MulG-Vendor Key Management with KMIP

Transcription

1 MulG-Vendor Key Management with KMIP Tim Hudson CTO Cryptso2 GS13A 19-May :35pm

2 Key Management

3 Key Management Standards q NSA EKMS q OASIS EKMI q ANSI X9.24 q IEEE P q NIST SP q NIST SP q NIST SP q ISO q OASIS KMIP q IETF KEYPROV 3

4 FIPS Key Management 4

5 NIST SP CKMS 5

6 NIST SP Federal KM Profile 6

7 OASIS Key Management Interoperability Protocol

8 MulG-Vendor Single IntegraGon Client Client Vendor Protocol - A Vendor Protocol - B Vendor Protocol - C Vendor Protocol - D KMIP Network Network Server A Server B Server C Server D Server A Server B Server C Server D Prior to KMIP each applicagon had to support each vendor protocol With KMIP each applicagon only requires support for one protocol 8

9 MulG-Vendor Single IntegraGon Positive Single Integration with single SDK Negative Common vocabulary Greater choice of technology providers Free interoperability without point-to-point testing Have to actually follow a standard Vocabulary may not match current usage May need to implement more than is strictly necessary 9

10 KMIP AdopGon KMIP embedded in major enterprise products Storage Disk Arrays, Flash Storage Arrays, NAS Appliances Tape Libraries, Virtual Tape Libraries Encryp7ng Switches Storage Key Managers Storage Controllers Storage Opera7ng Systems Infrastructure and Security Key Managers Hardware security modules Encryp7on Gateways Virtualiza7on Managers Virtual Storage Controllers Network Compu7ng Appliances Cloud Key Managers Compliance PlaAorms Informa7on Managers Enterprise Gateways and Security Enterprise Authen7ca7on Endpoint Security

11 KMIP Protocol Overview

12 KMIP Product & Technical Details KMIP is a standard wire protocol Key Client Key Server API API Internal RepresentaGon Internal RepresentaGon KMIP Encode KMIP Decode Message Format KMIP Encode KMIP Decode Transport TLSv1.0 or above Transport

13 KMIP Fundamentals 13

14 OASIS KMIP - Protocol Concepts Core Concepts Base Objects Protocol building blocks and parameter encoding Managed Objects Core concepts managed by KMIP Cryptographic Managed Objects (objects with key material) APributes Details related to or about a managed object Client-to-Server Opera7ons Opera7ons clients can send in requests to servers Server-to-Client Opera7ons Opera7ons servers can send in requests to clients Message Contents and Message Formats Request and Response protocol messages Message Encoding Binary Tag-Type-Length-Value Authen7ca7on See Profiles (Client Cer7ficates) Transport See Profiles (TLSv1.0 or TLSv1.2)

15 OASIS KMIP - Protocol Concepts Managed Objects have a Value Value is set at object crea7on Value cannot be changed Value may be incomplete Value may be in varying formats Managed Objects have an Object Type Cer7ficate Symmetric Key Public Key Private Key Split Key Template Secret Data Opaque Object PGP Key 1.2 Managed Objects have a set of A[ributes Every apribute has a string name Every apribute has a type May be simple types or complex types Some set by server once and cannot be changed Some set by client once and cannot be changed Most are singleton (only one instance) Server defined non-standard extensions are prefixed with y- in their string name Client defined non-standard extensions are prefixed with x- in their string name

16 OASIS KMIP - Protocol Concepts A[ributes for all Managed Objects Unique Iden7fier Object Type Ini7al Date Last Change Date Lease Time State* A[ributes for Managed Cryptographic Objects Cryptographic Algorithm Cryptographic Length Cryptographic Usage Mask Digest A[ributes for Managed CerGficate Objects Cer7ficate Type Cer7ficate Length X.509 Cer7ficate Iden7fier Ac7va7on Date Process Start Date Protect Stop Date Compromise Occurrence Date X.509 Cer7ficate Issuer X.509 Cer7ficate Subject

17 OASIS KMIP - Protocol Concepts Managed Object Life-cycle State Adopted from NIST SP Handled in State APribute Transi7ons via Opera7ons or pre-set triggers Dates of transi7ons recorded as APributes State A[ribute Pre-Ac7ve Ac7ve Deac7vated Compromised Destroyed Destroyed Compromised Date A[ributes Ini7al Date Destroy Date Last Change Date Archive Date Ac7va7on Date Deac7va7on Date Compromise Date Compromise Occurrence Date Process Start Date Protect Stop Date Validity Date Original Crea7on Date 1.2

18 OASIS KMIP - Protocol Concepts Message Encoding Binary Tag-Type-Length-Value format Op7onal JSON and XML encoding in KMIP 1.2 Cryptographic Usage Mask = Encrypt Decrypt Tag Type Length C C Value

19 OASIS KMIP - Protocol Concepts TTLV Encoding

20 OASIS KMIP - Protocol Concepts XML Encoding (optional KMIP 1.2 addition)

21 OASIS KMIP - Protocol Concepts JSON Encoding (optional KMIP 1.2 addition)

22 ImplementaGon Errors

23 ImplementaGon Errors Simple implementation errors q Invalid Padding q Invalid Encoding q Invalid Tag Values q Invalid Field Order q Invalid TLS usage q Missing Mandatory q Mandating Optional q Invalid sign 23

24 ImplementaGon Errors Complex implementa7on errors q Core concepts omiped q Special interpreta7on added q Conceptual confusion (Templates) q Unusual feature set selec7on q Assumed message sequences and content 24

25 ImplementaGon Errors Simple invalid encoding errors q The specifica7on includes clear text on encoding q The specifica7on includes examples of each encoding q The KMIP 1.0 Test Cases include the hexadecimal request and response sequences q Almost every vendor gets one or more of the encoding items wrong 25

26 ImplementaGon Errors Item Length An Item Length is a 32-bit binary integer, transmi5ed big-endian, containing the number of bytes in the Item Value. Data Type Structure Integer Long Integer Big Integer Enumeration Boolean Text String Byte String Date-Time Interval Length Varies, multiple of Varies, multiple of Varies Varies 8 4 Actual Implementation Errors q No padding q Padding before rather than at end of value q Padding missing for some types q Padding added for types that do not require padding If the Item Type is Structure, then the Item Length is the total length of all of the sub-items contained in the structure, including any padding. If the Item Type is Integer, Enumeration, Text String, Byte String, or Strings SHALL be padded with the minimal number of bytes following the Item Value to obtain a multiple Value. 26

27 ImplementaGon Errors - SoluGon Simple invalid encoding q Accept that adding more specifica7on text does not fix this issue q Accept that adding more examples of encoding are the same as adding more specifica7on text they are simply either not read or not read carefully q Accept that test cases seem to be ignored more ofen than they are used 27

28 ImplementaGon Errors - SoluGon Simple invalid encoding errors Test interoperability between implementa7ons q More plug-fests q More interop-events q More tests defined in more approachable manner q Formal conformance tes7ng program i.e. more events and wider scope 28

29 ImplementaGon Errors Special interpreta8on or conceptual confusion Adding seman7cs that don t exist leaping beyond the spec to noninteroperable solu7ons q Using Templates for policy management q Automa7cally crea7ng objects during search q Ignoring Password fields (accept anything) q Requiring Names q Forcing restricted set of characters in Names 29

30 ImplementaGon Errors - SoluGon Special interpreta8on or conceptual confusion q Deprecated Templates as of KMIP 1.2 q Require explicit indica7on for create-when-searching if really necessary q Adding Alternate Name and vendor educa7on q Expanding tes7ng of Names which exceed arbitrary restric7ons (spaces, punctua7on, etc) q More test cases and profiles q Flexible interpreta7on in servers 30

31 ImplementaGon Errors Assumed message sequences and content PaPern matching rather than understanding q Ignoring most of the message content q Assuming fixed list of fields in fixed order for non-ordered lists q Assuming fixed sequence of request / response items q Pre-canned responses with minimal subs7tu7on q Ignoring protocol version informa7on 31

32 ImplementaGon Errors - SoluGon Assumed message sequences and content q Detect this sort of implementa7on q Determine limita7ons of the approach q Expand on tes7ng to require more seman7c processing rather than simple syntax q More test cases and profiles 32

33 SNIA KMIP Conformance TesGng

34 KMIP Conformance TesGng - Intent q The SNIA SSIF launched the program to enable organiza7ons to shortlist vendor KMIP solu7ons based on support for specific usage scenarios q Enables organiza7ons to verify vendor claims q Value provided by a truly independent test team 34

35 KMIP Conformance TesGng - Profiles The KMIP TC defines Profiles q Norma7ve documents specifying the minimum set of func7onality to be supported q Contain expected requests and responses q Cover a range of deployment scenarios Profiles Advanced Cryptographic 1.2 Advanced Symmetric Key Foundry Asymmetric Key Lifecycle Baseline Client & Server Basic Baseline Client & Server TLSv1_2 Basic Cryptographic 1.2 Basic Symmetric Key Foundry HTTPS, JSON, XML Intermediate Symmetric Key Foundry Opaque Managed Object Store RNG Cryptographic 1.2 Storage Array With SED Suite-B MinLOS_128 Suite-B MinLOS_192 Symmetric Key Lifecycle Tape Library Complete Server 35

36 KMIP Conformance TesGng Method q Implementa7ons are made available to the test team q Test team operates under the SSIF s direc7on but tes7ng informa7on is kept completely confiden7al q Results are published (with tes7ng organiza7on's consent) on comple7on of tes7ng. 36

37 KMIP Conformance TesGng Client Process Customer Client SSIF Test Infrastructure 37

38 KMIP Conformance TesGng Server Process Customer Server SSIF Test Infrastructure 38

39 KMIP Conformance TesGng Results Snapshot taken from : 39

40 KMIP Conformance TesGng Results q Test results are published (with customer s permission q Results remain confiden7al to customer and test team un7l results are published q Only supported profiles appear on the results page (failures and/or non-supported profiles are not stated). 40

41 KMIP Product & Technical Details

42 KMIP usage across product types Disk Arrays, Flash Storage Arrays, NAS Appliances, Storage OperaGng Systems Vaul7ng master authen7ca7on key Cluster-wide sharing of configura7on selngs Specific Usage Limits checking (policy) FIPS140-2 external key genera7on (create, retrieve) Mul7-version key support during Rekey Backup and recovery of device specific key sets Tape Libraries, Virtual Tape Libraries External key genera7on (create, retrieve) FIPS140-2 external key genera7on (create, retrieve) Mul7-version key support during Rekey EncrypGng Switches, Storage Controllers Vaul7ng device or port specific encryp7on keys Cluster-wide sharing of configura7on selngs Specific Usage Limits checking (policy)

43 KMIP usage across product types Key Managers Key and other Object Vault (store) Key and other Object Creator (generate) Secure Cryptographic Opera7ons (use) Policy Enforcement for Access Policy Enforcement for Opera7on Usage Audit and Compliance Management Cross-device and cross-applica7on coordina7on User and device authen7ca7on enforcement Mul7-tenancy and mul7-jurisdic7onal enforcement EncrypGon Gateways, VirtualisaGon Managers Vaul7ng device, port or user specific encryp7on keys External key genera7on (create, retrieve) Cluster-wide sharing of configura7on selngs Specific Usage Limits checking (policy)

44 KMIP usage across product types Compliance Plaborms, InformaGon Managers, Enterprise Security Policy Enforcement for Access Policy Enforcement for Opera7on Usage Audit and Compliance Management Cross-device and cross-applica7on coordina7on User and device authen7ca7on enforcement Mul7-tenancy and mul7-jurisdic7onal enforcement Endpoint Security Vaul7ng device, port or user specific encryp7on keys External key genera7on (create, retrieve) Cluster-wide sharing of configura7on selngs Specific Usage Limits checking (policy)

45 KMIP usage across product types Hardware Security Modules (HSM) Key and other Object Vault (store) Policy Enforcement for Access Policy Enforcement for Opera7on Usage Audit and Compliance Management Mul7-tenancy and mul7-jurisdic7onal enforcement Key management / HSM gateways AuthenGcaGon and IdenGty Management Vaul7ng user specific informa7on External authen7ca7on storage and genera7on Valida7on of authen7ca7on for mul7-protocol support over KMIP

46 Key Management Servers and Hardware Security Modules (KMS and HSM)

47 Key Management Servers and Hardware Security Modules Hardware Security Modules (HSM) Standard APIs PKCS#11, Java JCE, Microsof CryptoAPI (CSP, CNG) Vendor proprietary extensions Typically required for many contexts Vendor proprietary network protocols Limited plaaorm support Generally a small subset of applica7on plaaorms Typically no web based server administra7on Usually FIPS140-2 level 2 or level 3 validated Generally rather limited on-device storage Key Management Servers (KMS) Standard network protocols Broad plaaorm support network protocol and SDKs from mul7ple vendors Generally web based server administra7on Ofen FIPS140-2 level 2 or level 3 validated Typically mul7-tenant Generally almost unlimited on-device storage

48 Key Management Servers and Hardware Security Modules Deployment Models for HSM only client PKCS#11 API Standalone HSM HSM with on-board KMS HSM with linked KMS Client PKCS#11 Client PKCS#11 Client PKCS#11 KMIP

49 Key Management Servers and Hardware Security Modules Deployment Models for KMS only client KMIP Protocol Standalone KMS KMS with on-board HSM KMS with linked HSM Client KMIP Client KMIP Client KMIP PKCS#11

50 Key Management Servers and Hardware Security Modules Deployment Models for KMS+HSM client PKCS#11 API and KMIP Protocol Standalone HSM HSM with on-board KMS HSM with linked KMS Standalone KMS KMS with on-board HSM KMS with linked HSM HSM with non-linked KMS KMS with non-linked HSM Client KMIP Client KMIP KMIP PKCS#11

51 MulG-Vendor Key Management with KMIP Tim Hudson CTO Cryptso2 GS13A 19-May :35pm

52 Extra Bonus Slides

53 FIPS140-2 Module Certificates by Lab 53 53

54 FIPS140-2 Module Certificates by Lab 54 54

55 FIPS140-2 Module Certificates by Year & Level 55 55

56 FIPS140-2 Module Certificates by Year & Level 56 56