When we think about cryptography, we tend to think in black and white. Cryptography feels definitive, binary, clear-cut. Data is either encrypted or it isn’t, readable or not – useful or useless. Digital signatures either validate or they don’t – messages are authentic or not. And digital certificates can be authenticated or they can’t. You get my point, there’s no middle ground – data isn’t half encrypted – there’s no shades of grey.
Regulators jumped on this apparent clarity. Things that are true or false can be easily written into requirements and laws and are easily audited. Think about data breach disclosure laws – the obligation to tell people when you lose their data. In almost all cases only one exemption is allowed – if the data in encrypted then you are off the hook. The presumption is that even though the data was lost its useless to anyone who finds it or stole it, so there’s no problem.
But few things in life are so cut and dry. Other than life and death, most things hover somewhere between good and bad, or working and broken. In the world of IT security, we see shades of grey everywhere; Malware might be spotted, firewalls might stop attacks, logs might get examined and alarms might be responded to. Almost all security tools are situational, far too mushy to be embodied in laws and regulation – instead they land in the vague world of best practice. The bad news is that crypto is no different.
But hang-on – there really aren’t that many choices with crypto, right? We all know the standard list of algorithms (AES, RSA, EEC etc.). It’s a pretty short list, who can name more than 5? Anyone that strays from the list is asking for trouble and it only changes once every 10 years or so – it really isn’t that hard to track. Then there’s key size, but again there’s not much room for choice. They normally come in convenient powers of 2 and there’s only a few viable options when you factor in performance impact and the guidance from bodies such as NIST. So where’s the shades of grey? It’s all about the keys.
In reality there is far more scope for disastrous decisions when it comes to key management. This is when crypto actually does become binary. If the attacker gets the key, the game is up. Security evaporates in an instant – no half measures. Sure, some keys might only yield a single message, but some are used for years, protect enormous volumes of data or guard intellectual property that can bring down a whole company it ever exposed.
Key management is more about processes and people than algorithms and standards and this is where the shades of grey creep in. Attackers can steal keys, control keys, guess keys or calculate keys. Each of these threats deserves a blog all to itself but at a high level I’ll make a grand statement: stealing and controlling keys gets harder over time while guessing and calculating keys gets easier over time. Let me explain. We ought to be able to agree that our enormous investment in security tools and education every year really should be making it harder to steal keys (if not, why are we bothering?). But, on the other hand, calculating keys must inevitably get easier over time if only because computers get faster and attackers get smarter – that’s why we periodically increase key length. This is also the reason for the paranoia about quantum computers, which, it turns out are likely to be very good at calculating keys.
All of these threats to keys reduce the effective security of crypto systems. Even though you may be using AES with keys that each have 256 bit doesn’t mean you have 256 bits of “effective security.” If those keys aren’t perfectly random or if they have been exposed then your effective security could be way lower and, what’s even more important, you would never know. Just because your car has four wheels doesn’t make it safe to drive!
The current debate about the use of encryption by terrorists is another good example of how law enforcement agencies would really like the ability to reduce the effective security of encryption – without changing the algorithm or key length. The challenge of course is to guarantee that the backdoor is perfectly discriminating when it comes to who can exploit the weaker effective security.
Backdoors or not, we’re already starting to see a steady trickle of attacks against keys and it can only get worse. For years, there has been plenty of unencrypted data for attackers to steal, so why bother trying to crack the encrypted stuff. Going forward, even the low hanging fruit will be encrypted. Sometime soon attackers will be faced with a simple decision: go and get a proper job or try to figure out how to crack crypto – my guess is they will chose the latter. The big question is whether they will be successful? The days of taking crypto for granted are over. Key management is an essential organizational process and the tools to generate and protect keys represent critical security infrastructure and should be treated as such.