Enterprise Key Management and Protection Whitepaper

Home , Infineon Technologies, ROCA vulnerability

Key Management and Protection in a Connected World: Analysis of Available Technologies

White Paper

As corporate IT becomes more digital and dispersed, security CONTENTS: functions that leverage cryptography - data encryption, digital signing, and authentication, for example - have come to play an increasingly 1. Impact of Digital vital role in organizations’ cybersecurity strategies and regulatory Transformation on Key compliance initiatives. Management and Protection » The digital transformation has not only impacted the use of 2. Key Management Security cryptography as part of IT security, but also the underlying methods Principles » for the critical task of protecting and controlling cryptographic keys. Enterprise key management solutions are evolving to address 3. Assessment of Key Protection organizations’ changing needs as they migrate to distributed IT and Methods » hybrid cloud environments, addressing both lifecycle management of • Dedicated Hardware » keys and their protection from unauthorized use or theft. Endpoint • Software Tokens and Vaults » security solutions leveraging cryptography are also advancing in the wake of the internet of things, BYOD and consumer-oriented mobile • Trusted Execution services and apps, with security requirements often weighed against Environments » user experience, deployment and support considerations. • Multi-Party Computation »

This document provides in-depth analysis of traditional as well as 4. Conclusion » emerging cryptographic key management and protection technologies available today. We cover both security and usability considerations, to help IT security professionals assess the extent to which each technology fits their current and future business needs.

As businesses transform their IT, key management methods must evolve in tow, supporting agility, scalability and usage requirements. At the same time, the highest standards of key protection must be maintained—otherwise the very foundation of security provided by cryptography is compromised.

For years, organizations have been using EXPLOSION OF DATA AND cryptography to encrypt, sign, authenticate and CONNECTIVITY validate the integrity of corporate digital assets and With a constant influx of people and things joining users. With the rise of digital and cloud computing, the digitization trend globally, vast amounts of data as organizations rely on open, externally managed are being created, stored, processed and and shared infrastructure, they are exposed to communicated, raising security and privacy increasingly sophisticated cyber-attacks with concerns. At the same time, IT infrastructure is potentially devastating ramifications. In addition, increasingly open and connected, making data more they are required to comply with increasingly accessible and thus vulnerable to theft. stringent security and privacy regulations. In this changing landscape, cryptography is becoming ever Cryptography is one of the foundational tools that more important as a means for organizations to organizations can use to protect sensitive data protect and grow their business. wherever it resides. To address increasing data security requirements, organizations need to step up One of the pillars of cryptography implementation is their key management capabilities accordingly. Not the secure storage and management of the keys only is scalability in terms of volume of keys and key used to perform cryptographic operations. Strong operations critical, but also the flexibility to address protection of cryptographic keys is critical because in a bigger range of use cases with increasing levels of case of undesired exposure or use, organizations risk sophistication, such as application-level data completely undermining the security of the assets encryption, database encryption, and strong that their cryptography schemes were designed to authentication. protect, much like exposing the key to a safe. If they get into the wrong hands, keys can be used for mass theft of sensitive data, online fraud, or distribution of malware in the name of a legitimate organization, Volume of Data Created Globally to name just a few examples. 180 Following is a brief overview of some of the main 160 facets of digital transformation and how they impact 140 key management and protection requirements. 120 100

Zettabytes 80

0 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 Source: IDC’s Data Age 2025 study, sponsored by Seagate, April 2017

Copyright 2018, Unbound Tech Inc. 3 IT WITHOUT PERIMETERS DevSecOps Hybrid cloud and data center infrastructures are the Sec new norm for many businesses. According to the Create Plan Release Configure Detect Thales 2018 Global Threat Report, 84% of organizations globally are using more than one IaaS vendor and 34% use over 50 SaaS applications. In Dev Ops addition, a plethora of endpoint devices are Monitoring Monitoring & & connecting to corporate networks, with increasing Analytics Analytics adoption of BYOD and the internet of things. As companies diversify their infrastructure, new security challenges arise around protecting sensitive Verify Preproduction Adapt Predict Respond keys in an open and uncontrolled environment, which must be addressed. Source: Gartner (September 2016) Further, faced with different key protection requirements and constraints across different Cryptography implementations must adapt to new platforms, organizations may end up with key application development practices, not only to serve protection silos that are complex to manage and these applications in performing security functions difficult to conform with corporate security policies. such as encryption and digital signing, but also to Platform-agnostic solutions will likely provide an enable application security techniques such as code advantage to organizations with highly distributed signing in an agile environment, and to address new infrastructures. security needs such as identifying, authenticating and protecting individual containers. CHANGING APPLICATION From a technology standpoint, to be practical for DEVELOPMENT AND DELIVERY agile and cloud-scale applications, the cryptographic New software development practices and tools such key management and protection mechanisms as DevOps, continuous integration and delivery, themselves need to be agile, elastic, and automated. containers and microservices are increasingly being adopted for business applications, to enable faster NEW CRYPTO-BASED DIGITAL SERVICES and more frequent release cycles. The integration of The digital transformation is enabling new crypto security into these new practices, termed services and applications that were not possible in DevSecOps, requires significant change in security the past, such as cryptocurrency wallets and mindset and technology. exchanges. Companies that wish to leverage these services as a core or ancillary part of their business must be able to support advanced cryptography

schemes and have robust key protection by design.

We know that strong key protection is paramount to the effective use of cryptography, but how can we judge the level of security provided by a key management solution? It comes down to a few criteria that guide the design of key protection mechanisms and determine their security strength.

A number of key management and protection • Physical access attacks are possible when the technologies are available today. Some have been in attacker can obtain physical proximity to the use for many years, while others are emerging in hardware on which the keys reside. The most response to the transforming IT environment. prevalent physical threat today is hardware- Key management solutions need to fulfill a core based side-channel attacks. In such attacks, the tenet of cryptography: they must protect keys from aversary deduces secret data located inside the exposure and unauthorized use. So, before we machine by measuring hardware characteristics, review the available solutions, let’s first take a closer such as power usage or noise levels, which vary look at the security principles that determine the based on data processing activities inside the effectiveness of a key protection scheme. machine. These characteristics are called side channels because they reveal additional NON-EXTRACTABILITY information besides the regular data inputs and outputs. Like a safe, the primary role of key protection schemes is to prevent extraction of cryptographic • Software side-channel attacks are possible when key material by people or machines, to prevent their an attacker can exploit logical access to the theft and unauthorized use. machine where keys are protected to extract key material via software-based side-channel The theft of cryptographic keys is disastrous because information. Attackers can achieve this by attackers can use the keys freely for all intended running a separate software application co- purposes (i.e. sign transactions, authenticate to located on the machine, crafted to extract key business-critical applications, decrypt sensitive material from shared resources such as the CPU content). or cache. In virtualized environments, such co- Because the keys remain intact in their original location attacks are possible even from a location, detection of such attacks can be very different virtual machine (VM) running on the difficult and typically occurs only after significant same host machine as the target VM where keys damage has been done. are stored, without compromising the hypervisor, Key protection mechanisms should prevent and even if the two VMs are running on different extraction of key material via both software and cores on the same host machine. physical access-based attacks, which can be categorized generally as follows:

Side-channel attacks enable adversaries to gain information about secret data stored and/or processed inside a system via additional (side) information beyond what can be learned from system input and output data. A human analogy to a side-channel attack is learning a person’s secret thoughts by examining that person’s facial expressions or voice characteristics. Since the late 1990s, security researchers have uncovered numerous side channels proven to expose cryptographic keys in multiple computer systems.

Copyright 2018, Unbound Tech Inc. 5 • Classic software attacks can occur when an In the context of key protection and management attacker breaches the machine on which the keys systems, protections include stringent access are protected, for example by stealing access controls, as well as features that enable rapid credentials or installing malware. If the attacker detection and mitigation in case of a breach leading obtains privileged user access on the machine, to unauthorized use of keys. the potential for damage is highest. One possible software attack method is process injection, in AGILITY which custom code that performs a malicious The rapid pace of IT innovation, increasing function, such as extracting private keys to sophistication of hackers, and widespread another location specified by the adversary, is availability of hacking tools online are all compelling inserted within another process in the legitimate organizations to react quickly to new security threats key protection software. and support new application requirements in a In modern data center and cloud platforms, which timely fashion. typically have strong physical security while compute To address this need, organizations need agility in and storage resources are shared, software attacks their cryptographic key protection implementations are of much greater concern than physical attacks. for multiple purposes: Hardware-based side-channel attacks are a concern • Adding support for new cryptographic algorithms mainly for endpoint devices because they are mobile and protocols to address new application and dispersed by design. requirements (for example, new elliptic curves KEY USAGE CONTROL considered to be more secure or for cryptocurrency signing) Even without stealing keys, attackers can potentially compromise them by finding a way to use them • Adding support for new cryptographic algorithms illegitimately within their protected environment. that arise in anticipation of future threats (for Example attack methods include breaching a example, algorithms designed for post-quantum machine or application that has permission to use secure cryptography) private keys, or using a stolen client certificate to • Fixing discovered cryptographic algorithm create a bogus application server that is allowed vulnerabilities that compromise keys (e.g. access to the keys. protection against padding oracle attacks, This problem has no straightforward solution but protocol attacks like Lucky Thirteen and POODLE, must be considered seriously, especially in certain and other attacks on the cryptographic applications of cryptography where even a single mechanism like ROCA) misuse can be detrimental: Imagine a certificate • Fixing vulnerabilities discovered in the key authority issuing code signing certificates that are protection mechanism itself (e.g. hardware fixes used to mask malware as legitimate code, due to new side channels, or software cryptocurrency theft, or fraudulent access to a vulnerabilities like Heartbleed on OpenSSL or API sensitive account. attacks on PKCS#11) Usage control is the extent to which enterprises can establish and enforce policies on how their keys are used, and who is authorized to use them.

Copyright 2018, Unbound Tech Inc. 6 TRUST • broken without physical access, or mathematically At the end of the day, organizations rely on third proven guarantees that key material cannot be parties to provide the hardware, software and extracted services that protect their keys. Therefore, beyond a • Track record and experience of the key protection technical assessment of the extractability, key usage solution vendor control, and agility aspects mentioned above, • Product security testing and certifications organizations should evaluate their level of confidence that their key protection solutions Organizations using cloud and managed services actually deliver the security they claim. should consider another fundamental question: Who controls the keys used Clearly, there, there is no 100is no 100 and/or managed by these percent guaranteeguarantee of of security security services? It is critical that even inin the the most most trusted trusted and and A false sense of security organizations be aware of well-conceived solutionssolutions. .Still, Still, can be far more dangerous the implications of yielding the elementelement of of trust trust deserves deserves k ey management and careful considerationconsideration. A. falseA false than awareness of a lack control to external vendors. sense ofof security security can can be farbe far thereof The company offering the mmore o r edangerous d a n g e than r o u s t h a n service, even if trusted, may awareness ofof a lacka lack thereof thereof. . trusted, may be breached. Factors that can build trust in the security level of a The ability to detect and quickly respond to key management and protection solution include: suspected misuse of keys may be limited. In addition, • Guarantees of security inherent in the technology subpoenas are always a concern in such solutions. – for example, key protection that cannot be

Trust

Non- Agility Extractability

Key Usage Control

Key management security principles

Organizations today have a range of options for protecting their keys, from traditional field-proven dedicated hardware solutions to software methods and emerging models designed for modern hybrid cloud deployments. Understanding the security and usability traits of each approach enables businesses to choose the optimal key protection solutions for their needs.

In the previous section, we discussed the factors that determine the security level of a key protection method. Following is an overview of the prevalent methods available today, including an assessment of both security and usability aspects. Dedicated Hardware The most common and long-serving approach to key Different form factors are available to suit varied use protection is dedicated crypto hardware devices. cases, including hardware security modules (HSMs) These security hardened devices are expressly and key management systems on the cloud and data created to generate and store keys and to perform center, or trusted platform modules (TPMs), cryptographic operations inside the device, to smartcards and tokens on the endpoint side. prevent the keys’ exposure throughout their lifecycle.

Security Assessment Furthermore, these products commonly pass industry accepted certifications such as FIPS 140-2 and NON-EXTRACTABILITY Common Criteria to ensure compliance with stringent security standards. Cryptographic hardware solutions offer strong guarantees of security based on both physical and Historically, smartcards and tokens suffered from logical isolation. Physical protections include strong devastating vulnerabilities to hardware side-channel enclosures, tamper-proofing and tamper-resistant attacks. Today the standard of security against such mechanisms. Logical protections include intrinsic attacks is significantly higher, though problems still assurances that keys are never exported in normal exist, mainly in low-end devices (one example is the operation, and that no other software (which could Korea transit cards whose vulnerability was potentially be exploited for attack) can run on the demonstrated at Black Hat Asia in 2017). crypto hardware.

Copyright 2018, Unbound Tech Inc. 8 KEY USAGE CONTROL Another instance of a severe security weakness in Hardware cryptographic devices typically offer cryptographic hardware is the PKCS#11 API robust access controls for administrative operations, vulnerability discovered in SafeNet Luna HSMs in with the ability to set stricter policies for sensitive 2015. A flaw in the API opened the possibility for tasks such as backup of keys in an HSM. Possible attackers to extract secret keys from the HSM. From access control measures include physical presence the time when the flaw was discovered to the requirements and advanced authentication and vendor providing a patch to having the patch applied authorization schemes (e.g. M of N / quorum to HSMs in the field, the window of vulnerability was authentication). HSMs, TPMs, and smartcard and weeks at best. token management systems typically provide audit TRUST logs. Cryptographic hardware solutions are purpose-built The potential for compromising keys via the breach to provide strong security based on comprehensive of systems authorized to use them, however, isolation of keys from external systems. Rigorous remains a major concern. Addressing this risk testing and certification processes provide further requires detection and response mechanisms that confidence that they conform to high security are not typically considered in the design of standards. hardware cryptography solutions. While cryptographic hardware solutions generally have The downside of these purpose-built high-security logs of crypto operations that can be used to detect hardware solutions is that if a vulnerability is anomalous or suspicious behavior, in practice this is discovered, the implications are enormous, raising difficult, cumbersome and not commonly done. questions about the foundations of our trust. However, years of field experience have shown that AGILITY beside a few security lapses along the way, overall The main limitation of hardware solutions is their the high-end HSM and smartcard market has a good lack of agility. Upgrades or fixes to deployed record of security, and trust in these solutions is hardware typically require physical access, and the high. deployment of new hardware involves even more significant efforts including manufacturing, Usability Assessment certification, shipping and manual replacement and Some IT platform and security vendors are making installation processes. Thus, when a security efforts to adapt traditional hardware crypto modules vulnerability is detected in hardware protection to cloud and virtualized environments. While the mechanisms, its mitigation can be detrimentally rationale is clear - dedicated hardware cryptography cumbersome, expensive and lengthy. The solutions have been the standard for high-security ramifications can be catastrophic because keys cryptographic key management and protection in remain exposed until hardware is replaced or fixed, the past decades - these solutions pose usability destabilizing affected organizations’ IT security challenges, particularly in modern digital foundations likely for months or even years. infrastructures. This is due to their inherent One example of a recently identified hardware limitations in agility, flexibility, scalability and security flaw is the Return of Coppersmith’s Attack automation capabilities. Tasks such as rapidly scaling (ROCA) vulnerability in a series of cryptographic key management resources to meet a sudden surge chips produced by Infineon Technologies AG. in service usage, introducing a service feature that Identified in late 2017, this vulnerability stems from involves a novel cryptography implementation, or a flaw in the implemented RSA key generation automating key lifecycle management processes for method and enables attackers to deduce private efficiency and security purposes, may be too costly keys generated on the chips from their associated and complex or even impossible for organizations to public keys (learn more in this blog post). The ROCA achieve. vulnerability affects millions of private keys in TPMs, smartcards, tokens, national IDs, and other devices produced with these chips embedded since 2012. The repercussions have been enormous; in Estonia, for example, 750,000 national ID cards were revoked due to the exposed vulnerability.

Copyright 2018, Unbound Tech Inc. 9 Hardware maintenance and upgrades are also authentication, where user convenience and IT lengthy and expensive processes, inhibiting the support aspects carry significant weight. In such adoption of these security methods. This is especially cases, organizations may opt for solutions that true for individual user-oriented use cases, such as provide the desired user experience even if it comes secure mobile consumer apps or strong at the expense of security.

Summary: Dedicated Hardware

SECURITY  USABILITY 

• Strong guarantee of non-extractability of keys • Lacking in scalability and functional flexibility with both physical and logical isolation • Challenging to install, maintain and upgrade; • Lacking in agility to address new security deployment and provisioning cannot be vulnerabilities and requirements automated • Low-end devices may be susceptible to key • Endpoint devices are complex to manage extraction via side-channel attacks

Software Tokens and Vaults Software-based key management and protection White-box cryptography implementations have been solutions provide an alternative to traditional shown to be susceptible to varied types of attack. hardware methods and offer the benefits of high One form of attack is to use cryptanalysis techniques usability, agility, and availability on multiple to extract private key material. To do this, an platforms, and simplified deployment and attacker would first need to reverse engineer the maintenance. However, experience thus far has obfuscated code in order to discern the source code. shown that the security mechanisms on which these solutions rely are easy to break.

Security Assessment Application Security NON-EXTRACTABILITY Application We mentioned above that dedicated hardware Crypto Library cryptography solutions provide strong guarantees of non-extractability based on physical and logical White-box isolation. Crypto Module The major challenge with software-based methods, in contrast, is to protect both the keys and the key protection platform from compromise in a shared environment where other software can run. Protection of keys from extraction is achieved using OS encryption, obfuscation techniques, white-box cryptography techniques which specifically obscure Device the key protection code (including key material) so that it cannot be read, and server and/or application Cryptographic key protection in software hardening methods. Copyright 2018, Unbound Tech Inc. 10 Another approach, which does not require in-depth Further, while hardware cryptographic devices expertise or knowledge of the code, is to apply a cannot be cloned, software methods do not have side-channel attack via an application running such protection: Code obfuscation and white-box alongside the key protection software on the same cryptography techniques cannot prevent the entire hardware platform. key protection software from being copied and The recent CHES 2017 Capture the Flag Challenge cloned. If an attacker succeeds in cloning the code, it provided clear testimony of the security weakness of can be used without extracting the key from the key white-box cryptography. In the challenge, protection software. researchers and developers were invited to submit AGILITY their white-box crypto implementations and attackers were invited to break the submitted Software-based cryptography solutions are agile, challenges by extracting the embedded key. Of 94 simplifying the issuance of fixes to discovered bugs challenges submitted, all were broken, mostly within and vulnerabilities as well as updates to implement the first day. The longest-lasting challenge was new cryptographic algorithms and protocols. broken after just 28 days, and this is more than twice TRUST as long as the runner-up. The appeal of a pure-software approach to key In conclusion, because software-based key management and protection has spawned protection methods have no clear guarantees of considerable industry effort to develop strong isolation, they are continually vulnerable to new software-based security measures, as described attacks which can be used to extract key material, above. However, experience shows that all such resulting in a constant “cat and mouse” situation. solutions to date have had very weak security. KEY USAGE CONTROL Like dedicated hardware solutions, software-based Usability Assessment key management and protection solutions typically Software-based cryptography solutions are flexible offer role-based access controls for administrative and scalable and can run on multiple hardware access and audit logging, but do not deliver platforms. Thus, they are well aligned with both advanced cryptographic key usage monitoring and BYOD implementations at the endpoint, and control features. virtualized services and applications in the data center and cloud.

Summary: Software Tokens and Vaults

SECURITY  USABILITY 

• Not isolated; vulnerable to cloning and key • Platform agnostic, supporting cloud, data center extraction via software attacks and endpoint devices • Keys are not always protected throughout their • Lightweight, scalable and flexible entire lifecycle • Easy and efficient to maintain • High agility

Environments One of the recent security-related developments in Possible attacks include cache-based, speculative computing is trusted execution environments (TEE). execution, page fault, and timing attacks. Market implementations include Intel Software Implementation of software “side-channel proofing” Guard Extensions (SGX) and ARM TrustZone. A TEE is techniques in the key protection software can help a designated space within a processor chip that mitigate the risk of such attacks. For example, serves as a secure enclave for data storage and ensuring that the running time of a cryptographic execution. Protections include logical isolation of the algorithm is constant regardless of the value of the TEE by prohibiting access to the TEE by external key can prevent key extraction using timing side- operating systems, encryption of data within the channel information. However, the development of enclave, and attestation that the code has not been such measures is a continual significant effort, and altered. complete protection from known attacks is very TEEs enable organizations to place sensitive difficult if not impossible. It is worth noting that applications and data within distributed computing there are multiple examples of the best side-channel environments in a secure manner, without having to safe code being broken, demonstrating that we are trust the underlying infrastructure. Because they are far from understanding what is required to achieve implemented in general-purpose chipsets, they this. Furthermore, there is no guarantee of security provide an elegant and versatile security solution for against yet-unknown side channels. Therefore, modern digital computing architectures including securing keys in a TEE is expected to remain a “cat externally-managed clouds. and mouse” situation with new fixes needed to Cryptographic key management and protection is address newly discovered side-channel attacks. one emerging application of TEEs. In this approach, One highly publicized recent finding is the Meltdown the key management software and keys reside and Spectre vulnerabilities discovered in the end of within the trusted environment. 2017. These vulnerabilities underscore both the increasing sophistication of attacks and the enormous challenges of overcoming security flaws in Rich Execution Trusted Execution hardware. They affect virtually all advanced Environment Environment microprocessors manufactured in the past 20 years, exploiting a feature called speculative execution—a

performance optimization technique in which code Key Client branches are processed before knowing if they are Management Application needed, and later discarded if not—to gain access to Application protected data residing in the chips.

Patching vulnerable devices has proven difficult, and

REE OS TEE OS in many cases not possible or feasible. While no Meltdown or Spectre attacks in the field have been reported to date, the prospect of such attacks Platform happening is inevitable as TEEs gain popularity and protect more lucrative assets. There is mounting Security Assessment evidence that attackers are already testing malware that exploits these bugs. And to make matters NON-EXTRACTABILITY worse, if a breach occurs it would very likely not be detected as these attacks leave no trace in logs. In theory, any data within the TEE should be protected from extraction. However, in contrast with Beyond Meltdown and Spectre, researchers have dedicated cryptographic hardware solutions, TEEs exposed numerous additional security flaws in run together with other software on general- trusted execution environments, specifically in Intel purpose processors, and are therefore vulnerable to SGX. key extraction via software side-channel attacks on shared resources in the hardware platform.

Copyright 2018, Unbound Tech Inc. 12 For detailed analysis on the security of SGX against TRUST side-channel attacks and the implications for Though TEEs offer numerous security features such practical applications, see the white paper: The as code encryption and integrity validation via Security of Intel SGX for Key Protection and Data remote attestation, their proven vulnerability to Privacy Applications. side-channel attacks - and yet-unproven ability to KEY USAGE CONTROL compensate for this vulnerability with side-channel- proof code - means that they do not provide a high- The TEE-based key management approach is still trust solution for uses where data privacy is critical, new to the market. Current implementations include such as cryptographic key protection. administrative access controls, tamper-proof audit logs, and system monitoring UI. How these offerings Usability Assessment develop is yet to be seen; on a technical level, adding advanced key usage control functionality should be In devices that have processors with trusted straightforward because the TEE is a flexible general- execution environments, deploying TEE-based key purpose enclave that can run any code. management is straightforward and offers a higher level of security than the software-based key AGILITY protection methods discussed in the previous TEE-based solutions provide agility for the key section. Because such implementation is subject to management and protection software running inside the availability of supporting processor hardware, the TEE since it can be updated easily. However, TEE however, this approach does not apply to all solutions are not agile with respect to the infrastructure environments or security use cases. cryptographic and other protections that they Unlike dedicated cryptography hardware solutions, themselves provide. For example, Intel SGX internal TEE deployments are based on common general- protections rely inherently on AES-128 and ECC, and purpose microprocessors and are developed with as such do not comply with post-quantum distributed hybrid cloud architectures in mind. When computing cryptography methods. This means that packaged as physical appliances for on-premises existing hardware will no longer be secure in the installation, however, these key management quantum computing era, and either a firmware solutions lose the elasticity, scalability and upgrade or more likely a full hardware replacement automation capabilities that are typically provided will be required. Implementing these solutions in a by common virtualized infrastructure. hybrid cloud architecture with different TEE would require separate development and maintenance efforts per platform, reducing agility.

Summary: Trusted Execution Environments

SECURITY  USABILITY 

• Keys are susceptible to theft via software side- • Available on servers and endpoint devices channel attacks • Requires infrastructure with supporting • High agility processors • Advanced protections (e.g. post-quantum) may be • Scalability, high availability and lifecycle limited by TEE constraints management capabilities

Copyright 2018, Unbound Tech Inc. 13 Multi-Party Computation Secure multi-party computation (MPC) is a subfield This approach supports all cryptographic algorithms of cryptography that started in the 1980s and is and functions; thus, keys can be used for varied use focused on solving this problem: How can two or cases without ever being united throughout their more parties to jointly compute a function over their entire lifecycles. inputs while keeping their respective inputs private? MPC-based key protection is implemented purely in The application of MPC to key management is based software. In this approach, the cryptographic on the idea that cryptographic keys can be split into security boundary extends beyond a single machine, random shares placed on separate machines, and spanning between different nodes that can be that these machines can jointly compute located in any cloud, data center, or endpoint. cryptographic functions using MPC protocols, Though MPC is not a new field, its use for key without either machine gaining any information on management and protection has only recently the other parties’ key shares. emerged due to recent advancements in the development and optimization of MPC protocols to make them efficient enough for commercial use.

Multi-Party Multi-Party Computation Computation

Server Server Server Endpoint

MPC-based key management on server and endpoint environments Security Assessment data centers, separate networks, data center and cloud, different clouds, or endpoint and cloud. NON-EXTRACTABILITY Nodes can also be dispersed geographically, preventing any single jurisdiction from enforcing MPC enables strong protection of keys backed by a the provision of keys to external parties via a mathematically proven guarantee that without court ruling or subpoena breaching all machines holding the key shares, keys cannot be compromised. Periodic refreshes of the • Software stack-based segregation - Using a key shares, implemented in a way that each different software stack for each node, placing subsequent key share reveals no information about the nodes on distinct platforms with different the previous ones, provide higher security because operating systems, development languages, and keys can be compromised only if the MPC machines security defenses are breached simultaneously. In addition to segregation between the nodes, The security of MPC-based key protection relies on security measures to prevent the key shares in each the principle of strong segregation between the MPC node from being extracted can be used as an nodes. This separation in achieved practically in additional layer of protection. In untrusted mobile numerous ways: devices that have a secure enclave or a trusted execution environment, for example, the endpoint • Credentials-based segregation - Using different MPC node can leverage the hardware: Hardware- access credentials for each node, or even generated keys can be used to encrypt the local key- assigning different administrators share (which contains no key material and is • Device-based segregation - Placing the nodes on meaningless in itself) and also to attest integrity to different machines. Very strong separation may the other MPC node. be achieved by locating the nodes in different environments, for example between separate

Copyright 2018, Unbound Tech Inc. 14 KEY USAGE CONTROL between MPC nodes at the endpoint and server, enabling tracking of all operations at the server side. MPC-based key management solutions enable administrative access controls, real-time tamper- MPC supports flexible, advanced authorization proof audit logs, and system monitoring capabilities, structures including quorum (M of N) authentication for both server-side and endpoint-side key for high-security cryptographic operations. The management. The ability to monitor cryptographic authorization mechanism can itself use MPC and key usage at the endpoint is unique to the MPC thus provide a secure cryptography-based access approach because key operations are performed control implementation.

Approvers Key Management

Quorum group 1 Auth. Policy

2 of 3 Endpoint Keys MPC Node AND Server Keys MPC Node Quorum group 2

1 of 3

Example of advanced authorization policy using MPC

In a similar manner, MPC key management TRUST techniques can be used for application access The MPC-based key management approach is still credentials such as client certificates, protecting early stage in the market, though other MPC them from exposure to prevent compromised applications have been deployed with a strong application access through stealing of the record of security. The protection of keys from credentials. extraction (unless all MPC nodes are breached One benefit of the MPC approach is that it enables simultaneously) is backed by rigorous mathematical instant revocation of keys via any one of the MPC proof. This security guarantee, combined with strong nodes, rendering a key useless simply by deleting the segregation between nodes which organizations can relevant key share. This method can be used to implement using a range of practical methods, make quickly stop unauthorized use of keys when MPC a high- trust solution for key management and detected, or to “forget” all private data associated protection. with an individual by deleting the data encryption Another security aspect unique to the MPC approach key share. is that keys may be used on any infrastructure while AGILITY the organization maintains full control of the keys. For example, in a public cloud implementation, one The MPC approach is pure software and updates are of the nodes can be in the cloud for integration with simple to apply. Updates can be implemented cloud services and apps, and the other node can be rapidly and with zero down-time. placed in another location under the organization’s Furthermore, both theoretical research and practical full control, such as the internal data center. This experience have shown that MPC is a feasible capability makes trust a non-issue because keys solution for varied cryptographic algorithms, keys, cannot be provided by an external party even in case and operations, including post-quantum computing of a subpoena. algorithms and advanced crypto applications.

Copyright 2018, Unbound Tech Inc. 15 Usability Assessment In terms of supporting today’s service delivery requirements, the MPC approach offers all the MPC-based key protection is platform agnostic benefits of software and virtualization: scalability, across server and endpoint devices, and can run in agility, automation, ease of deployment and any environment, including virtual machines and management. containers. It is also versatile and can support a wide range of use cases, including major emerging technologies such as cryptocurrency and IoT.

Summary: Multi-Party Computation

SECURITY  USABILITY 

• Mathematically proven security guarantee: key • Platform agnostic, supporting cloud, data center extraction requires simultaneous compromise of and endpoint devices two separate machines • High functional flexibility, ability to support • Advanced authorization schemes for usage control advanced use cases • High agility • Scalability, high availability and lifecycle management capabilities

Copyright 2018, Unbound Tech Inc. 16 Summary: Comparison of Key Management Methods Organizations have a range of options for protecting Trusted execution environments offer more and managing cryptogaphic keys, with significantly flexibility than traditional hardware solutions and different security and usability characteristics. provide a secure enclave for code storage and While traditional dedicated cryptographic hardware execution, but have been found vulnerable to data solutions provide strong guarantees of isolation and extraction via side-channel attacks, making them an field-proven robust protection, they lack the insecure means of key protection for medium- to scalability and agility that have become critical in the high-trust needs. Secure multi-party computation is digital era. Software solutions that rely on obscurity an emerging solution that provides strong security techniques and platform hardening to protect keys guarantees and features in a pure-software overcome the usability challenges but all implementation that conforms to modern digital implementations thus far have been broken easily. computing and hybrid cloud architectures.

Multi-Party Dedicated Computation

Hardware

Security Security

Clear Guarantee “Cat and Mouse” Zone Trusted Execution TEE Environment

Software Tokens and Vaults

Usability

Comparison of key management and protection methods

As digital transformation progresses, organizations must fortify the security foundations that will protect them in years to come. Among those foundations is cryptography, which will have an increasingly significant role in securing digital business assets and transactions over distributed IT infrastructures. Organizations should carefully assess their approach to protecting and managing keys as a core element of their cryptography implementation.

The pace of digital innovation is only growing. Along • What is the full scope of your IT infrastructure, with the wealth of opportunities and operational including data center, cloud and endpoint efficiency that the digital transformation promises to elements? deliver come significant challenges for IT security • What data and applications do you need to leaders. Security implementations need not only protect? What is their level of sensitivity? Where conform to major technology shifts such as cloud in your infrastructure do they reside? computing and IoT, but also provide adaptive protection against continually evolving and • What regulatory compliance requirements must increasingly sophisticated cyber threats. you address? As cryptography grows in scale and importance, • Which service providers’ services do you use, and companies will need to evaluate their enterprise key which key protection methods do they support? management strategies in light of the above • Are there any known plans for future changes to challenges. A range of key management solutions is your IT architecture? (e.g. geographic expansion, available today, with varied security and usability cloud migration, IoT, BYOD adoption) characteristics, and it is imperative for businesses to • What legacy infrastructure do you need to understand the implications of adopting each maintain? possible option. By basing their key management and protection Of course, beyond the key management solution technology choices on careful consideration of attributes, each business has its own practical alternative methods, organizations can achieve considerations to take into account. Following are optimal fit to their current and long-term business some factors that can help guide the evaluation of needs. key management options:

To learn more about key management and Unbound MPC-based solutions, please visit our web site: www.unboundtech.com