Cryptography: The Importance of Security Management (II)

Although considered enormously important and operationally useful, it involves intervening in the cryptography of a possibly complex security system, which may create headaches for users. Life does not have to be like that. Of course, the necessary care and commitment have to be exercised in management, but in the end, user-friendliness is largely what determines the value of a concept.

Security Cryptography

The objective of security management is to convey a readily interpretable overview of all encryption functions and operations in the network while providing the right means (i.e. effective actions) of handling all possible incidences.

Complexity has to be reduced to achieve this level of quality. This entails primarily automated procedures that avoid errors, logically traceable links and a logical and understandable user interface. Simplicity is ultimately what determines security and trust in these procedures.

The concept from Crypto AG also keeps in mind the often-cited human factor. Experience shows that available potential is only used if it can be conveyed understandably and lastingly. It is also advantageous if the concept is taught in an efficient and concise manner.

Hardware Encryption

All cryptographic processes are run in a separate hardware security module, from cryptographic processes for payload encryption to procedures carried out in the Security Management Centre (SMC). As each encryption unit has the same security module as the SMC, encrypted data is always exchanged on the same cryptographic basis (with a random-number generator). In this approach, security data (algorithms, keys, access data, etc.) are never accessible in unencrypted form in any of the management procedures.

Centralised Management

All encryption units integrated in the network must be involved in the management procedures, regardless of the size or complexity of the network. Logically enough, administration is therefore carried out over a central authority system, the Security Management Centre with backup system. All units can be administered from this centre concurrently. The user's security policy and the ambient conditions (e.g. applications or network size) of the work scenario determine whether the online or offline process is used. The Security Management Centre is a convenient support tool for both concepts.

Encrypted Management Channels

Symmetric encryption processes require secure key distribution to the individual encryption units. If the same strong basic cryptography as for payload encryption is used, this procedure can be done online with no security problems at all. No specific operational problems arise and no special procedures are necessary. One individual key-per-management-channel for each encryption unit opens the way to completely individualised administration. In offline mode, the channel comprises SDC Security Data Carriers with data that are likewise encrypted.

Redundant Multi-Location Management

With multi-location management, larger networks can be divided into flexible sub-networks, which can then be administered independently and more easily. It could be tactically advantageous, for example, to administer front-office areas from nearby or hierarchies independently of each other. Redundancy is increased at the same time. A lost site can be replaced immediately. Intensive round-the-clock operation also allows a better distribution of capacity utilisation. With the shared database, the current status of all units can be retrieved from any site at any time.

Dynamic Topology

The assignment of units to groups or hierarchies (i.e. the logical topology) can be flexibly and dynamically adapted to the ambient requirements and tracked from a central point. The security policy can also be changed at any time. In crises, entire networks or parts of them can be given new priorities at short notice with no interruption of operations. This function may even be a mobile one depending on the application.

Security and Network Monitoring

Monitoring gives the security manager a complete overview of all network states with respect to security parameters and network settings of the encryption units, so he can response immediately and correctly to any problems. He can request information of possible value for maintenance or audits from the unit logs on past processes. Depending on the security policy in force, the roles of security management and network management (as regards the encryption units) can be performed separately or jointly. This flexibility may be advantageous, for example, if a network provider operates an encryption solution for its customers.

Automated Key Exchange

The best practice quasi-standard requires a periodic replacement of the unit keys/master unit keys (new session keys are generated each time anyway). This key change is simple and automated and is accomplished without interrupting operations. Programmability enables optimum timing for the use of load/network presence. The multi-key process automatically reconciles any time differences in key installation, even in offline mode with its larger time shifts. All procedures are automatically logged, allowing subsequent verification of who took what action.

Emergency Procedures

A threatened or already compromised encryption device can pose a serious risk to the user. These problems can be greatly mitigated by having procedures that are as simple as possible. Emergency procedures, for example, allow the user to delete all cryptographic data immediately at the simple press of a button (even without a power supply) or to exclude a certain unit instantly from the cryptography of a network with an online command. Secure operations can be resumed quickly thanks to a central recovery procedure.

User Authentication

Authentication can be based on persons or roles at each unit and individually set via the SMC, in offline or online mode. This feature reliably excludes unauthorised parties. Identity-based procedures can be recorded with logs and evaluated for audits. With the block function, each unit can be shut down securely for a shorter or longer period, for example for interim storage or for transport.

Security as an Entity

Encryption systems are always operated in a user’s own specific scenario, so the associated security management has to support his individual security policy. It is therefore preferable to implement security in an ICT environment individually as a project entity. An experienced supplier can include the aspect of security management early on in a project, with a focus on its benefits. This inclusion substantially increases efficiency for project realisation and trust in security.

For further details on the Security Management Concept from Crypto AG please also refer to the previous article on this platform.