Cryptographic Key Management - the Risks and Mitigation

Rob Stubbs

Abstract

With the growing need for cryptography to protect digital assets and communications, the ever-present security
holes in modern computer systems, and the growing sophistication of cyber-attacks, it has never been more
important or harder to keep your cryptographic keys safe and secure.

A single compromised key could result in a massive data breach, resulting in reputational damage, punitive
regulatory fines, and a loss of investor and customer trust.

Introduction
Cryptography lies at the heart of the modern business - protecting electronic communications and financial
transactions, maintaining the privacy of sensitive data and enabling secure authentication and authorization.

The good news is that modern cryptographic algorithms, when implemented correctly, are highly-resistant to
attack – their only weak point is their keys. However, if a key is compromised, then it’s game over! This
makes such cryptographic keys one of your company’s most precious assets, and they should be treated as
such. The value of any key is equivalent to the value of all the data and/or assets it is used to protect.

There are three primary types of keys that need to be kept safe and secure:

1. Symmetric keys – typically used to encrypt bulk data with symmetric algorithms like 3DES or AES;
anyone with the secret key can decrypt the data
2. Private keys – the secret half of public/private key pairs used in public-key cryptography with
asymmetric algorithms like RSA or ECDSA; anyone with the private key can impersonate the owner
of the private key to decrypt private data, gain unauthorized access to systems or generate a fraudulent
digital signature that appears authentic
3. Hash keys – used to safeguard the integrity and authenticity of data and transactions with algorithms
like HMAC-SHA256; anyone with the secret key can impersonate the originator of the
data/transactions and thus modify the original data/transactions or create entirely false
data/transactions that any recipient will believe is authentic

Key Management Risks - What dangers await?

There are many threats that can cause a key to be compromised. Most of the time, you won't know the key has
been compromised until the attacker uses it, which makes the threats even more dangerous. Here are some of
the biggest dangers to think about:
Weak keys
A key is essentially just a random number – the longer and more random it is, the more difficult it is to crack. The
strength of the key should be appropriate for the value of the data it is protecting and the period of time for which it
needs to be protected. The key should be long enough for its intended purpose and generated using a high-quality (ideally
certified) random number generator (RNG), ideally collecting entropy from a suitable hardware noise source.
There are many instances where poor RNG implementation has resulted in key vulnerabilities.

Incorrect use of keys

Bukc/Spr23/IS MI Page 1 of 4
Each key should be generated for a single, specific purpose (i.e. the intended application and algorithm) – if it is used
for something else, it may not provide the expected or required level of protection.

Re-use of keys
Improper re-use of keys in certain circumstances can make it easier for an attacker to crack the key.

Non-rotation of keys

If a key is over-used (e.g. used to encrypt too much data), then it makes the key more vulnerable to cracking, especially
when using older symmetric algorithms; it also means that a high volume of data could be exposed in the event of key
compromise. To avoid this, keys should be rotated (i.e. updated / renewed) at appropriate intervals.

Inappropriate storage of keys

Keys should never be stored alongside the data that they protect (e.g. on a server, database, etc.), as any exfiltration of
the protected data is likely to compromise the key also.

Inadequate protection of keys

Even keys stored only in server memory could be vulnerable to compromise. Where the value of the data demands it,
keys should be encrypted whenever stored and only be made available in unencrypted form within a secure, tamper-
protected environment and even (in extreme cases) kept offline.

There have been a number of vulnerabilities that could expose cryptographic keys in server memory including
Heartbleed, Flip Feng Shui and Meltdown/Spectre.

Insecure movement of keys

It is often necessary to move a key between systems. This should be accomplished by encrypting (“wrapping”) the key
under a pre-shared transport key (a key encryption key, or KEK), which may be either symmetric or asymmetric. Where
this is not possible (e.g. when sharing symmetric transport keys to bootstrap the system), the key should be split into
multiple components that must then be kept separate until being re-entered into the target system (and then the
components are destroyed).

Non-destruction of keys

Keys should be destroyed (i.e. securely deleted, leaving no trace) once they have expired, unless explicitly required for
later use (e.g. to decrypt data). This removes the risk of accidental compromise at some future date.

Insider threats (user authentication, dual control, segregation of roles)

One of the biggest classes of threat that a key faces is insider threats. If a rogue employee has unfettered access to a key,
they might use it for a malicious purpose or pass it onto someone else to the same end.

Lack of resilience

Not only must the confidentiality and integrity of keys be protected, but also their availability. If a key is not available
when required, or worse still lost due to some fault, accident or disaster with no backup available, then the data it is
protecting may also be inaccessible / lost.

Lack of audit logging

Bukc/Spr23/IS MI Page 2 of 4
If the key lifecycle is not fully recorded or logged, it will be more difficult to identify when a compromise has happened
and any subsequent forensic investigation will be hampered.

Manual key management processes

The use of manual key management processes, using paper or inappropriate tools such as spreadsheets and accompanied
by manual key ceremonies, can easily result in human errors that often go unnoticed and may leave keys highly
vulnerable.

Mitigating the threats

So, what can be done to counter these threats and keep your keys (and your company) safe?

The only effective way to mitigate these threats is to use a dedicated electronic key management system, ideally a mature,
proven solution from a reputable provider with good customer references. Any such key management system should
utilize a hardware security module (HSM) to generate and protect keys, and to underpin the security of the whole system.
If well-designed, such a system will offer the following benefits:

 Full lifecycle management of keys

 Generation of strong keys using a FIPS-certified RNG and hardware entropy source
 Protection of keys using a tamper-resistant HSM
 Strict policy-based controls to prevent the misuse/reuse of keys
 Automatic key rotation
 Automatic secure key distribution
 The ability to securely import/export keys in components or under a transport key
 The ability to securely destroy keys at the end of their lifecycle
 Strong user authentication, segregation of duties, and dual control over critical operations
 Intuitive user interface and secure workflow management to minimize the risk of human error
 Support for high-availability and business continuity
 Tamper-evident audit log, usage log and key histories for demonstrating compliance
 Ability to respond quickly to any detected compromise

Not only will such a system help protect your keys, it will also boost efficiency, reduce reliance on highly-skilled
personnel, and simplify achieving, maintaining and demonstrating compliance with a multitude of standards and
regulations such as GDPR, PCI-DSS, HIPAA, SOX and ISO 27001.

The biggest danger of all …

The impact of a key compromise can be substantial:

 Forensic investigation costs

 Remediation costs
 Loss of sensitive information (e.g. industry secrets)
 Loss of competitive advantage
 Direct financial losses (e.g. illegitimate financial transactions)
 Litigation
 Compensation to customers
 Fines
 Loss of reputation
 Loss of business
 Reduction in share price
 Dismissed executives
 Business closing down (as has been the result of some other data breaches)

Bukc/Spr23/IS MI Page 3 of 4
Reference:

https://www.cryptomathic.com/news-events/blog/cryptographic-key-management-the-risks-and-mitigations

Bukc/Spr23/IS MI Page 4 of 4