Session     Data / Session   Data / Session
                                                      Key                Key              Key
          Application in HSM in clear


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Storage of key components using split
          knowledge
                       Key split into 3 components   Key component




                               Logging and checks    Tamper evident
                                                         bags


                      Contents and access logging    Lockable safe
                                                        drawer


                     Separate key holder. Regular         Safe
                                            audit

                    Dual access control Biometrics    Secure room
                                          Logging

                                 Restricted access   Restricted area


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 Principles 2 and 3
          “No one person shall have the capability to access or
          ascertain any plaintext secret key.”
          “Systems shall prevent the disclosure of any secret key
          that has been or will be used to protect any data”

          •   Segregation of duties controls

          •   Logical access controls

          •   Physical security controls

          •   Control Vectors




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Issues to look for – Dr Strangelove




            Beware a “Plan R”


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Segregation of duties controls




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Logical Access Controls

                                            HSM              TKE
                                                             WS


                 1                      2           3

                                                             DKMS
             Application                    ICSF   DKMS       WS




                                      CKDS
                                                     Key
                                                   storage

                                             4       5
          Mainframe



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Physical Security Controls


                                                          Video Surveillance
                              TKE         DKMS    PIN
                                           WS    Mailer
                                                          Dual control

                               Safe              Other    Access logging,
                                                          monitoring and alarm
                         Faraday Cage

                   “level 1” Biometric access

            “Level 2” restricted access


      “Level 3” employee access


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Control Vectors

          What is to stop the application making the following call…
          Decrypt (EKEK(Data Key), KEK name)
          …and getting the data key out in clear?


          Answer: Control Vectors




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Control Vectors (continued)

          When a key is Imported into the HSM for use, the key is
          encrypted with the master key exclusive OR’ed with a
          Control Vector (CV). The CV used depends on the type
          of key.
          E MKCV(Data Key)
          When the key is used, cryptographic functions in the
          HSM re-apply the CV depending on the function being
          used. If the function is different to that which the CV
          allows, then the result is nonsense – as the wrong CV is
          used.
          This is used to protect Key Encryption Keys being used
          to decrypt data keys.
ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 Principle 4
          “Secret keys shall be generated using a process such
          that it is not possible to predict any resultant value or to
          determine that certain values are more probable than
          others from the total set of all the possible values.”



          Key Generation:
          • Must be „random‟ or non-deterministic (NIST FIPS
            140-2)



ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Importance of randomness




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 Principle 5
          “Systems should detect the attempted disclosure of any
          secret key and the attempted use of a secret key for
          other than its intended purpose.”


          •   Tamper evident bags

          •   Control Vectors




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 Principle 6
          “Systems shall prevent or detect the use of a secret key,
          or portion of that key, for other than its intended purpose,
          and the accidental or unauthorised modification, use,
          substitution, deletion or insertion of any key.”

          •   Tamper evident bags

          •   Control Vectors

          •   Monitoring of use of „sensitive‟ cryptographic functions

          •   Review of key check values during key management functions




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 Principle 7 & 8
           “A key shall be replaced with a new key within the time
              deemed feasible to determine the old key.”
              “A key shall be replaced with a new key within the time
              deemed feasible to perform a successful dictionary
              attack on the data enciphered under the old key.”

          •    Demonstrable capability to replace keys

          •    Key replacement schedule

          •    Risk analysis

                – NIST SP 800-57 provides guidance regarding factors to take into
                  account when determining the “Cryptoperiod”


ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 Principles 9, 10, 11
          “A key shall cease to be used when its compromise is
          known or suspected.”
          “The compromise of a key shared among one group of
          parties shall not compromise keys shared among any
          other group of parties.”
          “A compromised key shall not provide any information to
          enable the determination of its replacement”
          •   Defined key compromise plans

          •   Demonstrable ability to change cryptographic keys

          •   Robust & segregated key hierarchy

          •   Non-deterministic key generation / replacement

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          ISO 11568 Principle 12
          “A key shall only be loaded into a device when it may be
          reasonably assured that the device is secure and has not
          been subjected to unauthorised modification or
          substitution.”

          •   HSM Acceptance procedures

          •   HSM Maintenance procedures

          •   Physical security controls




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Auditing Cryptographic Key Management

          • Basic cryptographic mechanisms
          • Importance of cryptographic controls
          • Control objectives for cryptographic keys & Large-
            scale Key Management in Financial Services
          • Audit approach




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Audit approach

          • Select & orient the audit team
          • Understand the business
          • Determine the primary risks
          • Identify the primary controls
          • Obtain evidence of design and operational
            effectiveness
          • Report




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Select & Orient the audit team

          Suitably skilled & experienced
          • Understanding of cryptographic controls
          • Key Lifecycle awareness
          • Understanding of control objectives for
            cryptographic keys
          • Familiar with Governance and business processes
          • Familiarity with cryptographic hardware and
            software in use
          • Generally, good auditors

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Understand the business

          • Obtain Security Policy & Standards
          • Map roles & responsibilities across the
            organisation
          • Cryptographic usage register
          • Cryptographic key inventory
          • Operational procedures documents
          • Output from Governance and risk processes




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Determine the primary risks

          • Governance & Risk Management always of high
            importance.
          • Use ISO 11568 as a baseline
          • Based on an understanding of your business,
            select a subset of the risks to audit.
                – By key usage
                – By key management function
                – By ISO 11568 objective
                – By key lifecycle

ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Determine the primary controls

          • The primary controls that mitigate each risk
            selected


              Note: Given the dependence on centralised key
              management operations, there is a requirement for
              layered control. Each risk may have several layers
              of controls. Therefore, do not underestimate the
              time required to audit a key management function.




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Obtain evidence of design and operation of
          controls
          • Design of controls is likely to be easy as all key
            management functions should be documented in
            detail.
          • Operation may be less easy as some functions,
            such as key renewal, may be performed
            infrequently.




ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Report
          • Link control weaknesses identified back to
            business impact. Difficult because:
                – Controls are layered. Weaknesses in one does not
                  necessarily result in an immediate business impact.
                – Business impact is not always immediately obvious.
                – Tempting to document the worst case scenario
                  which may have low probability.
                – Tempting to focus on fraud, when impact on
                  availability, reputational damage, regulatory
                  censure, cost of remediation may be more likely.
                – Tempting to document impact as non-compliance
                  with ISO 11568
ISACA Northern Chapter meeting 19 October 2005
Auditing Cryptographic Key Management


          Further Reading
          •   The Code Book, Simon Singh

          •   The music of the primes, Marcus du Sautoy

          •   Applied Cryptography, Bruce Schneier

          •   Practical Cryptography, Neils Ferguson & Bruce Schneier

          •   Users Guide to Cryptography and Standards, Alexander W Dent & Chris
              J Mitchell

          •   Protocols for authentication and key establishment, Colin Boyd, Anish
              Mathuria

          •   Understanding PKI, concepts, standards and deployment considerations,
              Carlisle Adams and Steve Lloyd.



ISACA Northern Chapter meeting 19 October 2005

				
DOCUMENT INFO