Presentation is loading. Please wait.

Presentation is loading. Please wait.

KMIP 1.3 SP800-130 Issues Joseph Brand / Chuck White / Tim Hudson December 12th, 2013 1.

Similar presentations


Presentation on theme: "KMIP 1.3 SP800-130 Issues Joseph Brand / Chuck White / Tim Hudson December 12th, 2013 1."— Presentation transcript:

1 KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,

2 Observations in Storage/Applications Sensitive Data for Government/Proprietary Use US Government utilizations – Multi-level sensitivity can translate into classification (FOUO, S, TS, etc) – Application of attributes with encryption keys for Data at Rest, COMSEC, and TRANSEC – Using classification amongst other attributes to associate with encryption keys based on classification usage of the encrypted data – From a Server/Distribution perspective - attributes inform workflow for key lifecycle activities to include distribution and management functions. – Attributes have security requirements as well as the data associated with the attributes – Examples include collaboration systems, reporting systems, and data feeds for collected information, communications services, and data transport infrastructure. Technology implementation – Focuses on associating generating keys based on attributes and keeping the attributes associated with unencrypting the information for future use – Attributes inform key distribution workflow – Attributes inform communications services how the key is used as a component of an End Cryptographic Unit (ECU) or similar communications/transmission security component. Note that this approach has implications for commercial use as well – Focus on Data at Rest, Communications, and Transmission Security for: Proprietary information Healthcare information Personal Information

3 SP Requirements 6.7 Restricting Access to Key and Metadata Management Functions This section describes how access to the key and metadata management functions may be controlled. The requesting entity may be authenticated, and human exposure to keys and other sensitive metadata may be prevented or severely restricted Controlling Human Input If a key management function requires the human input of keys or sensitive metadata, then there is a dependence on the human for the accuracy and perhaps the security of the input. 6.8 Compromise Recovery In an ideal situation, the CKMS would protect all keys and sensitive metadata so that they are never compromised or modified by unauthorized parties. 3

4 SP Requirements Metadata Compromise Depending on the metadata element and how it is used, the compromise of a metadata element could result in the compromise of a key or the data protected by a key. For example, a metadata element of a symmetric encryption/decryption key could be a list of identities corresponding to the legitimate users of the key. The Access Control System verifies the authenticated identity of the user against the metadata element to determine whether the user is permitted to exercise the decrypt function and thus obtain plaintext data. If the metadata element could be modified to add an unauthorized user to the list of authorized users, then the encrypted data could be compromised. If different keys have common metadata elements, then the compromise of one metadata element could compromise the data protected by each of the keys. Metadata elements that are sensitive to unauthorized modification should be cryptographically bound to their associated keys so that the integrity of the metadata can be easily verified. 4

5 Draft SP Requirements Profile Table (row 4) FRAMEWORK TOPIC BASE AUGMENTED FUTURE 5 Not covered in the Framework Key and metadata sensitivity Low, Moderate or High (Low) Moderate or High (Moderate) Multi-Level Security: Low, Moderate, and High

6 Observations SP implies that certain metadata can be as sensitive as the key material. Draft SP indicates multi-level sensitivity (low, moderate, high). Deployed KMIP client usage indicates that clients are placing sensitive information in custom attributes. Specification of attributes within a KeyValue that are “encapsulated with (and possibly wrapped with) the key material itself” is not well defined and not covered in any current test case or profile. SP notes “a metadata element of a symmetric encryption/decryption key could be a list of identities corresponding to the legitimate users of the key” encompassing access control within the general model. 6

7 Summary KMIP 1.0, 1.1, and 1.2 do not explicitly address sensitive metadata (leaving it to the implementation to handle transparently from the user [client]). KMIP 1.0, 1.1, and 1.2 address sensitive key material by allowing: Get specifying a wrapping key Register specifying a wrapped key (which the server may or may not have access to the wrapping key) KMIP 1.3 should address sensitive meta data by allowing: GetAttributes specifying a wrapping key Register specifying wrapped attributes (which the server may or may not have access to the wrapping key) Note that workflow associated with interpretation of attributes is outside the KMIP specification. 7


Download ppt "KMIP 1.3 SP800-130 Issues Joseph Brand / Chuck White / Tim Hudson December 12th, 2013 1."

Similar presentations


Ads by Google