Key strategy: Encryption and PKI tools help keep online transactions in order
- By Kevin Jonah
- Sep 11, 2003
Information, digital libertarians say, wants to be free. Certainly, our connected society puts plenty of information just a few keystrokes away, via Google and other search engines.
But of course, not all information should be free or easy. Even the data we try to thoroughly protect is perpetually at risk of exposure.
The first step in keeping information locked away from prying eyes is to keep it safe in transit across the networks that connect users. And that means using encryption suitable to the type of information being transmitted.
But while agencies have secure networks'such as the Defense Department's Secure IP Router Network'most of these networks have depended on operating as closed entities to keep information away from the outside world. Connecting more organizations and citizens to information in a secure way requires that encryption and other security features are compatible across federal agencies.
That's why the General Services Administration is drafting a Federal Acquisition Regulation that will integrate security into the requirements for all federal information technology purchases, mandating compliance with government encryption standards.
The concern is also behind last year's Federal Information Security Management Act, which mandates that all government agencies adhere to the National Institute of Standards and Technology's standards for computer security, except for systems classified as 'national security systems.'
FISMA also ordered NIST to develop governmentwide categories for security. The final version of the document containing information on the classification of systems as national security systems, Guideline for Identifying an Information System as a National Security System, NIST SP 800-59, was released last month. It can be found at csrc.nist.gov/publications/nistpubs.
Yet another of FISMA's mandates was that NIST within the next three years create encryption and security standards for each of the classifications of federal systems that will allow for easier, but still secure, data sharing across agency boundaries. The current state of that work is part of the draft of Federal Information Processing Standard (FIPS) 199, also available on NIST's Web site at csrc.nist.gov
There already is a wealth of encryption standards available to government agencies. And encryption support based on the latest standards'such as the Advanced Encryption Standard approved by NIST in 2001'has been built into an increasing number of commercially available applications and devices.
But standards won't fix the whole problem. They won't solve the thorniest technical issue in maintaining access to encrypted data'key management.
With users needing access to secured information, getting the proper credentials to them becomes a growing logistical challenge.
It's a complicated form of access management. When a user loses a network password, an administrator can recover the password or issue a new one. When a user loses an encryption key, however, and the key hasn't been properly managed, the data could be lost forever.
That's part of the reason for key escrow systems.
The management of encryption keys is a problem that comes in multiple flavors. Encrypted storage'files or whole storage devices'might keep a single encryption key for the entire lifetime of the data within it.
Point-to-point encryption systems, such as encrypted IP networks or remote-office virtual private network connections, share a single key for a fixed period of time that has to be securely distributed to all the points on the network each time it is changed.
And systems that control access to data at an individual level, such as public-key infrastructure systems, require the management of thousands or even millions of pairs of encryption keys, a task that becomes even stickier when those keys are issued by different organizations sharing access to the same data.Compatibility issues
Because PKI systems are used not only to encrypt data but to authenticate the identity of specific users, making sure that the key systems of different agencies are compatible is important to cross-agency collaboration on tasks such as homeland security.
The issue of compatibility between keys issued by different federal agencies is handled to some degree by the Federal Bridge Certification Authority, which uses a cross-certification approach to linking different federal PKI systems.
FBCA's goal is for users to be able to verify the certificate of a user from another agency'by verifying a chain of certificates tagged onto it, ending in one issued by a trusted certificate authority, which issues the digital certificates and encryption keys for the user's PKI system.
FBCA ensures compatibility at the identification level through X.509 certificates; it doesn't ensure that users have access to the public keys of users in other agencies for sending encrypted messages to them. There still has to be an exchange of public keys between users before they can send each other encrypted traffic, but at least FBCA ensures that they can verify the legitimacy of the keys exchanged.
Without FBCA, the federal government would need a single central PKI system'which might be possible, but not at all practical simply from the standpoint of administration and timely key distribution.
Because PKI systems use a public key as part of their encryption system, PKI systems with key management can be used to avoid the problem of lost keys. Data encrypted with PKI relies on one public key, so the private key of the person encrypting the data isn't necessarily required to decrypt it.
NIST's Key Recovery Demonstration Project is developing systems for recovering PKI keys through the use of key management'using the security management infrastructure that issues keys to provide a way to recover data in the event of an emergency.
In the case of shared-key systems such as AES, there's less of a threat of lost keys. Still, because of the size of the keys used in AES and other shared-key systems'up to 256 bits, in AES' case'there's a need to manage keys in a secure way.
Fortunately, key distribution is becoming an integrated part of the management systems for network and application infrastructure, such as network management systems.
This kind of integration will eventually make encryption a transparent part of IT'and make it easier for agencies to collaborate securely. Information might want to be free, but easy management of encryption may manage to keep it happily tied down. Kevin Jonah, a Maryland network manager, writes about computer technology.