56
Tim Hudson – CTO – Cryptso2 [email protected] GS13A 19-May-2016 1:35pm MulG-Vendor Key Management with KMIP
KeyManagement01000011010100100101100101010000010101000101001101001111010001100
3
Key Management Standards
q NSA EKMS
q OASIS EKMI
q ANSI X9.24
q IEEE P1619.3
q OASIS KMIP
q IETF KEYPROV
q NIST SP 800-57
q NIST SP 800-130
q NIST SP 800-152
q ISO 11770
4
FIPS 140-2 Key Management
5
NIST SP 800-130 CKMS
6
NIST SP 800-152 Federal KM Profile
OASISKeyManagementInteroperabilityProtocol01000011010100100101100101010000010101000101001101001111010001100
8
MulG-Vendor–SingleIntegraGon
ServerA
Client
ServerB ServerC ServerD
Network
VendorProtocol-AVendorProtocol-BVendorProtocol-CVendorProtocol-D
ServerA
Client
ServerB ServerC ServerD
Network
KMIP
PriortoKMIPeachapplicaGonhadtosupporteachvendorprotocol
WithKMIPeachapplicaGononlyrequiressupportforoneprotocol
9
MulG-Vendor–SingleIntegraGon
Positive
Negative § Single Integration with single SDK
§ Common vocabulary
§ Greater choice of technology providers
§ “Free” interoperability without point-to-point testing
§ Have to actually follow a standard
§ Vocabulary may not match current usage
§ May need to implement more than is strictly necessary
§ No control over end-user integration
KMIPAdopGon–KMIPembeddedinmajorenterpriseproducts
InfrastructureandSecurity
§ KeyManagers
§ Hardwaresecuritymodules
§ Encryp7onGateways
§ Virtualiza7onManagers
§ VirtualStorageControllers
§ NetworkCompu7ngAppliances
Cloud
§ KeyManagers
§ CompliancePlaAorms
§ Informa7onManagers
§ EnterpriseGatewaysandSecurity
§ EnterpriseAuthen7ca7on
§ EndpointSecurity
Storage
§ DiskArrays,FlashStorageArrays,NASAppliances
§ TapeLibraries,VirtualTapeLibraries
§ Encryp7ngSwitches
§ StorageKeyManagers
§ StorageControllers
§ StorageOpera7ngSystems
KMIPProtocolOverview01000011010100100101100101010000010101000101001101001111010001100
KMIPProduct&TechnicalDetails–KMIPisastandardwireprotocol
KeyClient
API
InternalRepresentaGon
KMIPEncode
Transport
KMIPDecode
KeyServer
API
InternalRepresentaGon
KMIPEncode
Transport
KMIPDecode
MessageFormat
TLSv1.0orabove
13
KMIPFundamentals
CoreConcepts§ BaseObjects
§ Protocolbuildingblocksandparameterencoding§ ManagedObjects
§ CoreconceptsmanagedbyKMIP§ CryptographicManagedObjects(objectswithkeymaterial)
§ APributes§ Detailsrelatedtooraboutamanagedobject
§ Client-to-ServerOpera7ons§ Opera7onsclientscansendinrequeststoservers
§ Server-to-ClientOpera7ons§ Opera7onsserverscansendinrequeststoclients
§ MessageContentsandMessageFormats§ RequestandResponseprotocolmessages
§ MessageEncoding§ BinaryTag-Type-Length-Value
§ Authen7ca7on§ SeeProfiles(ClientCer7ficates)
§ Transport§ SeeProfiles(TLSv1.0orTLSv1.2)
OASISKMIP-ProtocolConcepts
ManagedObjectshavea“Value”§ Valueissetatobjectcrea7on§ Valuecannotbechanged§ Valuemaybe“incomplete”§ Valuemaybeinvaryingformats
ManagedObjectshaveasetof“A[ributes”§ EveryaPributehasastringname§ EveryaPributehasatype§ Maybesimpletypesorcomplextypes§ Somesetbyserveronceandcannotbechanged§ Somesetbyclientonceandcannotbechanged§ Mostaresingleton(onlyoneinstance)§ Serverdefinednon-standardextensionsareprefixedwith“y-”intheirstringname§ Clientdefinednon-standardextensionsareprefixedwith“x-”intheirstringname
OASISKMIP-ProtocolConcepts
ManagedObjectshavean“ObjectType” § Cer7ficate§ SymmetricKey§ PublicKey
§ PrivateKey§ SplitKey§ Template
§ SecretData§ OpaqueObject§ PGPKey1.2
A[ributesforallManagedObjects§ UniqueIden7fier§ ObjectType§ Ini7alDate
A[ributesforManagedCryptographicObjects§ CryptographicAlgorithm§ CryptographicLength§ CryptographicUsageMask§ Digest
OASISKMIP-ProtocolConcepts
A[ributesforManagedCerGficateObjects§ Cer7ficateType§ Cer7ficateLength§ X.509Cer7ficateIden7fier
§ LastChangeDate§ LeaseTime§ State*
§ Ac7va7onDate§ ProcessStartDate§ ProtectStopDate§ CompromiseOccurrenceDate
§ X.509Cer7ficateIssuer§ X.509Cer7ficateSubject
ManagedObjectLife-cycleState§ AdoptedfromNISTSP800-57§ Handledin“State”APribute§ Transi7onsviaOpera7onsorpre-settriggers§ Datesoftransi7onsrecordedasAPributes
StateA[ribute§ Pre-Ac7ve§ Ac7ve§ Deac7vated
OASISKMIP-ProtocolConcepts
DateA[ributes§ Ini7alDate§ DestroyDate§ LastChangeDate§ ArchiveDate§ Ac7va7onDate§ Deac7va7onDate
§ Compromised§ Destroyed§ DestroyedCompromised
§ CompromiseDate§ CompromiseOccurrenceDate§ ProcessStartDate§ ProtectStopDate§ ValidityDate§ OriginalCrea7onDate1.2
MessageEncoding§ BinaryTag-Type-Length-Valueformat§ Op7onalJSONandXMLencodinginKMIP1.2
OASISKMIP-ProtocolConcepts
42 00 2C 05 00 00 00 04
00 00 00 0C
Tag Type Length
Value
Cryptographic Usage Mask = Encrypt | Decrypt
OASISKMIP-ProtocolConcepts
TTLV Encoding
OASISKMIP-ProtocolConcepts
XML Encoding (optional KMIP1.2 addition)
OASISKMIP-ProtocolConcepts
JSON Encoding (optional KMIP1.2 addition)
ImplementaGonErrors01000011010100100101100101010000010101000101001101001111010001100
23
ImplementaGonErrors
Simple implementation errors
q Invalid Padding
q Invalid Encoding
q Invalid Tag Values
q Invalid Field Order
q Invalid TLS usage
q Missing Mandatory
q Mandating Optional
q Invalid sign
24
ImplementaGonErrors
Compleximplementa7onerrors
q CoreconceptsomiPed
q Specialinterpreta7onadded
q Conceptualconfusion(Templates)
q Unusualfeaturesetselec7on
q Assumedmessagesequencesandcontent
25
ImplementaGonErrors
Simpleinvalidencodingerrors
q Thespecifica7onincludescleartextonencoding
q Thespecifica7onincludesexamplesofeachencoding
q TheKMIP1.0TestCasesincludethehexadecimalrequestandresponsesequences
q Almosteveryvendorgetsoneormoreoftheencodingitemswrong
26
ImplementaGonErrors
9.1.1.3ItemLength
AnItemLengthisa32-bitbinaryinteger,transmi5edbig-endian,containingthenumberofbytesintheItemValue.
Data Type Structure Integer Long Integer Big Integer Enumeration Boolean Text String Byte String Date-Time Interval
Length Varies, multiple of 8 4 8 Varies, multiple of 8 4 8 Varies Varies 8 4
If the Item Type is Structure, then the Item Length is the total length of all of the sub-items contained in the structure, including any padding. If the Item Type is Integer, Enumeration, Text String, Byte String, or Strings SHALL be padded with the minimal number of bytes following the Item Value to obtain a multiple Value.
Actual Implementation Errors q Nopaddingq Paddingbeforeratherthanatendof
valueq Paddingmissingforsometypesq Paddingaddedfortypesthatdonot
requirepadding
27
ImplementaGonErrors-SoluGon
Simpleinvalidencoding
q Acceptthataddingmorespecifica7ontextdoesnotfixthisissue
q Acceptthataddingmoreexamplesofencodingarethesameasaddingmorespecifica7ontext–theyaresimplyeithernotreadornotreadcarefully
q Acceptthattestcasesseemtobeignoredmoreofenthantheyareused
28
ImplementaGonErrors-SoluGon
Simpleinvalidencodingerrors
Testinteroperabilitybetweenimplementa7ons
q Moreplug-fests
q Moreinterop-events
q Moretestsdefinedinmoreapproachablemanner
q Formalconformancetes7ngprogram
i.e.moreeventsandwiderscope
29
ImplementaGonErrors
Specialinterpreta8onorconceptualconfusion
Addingseman7csthatdon’texist–leapingbeyondthespectonon-interoperablesolu7ons
q UsingTemplatesforpolicymanagement
q Automa7callycrea7ngobjectsduringsearch
q IgnoringPasswordfields(acceptanything)
q RequiringNames
q ForcingrestrictedsetofcharactersinNames
30
ImplementaGonErrors-SoluGon
Specialinterpreta8onorconceptualconfusion
q DeprecatedTemplatesasofKMIP1.2
q Requireexplicitindica7onforcreate-when-searchingifreallynecessary
q AddingAlternateNameand“vendoreduca7on”
q Expandingtes7ngofNameswhichexceedarbitraryrestric7ons(spaces,punctua7on,etc)
q Moretestcasesandprofiles
q Flexibleinterpreta7oninservers
31
ImplementaGonErrors
Assumedmessagesequencesandcontent
PaPernmatchingratherthanunderstanding
q Ignoringmostofthemessagecontent
q Assumingfixedlistoffieldsinfixedorderfornon-orderedlists
q Assumingfixedsequenceofrequest/responseitems
q Pre-cannedresponseswithminimalsubs7tu7on
q Ignoringprotocolversioninforma7on
32
ImplementaGonErrors-SoluGon
Assumedmessagesequencesandcontent
q Detectthissortofimplementa7on
q Determinelimita7onsoftheapproach
q Expandontes7ngtorequiremoreseman7cprocessingratherthansimplesyntax
q Moretestcasesandprofiles
SNIAKMIPConformanceTesGng01000011010100100101100101010000010101000101001101001111010001100
34
KMIPConformanceTesGng-Intent
q TheSNIASSIFlaunchedtheprogramtoenableorganiza7onstoshortlistvendorKMIPsolu7onsbasedonsupportforspecificusagescenarios
q Enablesorganiza7onstoverifyvendorclaims
q Valueprovidedbyatrulyindependenttestteam
35
KMIPConformanceTesGng-Profiles
TheKMIPTCdefinesProfiles
q Norma7vedocumentsspecifyingtheminimumsetoffunc7onalitytobesupported
q Containexpectedrequestsandresponses
q Coverarangeofdeploymentscenarios
§ AdvancedCryptographic1.2§ AdvancedSymmetricKeyFoundryAsymmetricKeyLifecycle
§ BaselineClient&ServerBasic§ BaselineClient&ServerTLSv1_2§ BasicCryptographic1.2
§ StorageArrayWithSED§ Suite-BMinLOS_128§ Suite-BMinLOS_192§ SymmetricKeyLifecycle§ TapeLibrary§ CompleteServer
§ BasicSymmetricKeyFoundry§ HTTPS,JSON,XML§ IntermediateSymmetricKeyFoundryOpaqueManagedObjectStoreRNGCryptographic1.2
Profiles
36
KMIPConformanceTesGng–Method
q Implementa7onsaremadeavailabletothetestteam
q TestteamoperatesundertheSSIF’sdirec7onbuttes7nginforma7oniskeptcompletelyconfiden7al
q Resultsarepublished(withtes7ngorganiza7on'sconsent)oncomple7onoftes7ng.
37
KMIPConformanceTesGng–ClientProcess
Customer Client SSIF Test Infrastructure
38
KMIPConformanceTesGng–ServerProcess
Customer Server SSIF Test Infrastructure
39
KMIPConformanceTesGng–Results
Snapshot taken from : http://www.snia.org/forums/SSIF/kmip/results
40
KMIPConformanceTesGng–Results
q Testresultsarepublished(withcustomer’spermission
q Resultsremainconfiden7altocustomerandtestteamun7lresultsarepublished
q Onlysupportedprofilesappearontheresultspage(failuresand/ornon-supportedprofilesarenotstated).
KMIPProduct&TechnicalDetails01000011010100100101100101010000010101000101001101001111010001100
DiskArrays,FlashStorageArrays,NASAppliances,StorageOperaGngSystems§ Vaul7ngmasterauthen7ca7onkey§ Cluster-widesharingofconfigura7onselngs§ SpecificUsageLimitschecking(policy)§ FIPS140-2externalkeygenera7on(create,retrieve)§ Mul7-versionkeysupportduringRekey§ Backupandrecoveryofdevicespecifickeysets
TapeLibraries,VirtualTapeLibraries§ Externalkeygenera7on(create,retrieve)§ FIPS140-2externalkeygenera7on(create,retrieve)§ Mul7-versionkeysupportduringRekey
EncrypGngSwitches,StorageControllers§ Vaul7ngdeviceorportspecificencryp7onkeys§ Cluster-widesharingofconfigura7onselngs§ SpecificUsageLimitschecking(policy)
KMIPusageacrossproducttypes
KeyManagers§ KeyandotherObjectVault(store)§ KeyandotherObjectCreator(generate)§ SecureCryptographicOpera7ons(use)§ PolicyEnforcementforAccess§ PolicyEnforcementforOpera7onUsage§ AuditandComplianceManagement§ Cross-deviceandcross-applica7oncoordina7on§ Useranddeviceauthen7ca7onenforcement§ Mul7-tenancyandmul7-jurisdic7onalenforcement
EncrypGonGateways,VirtualisaGonManagers§ Vaul7ngdevice,portoruserspecificencryp7onkeys§ Externalkeygenera7on(create,retrieve)§ Cluster-widesharingofconfigura7onselngs§ SpecificUsageLimitschecking(policy)
KMIPusageacrossproducttypes
CompliancePlaborms,InformaGonManagers,EnterpriseSecurity§ PolicyEnforcementforAccess§ PolicyEnforcementforOpera7onUsage§ AuditandComplianceManagement§ Cross-deviceandcross-applica7oncoordina7on§ Useranddeviceauthen7ca7onenforcement§ Mul7-tenancyandmul7-jurisdic7onalenforcement
EndpointSecurity§ Vaul7ngdevice,portoruserspecificencryp7onkeys§ Externalkeygenera7on(create,retrieve)§ Cluster-widesharingofconfigura7onselngs§ SpecificUsageLimitschecking(policy)
KMIPusageacrossproducttypes
HardwareSecurityModules(HSM)§ KeyandotherObjectVault(store)§ PolicyEnforcementforAccess§ PolicyEnforcementforOpera7onUsage§ AuditandComplianceManagement§ Mul7-tenancyandmul7-jurisdic7onalenforcement§ Keymanagement/HSMgateways
AuthenGcaGonandIdenGtyManagement§ Vaul7nguserspecificinforma7on§ Externalauthen7ca7onstorageandgenera7on§ Valida7onofauthen7ca7onformul7-protocolsupportover
KMIP
KMIPusageacrossproducttypes
KeyManagementServersandHardwareSecurityModules(KMSandHSM)
01000011010100100101100101010000010101000101001101001111010001100
HardwareSecurityModules(HSM)§ StandardAPIs
§ PKCS#11,JavaJCE,MicrosofCryptoAPI(CSP,CNG)§ Vendorproprietaryextensions
§ Typicallyrequiredformanycontexts
§ Vendorproprietarynetworkprotocols§ LimitedplaAormsupport
§ Generallyasmallsubsetofapplica7onplaAorms§ Typicallynowebbasedserveradministra7on§ UsuallyFIPS140-2level2orlevel3validated§ Generallyratherlimitedon-devicestorage
KeyManagementServers(KMS)§ Standardnetworkprotocols§ BroadplaAormsupport
§ networkprotocolandSDKsfrommul7plevendors§ Generallywebbasedserveradministra7on§ OfenFIPS140-2level2orlevel3validated§ Typicallymul7-tenant§ Generallyalmostunlimitedon-devicestorage
KeyManagementServersandHardwareSecurityModules
DeploymentModelsforHSMonlyclient§ PKCS#11API§ StandaloneHSM§ HSMwithon-boardKMS§ HSMwithlinkedKMS
KeyManagementServersandHardwareSecurityModules
PKCS#11Client
PKCS#11Client KMIP
PKCS#11Client
DeploymentModelsforKMSonlyclient§ KMIPProtocol§ StandaloneKMS§ KMSwithon-boardHSM§ KMSwithlinkedHSM
KeyManagementServersandHardwareSecurityModules
KMIPClient
KMIPClient
KMIPClient PKCS#11
DeploymentModelsforKMS+HSMclient§ PKCS#11APIandKMIPProtocol§ StandaloneHSM§ HSMwithon-boardKMS§ HSMwithlinkedKMS§ StandaloneKMS§ KMSwithon-boardHSM§ KMSwithlinkedHSM§ HSMwithnon-linkedKMS§ KMSwithnon-linkedHSM
KeyManagementServersandHardwareSecurityModules
KMIP
Client
KMIP
Client
KM
IP
PKCS#11
ExtraBonusSlides…
01000011010100100101100101010000010101000101001101001111010001100
53
FIPS140-2 Module Certificates by Lab
53
54
FIPS140-2 Module Certificates by Lab
54
55
FIPS140-2 Module Certificates by Year & Level
55
56
FIPS140-2 Module Certificates by Year & Level
56
