Encryption
Encryption
Encryption is used to secure communications and data storage, particularly authentication credentials and the transmission of sensitive information. It can be used throughout a technological environment, including the operating systems, middleware, applications, file systems, and communications protocols.
Encryption can be used as a preventive control, a detective control, or both. As a prevention control, encryption acts to protect data from disclosure to unauthorized parties. As a detective control, encryption is used to allow discovery of unauthorized changes to data and to assign responsibility for data among authorized parties. When prevention and detection are joined, encryption is a key control in ensuring confidentiality, data integrity, and accountability.
Properly used, encryption can strengthen the security of an institution’s systems. Encryption also has the potential, however, to weaken other security aspects. For instance, encrypted data drastically lessens the effectiveness of any security mechanism that relies on inspections of the data, such as anti-virus scanning and intrusion detection systems. When encrypted communications are used, networks may have to be reconfigured to allow for adequate detection of malicious code and system intrusions.
Although necessary, encryption carries the risk of making data unavailable should anything go wrong with data handling, key management, or the actual encryption. For example, a loss of encryption keys or other failures in the encryption process can deny the institution access to the encrypted data. The products used and administrative controls should contain robust and effective controls to ensure reliability.
Financial institutions should employ an encryption strength sufficient to protect information from disclosure until such time as the information’s disclosure poses no material threat. For instance, authenticators should be encrypted at a strength sufficient to allow the institution time to detect and react to an authenticator theft before the attacker can decrypt the stolen authenticators.
HORSE FACTS: Institutions should employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit.
- Encryption implementations should include:
- Encryption strength sufficient to protect the information from disclosure until such time as disclosure poses no material risk,
- Effective key management practices
- Robust reliability
- Appropriate protection of the encrypted communication’s endpoints
Decisions regarding what data to encrypt and at what points to encrypt the data are typically based on the risk of disclosure and the costs and risks of encryption. The costs include potentially significant overhead costs on hosts and networks. Generally speaking, authenticators are encrypted whether on public networks or on the financial institution’s network. Sensitive information is also encrypted when passing over a public network and also may be encrypted within the institution.
Encryption cannot guarantee data security. Even if encryption is properly implemented, for example, a security breach at one of the endpoints of the communication can be used to steal the data or allow an intruder to masquerade as a legitimate system user.
How Encryption Works
In general, encryption functions by taking data and a variable, called a “key” and processing those items through a fixed algorithm to create the encrypted text. The strength of the encrypted text is determined by the entropy, or degree of uncertainty, in the key and the algorithm. Key length and key selection criteria are important determinants of entropy. Greater key lengths generally indicate more possible keys. More important than key length, however, is the potential limitation of possible keys posed by the key selection criteria. For instance, a 128-bit key has much less than 128 bits of entropy if it is selected from only certain letters or numbers. The full 128 bits of entropy will only be realized if the key is randomly selected across the entire 128-bit range.
The encryption algorithm is also important. Creating a mathematical algorithm that does not limit the entropy of the key and testing the algorithm to ensure its integrity are difficult. Since the strength of an algorithm is related to its ability to maximize entropy instead of its secrecy, algorithms are generally made public and subject to peer review. The more that the algorithm is tested by knowledgeable worldwide experts, the more the algorithm can be trusted to perform as expected. Examples of public algorithms are AES, DES and Triple DES, HSA-1, and RSA.
Encryption Key Management
Since security is primarily based on the encryption keys, effective key management is crucial. Effective key management systems are based on an agreed set of standards, procedures, and secure methods that address
- Generating keys for different cryptographic systems and different applications;
- Generating and obtaining public keys;
- Distributing keys to intended users, including how keys should be activated when received;
- Storing keys, including how authorized users obtain access to keys;
- Changing or updating keys, including rules on when keys should be changed and how this will be done;
- Dealing with compromised keys;
- Revoking keys and specifying how keys should be withdrawn or deactivated;
- Recovering keys that are lost or corrupted as part of business continuity management;
- Archiving keys;
- Destroying keys;
- Logging the auditing of key management-related activities; and
- Instituting defined activation and deactivation dates, limiting the usage period of keys.
Secure key management systems are characterized by the following precautions:
- Key management is fully automated (e.g., personnel do not have the opportunity to expose a key or influence the key creation).
- No key ever appears unencrypted.
- Keys are randomly chosen from the entire key space, preferably by hardware.
- Key-encrypting keys are separate from data keys. No data ever appears in clear text that was encrypted using a key-encrypting key. (A key-encrypting key is used to encrypt other keys, securing them from disclosure.)
- All patterns in clear text are disguised before encrypting.
- Keys with a long life are sparsely used. The more a key is used, the greater the opportunity for an attacker to discover the key.
- Keys are changed frequently. The cost of changing keys rises linearly while the cost of attacking the keys rises exponentially. Therefore, all other factors being equal, changing keys increases the effective key length of an algorithm.
- Keys that are transmitted are sent securely to well-authenticated parties.
- Key-generating equipment is physically and logically secure from construction through receipt, installation, operation, and removal from service.
Encryption Types
Three types of encryption exist: the cryptographic hash, symmetric encryption, and asymmetric encryption.
A cryptographic hash reduces a variable-length input to a fixed-length output. The fixed-length output is a unique cryptographic representation of the input. Hashes are used to verify file and message integrity. For instance, if hashes are obtained from key operating system binaries when the system is first installed, the hashes can be compared to subsequently obtained hashes to determine if any binaries were changed. Hashes are also used to protect passwords from disclosure. A hash, by definition, is a one-way encryption. An attacker who obtains the password cannot run the hash through an algorithm to decrypt the password. However, the attacker can perform a dictionary attack, feeding all possible password combinations through the algorithm and look for matching hashes, thereby deducing the password. To protect against that attack, “salt,” or additional bits, are added to the password before encryption. The addition of the bits means the attacker must increase the dictionary to include all possible additional bits, thereby increasing the difficulty of the attack.
Symmetric encryption is the use of the same key and algorithm by the creator and reader of a file or message. The creator uses the key and algorithm to encrypt, and the reader uses both to decrypt. Symmetric encryption relies on the secrecy of the key. If the key is captured by an attacker, either when it is exchanged between the communicating parties, or while one of the parties uses or stores the key, the attacker can use the key and the algorithm to decrypt messages or to masquerade as a message creator.
Asymmetric encryption lessens the risk of key exposure by using two mathematically related keys, the private key and the public key. When one key is used to encrypt, only the other key can decrypt. Therefore, only one key (the private key) must be kept secret. The key that is exchanged (the public key) poses no risk if it becomes known. For instance, if individual A has a private key and publishes the public key, individual B can obtain the public key, encrypt a message to individual A, and send it. As long as individual A keeps his private key secure from discovery, only individual A will be able to decrypt the message.
Examples of Encryption Uses
Asymmetric encryption is the basis of public key infrastructure. In theory, PKI allows two parties who do not know each other to authenticate each other and maintain the confidentiality, integrity, and accountability for their messages. PKI rests on both communicating parties having a public and a private key, and keeping their public keys registered with a third party they both trust, called the certificate authority, or CA. The use of and trust in the third party is a key element in the authentication that takes place. For example, assume individual A wants to communicate with individual B. A first hashes the message, and encrypts the hash with A’s private key. Then A obtains B’s public key from the CA and encrypts the message and the hash with B’s public key. Obtaining B’s public key from the trusted CA provides A assurance that the public key really belongs to B and not someone else. Using B’s public key ensures that the message will only be able to be read by B. When B receives the message, the process is reversed. B decrypts the message and hash with B’s private key, obtains A’s public key from the trusted CA, and decrypts the hash again using A’s public key. At that point, B has the plain text of the message and the hash performed by A. To determine whether the message was changed in transit, B must re-perform the hashing of the message and compare the newly computed hash to the one sent by A. If the new hash is the same as the one sent by A, B knows that the message was not changed since the original hash was created (integrity). Since B obtained A’s public key from the trusted CA and that key produced a matching hash, B is assured that the message came from A and not someone else (authentication).
Various communication protocols use both symmetric and asymmetric encryption. Transaction layer security (TLS), the successor to Secure Socket Layer (SSL) uses asymmetric encryption for authentication, and symmetric encryption to protect the remainder of the communications session. TLS can be used to secure electronic banking and other transmissions between the institution and the customer. TLS may also be used to secure e-mail, telnet, and FTP sessions. A wireless version of TLS is called WTLS, for wireless transaction layer security.
IPSec is a complex aggregation of protocols that together provide authentication and confidentiality services to individual IP packets. It can be used to create a VPN over the Internet or other untrusted network, or between any two computers on a trusted network. Since IPSec has many configuration options, and can provide authentication and encryption using different protocols, implementations between vendors and products may differ.
SSL and TLS are frequently used to establish encrypted tunnels between the financial institution and Internet banking users. They are also used to provide a different type of VPN than that provided by IPSec.
Secure Shell (SSH) is frequently used for remote server administration. SSH establishes an encrypted tunnel between a SSH client and a server, as well as authentication services.
Encryption may also be used to protect data in storage. The implementation may encrypt a file, a directory, a volume, or a disk.