Key Protection for Endpoint, Cloud and Data Center

Transcription

1 Key Protection for Endpoint, Cloud and Data Center

2 ENCRYPTION IS ONLY AS SECURE AS ITS LEAST SECURE KEY Encryption is undoubtedly one of the pillars of information security. It is used everywhere today: from the devices we use to bank online and login to social networks, to servers and backend systems in the data centers of corporations and cloud service providers. Encryption protects sensitive data, guaranteeing that only authorized entities holding the decryption key will be able to read and use the data. The two parts of any encryption system are the algorithm used for encryption/decryption and the key. While the encryption algorithm is by definition publicly available, a well-designed encryption algorithm cannot be broken within a reasonable timeframe without possession of the key. The key used for decryption, thus, must be protected and managed properly so it doesn t fall to unauthorized hands or being lost. Protecting the keys properly is a challenge, where the inevitable tradeoff between security, cost and usability is profound: strong key protection requires the use of dedicated hardware such as a Hardware Security Module (HSM) or a smart card, but come with all the downsides of using hardware. On the other hand, pure software techniques exist for protecting the keys in a flexible and scalable manner, however they don t provide a sufficient level of protection for most use cases. THE FUTURE IS HERE: KEYS ARE NOW SECURE, ON EVERY DEVICE! Dyadic Virtual HSM (vhsm) is a disruptive, pure software solution that is the first to provide the strong key security guarantees that were previously only available through the use of dedicated hardware. Dyadic s core technology is based on decades of research by Dyadic s co-founders, Professors Nigel Smart and Yehuda Lindell (and others) in the field of secure Multi Party Computation. The tremendous knowledge and skills of Dyadic s team of applied crypto experts and software development veterans have combined to create a practical and easy-to-use key security solution. Dyadic s key protection is the first software-only solution that enables every device to have a virtual HSM, where sensitive encryption keys can be stored securely with a trust level comparable to dedicated encryption hardware. This includes all ranges of machines; from servers hosted in the cloud or data centers to endpoint devices such as desktops, laptops, smartphones, and IoT devices. The rapid shift to virtualization and software-defined technologies is already upon us, as cloud and mobilization have begun to re-shape the world. vhsm will play a critical role in this evolution, being the first solution that enables software-only encryption to be carried out while maintaining the very high security required for most applications.

3 HARDWARE VS. SOFTWARE KEY PROTECTION WITHOUT COMPROMISE Hardware solutions such as HSMs, smartcards, hard tokens, embedded secure elements and Trusted Execution Environments (TEEs) are considered the most secure method for safeguarding and using cryptographic keys. For example, HSMs typically safeguard keys that are used for encrypting sensitive data, secure communication (SSL), VPN servers and others. Smartcards, hard tokens and secure elements are typically used to store authentication and digital signing keys. Such solutions allow the application to use the key only for the required set of operations such as encryption, decryption and signing, however they prevent extraction of the key material (key exportability). The circumstances of a compromised encryption key could be disastrous, where vast amounts of highly sensitive information fall to the hands of unauthorized parties such as cyber criminals. For example, consider a situation where a code signing key is compromised, thus allowing a criminal to sign arbitrary malware code with a legitimate signature. The nature of the hardware solutions described above make it possible to prevent such disastrous situations with a very clear security guarantee by precluding key exportability. For example, extracting the key from a smartcard would require the attacker to be in physical proximity and to use unique and expensive tools. On the other hand, while traditional software-based solutions for key protection offer the benefits of usability, scalability and low operational overhead, they do not provide clear guarantees for the security of the key. Each solution offers different security levels: in the less secure solutions the keys are merely stored in disk and/or memory, while at the more secure end of the spectrum the keys are protected using obfuscation algorithms and whitebox cryptography techniques. While those methods make accessing the keys somewhat harder for an attacker, their heuristic nature makes it almost impossible to know what level of security such a solution provides or how to compare two different solutions using such techniques. In addition, all such methods operate on a cat and mouse model. For example, attackers are continually breaking the constructions, after which developers must release a fix on that latest method, and then the attackers will break that construction, and so on. Determined attackers break these techniques relatively quickly, and it is very hard to know in advance when such attack will occur. This endless repetitive process is highly cumbersome, and often requires constant, frequent and unexpected investments in update, deployment and testing of new code to thwart the latest threats. This leads to the classic security vs. usability tradeoff, where high level of trust for the keys translates to the burden of using dedicated hardware that is expensive to maintain, deploy and provision. Using software-only solutions would greatly reduce costs, simplify maintenance and provisioning but a compromise will have to be made by significantly lowering the level of trust. Dyadic vhsm has freed organizations from making this tradeoff by offering a hardware-grade key security that is achieved in a lightweight and easy-to-use pure software solution. No more compromises. vhsm has the flexibility, usability and user experience advantages of software, but with a hardware comparable trust level.

4 HARDWARE COMPARABLE SECURITY WITHOUT HARDWARE: BUT HOW? Dyadic s key protection solutions are based on secure Multi Party Computation (MPC). MPC is a domain in cryptography that addresses the problem of jointly computing a function among a set of mutually distrusting parties. Its research dates back to the mid-1980s. In the earliest academic literature, it was shown that any function can be securely computed. However, the solutions proposed were not efficient enough to actually be used in practice. In recent years, cryptography experts including Dyadic s cofounders Professors Nigel Smart and Yehuda Lindell, have made significant algorithmic improvements to MPC protocols. Now, secure computation can be used to solve a wide range of problems with practical response times. In the following section a few practical examples of secure MPC will be outlined, followed by an explanation on how Dyadic applies secure MPC to protect cryptographic keys. REAL WORLD EXAMPLES FOR SECURE MPC A basic scenario is that a group of parties wish to compute a given function on their private inputs, while still keeping their inputs private from each other. For example, suppose that there are three bankers, Alice, Bob and Charlie, who wish to discover whose bonus was the largest that year but they still want to keep their bonus amounts secret from each other. One way for achieving this is to use a trusted third party, called Susan. Susan is a very trustworthy person, who promised the group that Alice, Bob and Charlie can each tell her their bonus amounts in secret and in return she will just tell the group the name of the banker who received the largest bonus.

5 ? Alice?? Bob Alice Bob Susan??? Charlie Charlie Susan agrees to only share the name, and not the actual amounts to any of the parties. In a perfect world, this could be a valid solution, however, in reality, trusted parties like Susan usually do not exist or are very hard to come by. Secure MPC protocol would allow the group of bankers to carry out this task, without the need of a trusted third party. To do so they engage in an interactive protocol, exchanging messages, with the result being the output of the desired function. The privacy of their inputs and the correctness of the result are guaranteed. There are a wide range of practical applications for multi-party computation, varying from simple tasks such as coin tossing to more complex ones like electronic auctions (e.g. compute the market clearing price), electronic voting, private DNA matching, privacy-preserving data mining, and more. MATHEMATICAL GUARANTEES OF SECURITY The ability to compute a function on joint inputs while preserving input privacy and correctness seems paradoxical; how can one compute on values without ever having them? To some, this notion even seems impossible. As such, an important question to ask is, When is a multiparty computation protocol secure and how can we determine this? In modern cryptography, a protocol can only be deemed to be secure if it comes equipped with a rigorous security proof. This is a mathematical proof that the security of the protocol follows from a well-established hard cryptographic problem (like RSA, discrete log over Elliptic curves, and so on). The fact that protocols come with such proofs differentiate MPC protocols from numerous other techniques that are merely heuristic in nature, such as the aforementioned traditional methods for securing keys in software. In contrast, secure MPC protocols have a clear and exact guarantee, backed by a rigorous security proof. This is a very significant advantage to this approach over other merely heuristic ones, providing a clear security guarantee comparable to dedicated hardware key protection solutions.

6 USING SECURE MULTI PARTY COMPUTATION FOR CRYPTOGRAPHIC KEY PROTECTION Dyadic applies secure MPC to enable the storage and usage of cryptographic keys without ever having them in a single place, thereby eliminating the key as a single point of failure. This is being achieved practically by splitting a key into two random shares. These random shares can then be stored on distinct, separate machines with high degree of segregation. Each of these machines has a vhsm and each machine can use the cryptographic API that allows only encryption, decryption and signing. Key export is impossible, as neither of the machines ever hold the key. When using Dyadic Key Protection for Endpoints, one share is placed on a mobile device, while the counterpart is placed on a dedicated server in the cloud or data center. When using Dyadic Key Protection for Cloud and Data Center, the two key shares are distributed on two separate servers, that are hardened and segregated according to Dyadic s security best practices (e.g. separate administrators, different platforms and operating systems, different physical locations). Dyadic s vhsm utilizes secure computation in order to compute all standard encryption and signing algorithms without ever bringing the key together on memory, on disk or over the wire. Furthermore, the input privacy property of secure MPC guarantees that neither of the machines can learn anything about the key share of the other machine (and thus about the actual key). Therefore, even if one server is breached by an attacker or infected by malware, the attacker still cannot learn anything about the key. Moreover, the values of the shares of the key are continually refreshed, without modifying the key itself. Thereby, if an attacker successfully attacks the device where one share of the key is held, and then attacks the device holding the counterpart key share, he will actually learn nothing about the key. This means that in order to obtain the key, the attacker has to successfully attack both machines, at the same time. On the other hand, each machine can use the crypto API securely to carry our all cryptographic operations using the key. Dyadic s vhsm is currently in process of certification for FIPS Level 2 by the National Institute of Standards and Technology (NIST).

7 UBIQUITOUS KEY SECURITY: A PARADIGM SHIFT The emergence of a pure software solution that provides hardware level security has far-reaching consequences. High trust key security along with the flexibility, scalability and usability of software will eventually become ubiquitous. On the backend, key safeguarding will become virtual for many use cases, and key protection and management would be significantly simplified. From the end-user point of view, authentication and authorization would be accomplished with higher level of trust, from any device. This means that more services could be offered and more tasks could be performed safely, thus expanding business opportunities and increasing productivity. User experience will greatly improve with the ability to provide high trust level on and kind of BYOD, reducing the need for dedicated hardware device to carry around. This is a true paradigm shift in encryption and key protection that would eventually allow a more convenient and secure experience in a world that is rapidly shifting towards the cloud, mobility and IoT.