As awareness around data security and protection measures has proliferated through the enterprise and into the board room, encryption at-rest has become table stakes.
But any strong encryption scheme is only as secure as the key management practices associated with it. If the implementation of key management isn't done in a cryptographically secure manner, the security of the entire system or application will be greatly compromised.
The first major consideration selecting an encryption algorithm that's appropriate for the task at-hand.
For example, hash functions are one-way functions generate a small digests from a large input and are frequently used for authentication and integrity checking.
Symmetric-key algorithms (e.g. AES) are used to encrypt/decrypt data, provide confidentiality, and ensure integrity (e.g. authenticated modes for AES). Algorithms such as AES or Salsa20 are very good options if there is only one user of the data.
Asymmetric-key algorithms employ a key pair (a public and private key) to perform encryption and decryption. Though generally slower than symmetric-key algorithms, they alleviate key exchange challenges when there are multiple users of the data and enable cryptographic signing. Commonly used algorithms include RSA, ElGamal, and ECIES.
After selecting the appropriate algorithm, the second decision is setting the key strength. This will determine the resistance of your encryption regime to computational attacks.
Brute force attacks attempt to run through the entire key space. However, these attacks can be rendered impractical by increasing the key length.
For example, with a key of length
n bits, there are
2^n possible keys and the possible key space grows exponentially with
n. While 128-bit keys are widely considered out of reach for conventional brute force techniques, quantum computing advances may change this, which is why AES supports 256-bit keys.
Key Management Lifecycle
Once you've determined the appropriate encryption algorithm and key strength, you need to consider implementation. This includes how to generate keys, how to distribute them, and where to store them.
Keys should be generated in cryptographic modules (ideally, with at least FIPS 140-2 certification) and a hardware security module (HSM) is strongly preferable to a software module.
Key Storage and Distribution
Ideally, keys will never leave the HSM. All encryption, decryption, and sigining logic should occur inside the HSM. However, if it's necessary to transport the keys, only secure channels should be used.
A major caveat is that keys should be adequately backed up. Losing an encryption key of sufficient strength is equivalent to losing the entire data set encrypted by that key, which is arguably worse than the data breaches you're trying to protect against. So make sure to backup your keys and escrow your key material!
It's important to rotate keys regularly to protect against key leakage and ensure proper key hygiene. People with key access leave organizations, master keys may be compromised for a number of reasons, and internal security policies and compliance frequently require it.
A more detailed discussion of key rotation best practices, particularly in the context of Hadoop, can be found in our Key Rotation Best Practices in Hadoop.
Implementing a proper encryption regime is a relatively complicated process that includes selecting an appropriate encryption algorithm, determining the required key strength, and managing the lifecycle of keys - all of which are vital to ensuring an adequate level of security for your organization.