an introduction to key management for secure storage · an introduction to key management for...
TRANSCRIPT
![Page 1: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/1.jpg)
An Introduction to Key Management for Secure Storage
Walt Hubis, LSI Corporation
![Page 2: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/2.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
SNIA Legal Notice
The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material in presentations and literature under the following conditions:
Any slide or slides used must be reproduced in their entirety without modificationThe SNIA must be acknowledged as the source of any material used in the body of any document containing material from these presentations.
This presentation is a project of the SNIA Education Committee.Neither the author nor the presenter is an attorney and nothing in this presentation is intended to be, or should be construed as legal advice or an opinion of counsel. If you need legal advice or a legal opinion please contact your attorney.The information presented herein represents the author's personal opinion and current understanding of the relevant issues involved. The author, the presenter, and the SNIA do not assume any responsibility or liability for damages arising out of any reliance on or use of this information.NO WARRANTIES, EXPRESS OR IMPLIED. USE AT YOUR OWN RISK.
22
![Page 3: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/3.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Abstract
An Introduction to Key Management for Secure Storage
As secure storage becomes more pervasive throughout the enterprise, the focus quickly moves from implementing encrypting storage devices to establishing effective key management policies. Without the proper generation, distribution, storage, and recovery of key material, valuable data will be eventually compromised. Worse, without proper management of key information, data can be completely lost.
This session explores the fundamental issues and technologies that impact key management for disk, tape, array, and other storage devices. Major issues associated with symmetric encryption keys are presented, along with practical advice on effective key management practices.
3
![Page 4: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/4.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
The Key Management Problem
4
![Page 5: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/5.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
The Key Management Problem
5
![Page 6: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/6.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
The Key Management Problem
6
![Page 7: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/7.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Data At Rest
Random Access DevicesDisk Drives
Sequential Access DevicesTape Drives
Other MediaOptical Media
Data in Flight is Still Important!
7
Check out SNIA Tutorial:
Self-Encrypting Storage
![Page 8: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/8.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Data At Rest
8
StorageElement Description
Data At Rest(DAR)
“Protecting the confidentiality, integrity and/or availability of data residing on servers, storage arrays, NAS appliances and other media”
Storage Resource
Management(SRM)
“Securely provisioning, monitoring, tuning, reallocation, and controlling the storage resources so that data may be stored and retrieved.”
Storage System Security
(SSS)
“Securing embedded operating systems and applications as well as integration with IT and security infrastructure (e.g., external authentication services, centralized logging and firewalls”
Data in Flight(DIF)
“Protecting the confidentiality, integrity and/or availability of data as they are transferred across the storage network, the LAN, and the WAN. Also applies to management traffic”
Data At Rest(DAR)
Storage Resource
Management(SRM)
Data in Flight(DIF)
Storage System Security
(SSS)
Source: Introduction to Storage Security, A SNIA Security Whitepaper, September 9, 2009
![Page 9: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/9.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management
Many Key Uses
9
Private signature keyPublic signature verification keySymmetric authentication keyPrivate authentication keyPublic authentication keySymmetric data encryption keySymmetric key wrapping keySymmetric and asymmetric random number generation keysSymmetric master keyPrivate key transport key
Public Key Transport KeySymmetric Key Agreement KeyPrivate Static Key Agreement KeyPublic Static Key Agreement KeyPrivate Ephemeral Key Agreement KeyPublic Ephemeral Key Agreement KeySymmetric Authorization KeyPrivate Authorization KeyPublic Authorization Key
Source: NIST Special Publication 800-57: Recommendation for Key Management Part 1: General
![Page 10: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/10.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management
Encryption Algorithm ModesElectronic Codebook Mode (ECB)Cipher Block Chaining Mode (CBC)Cipher Feedback Mode (CFB)Output Feedback Mode (OFB)Counter Mode (CTR)Galois/Counter Mode (GCM)LRW EncryptionXOR-Encrypt-XOR (XEX)XEX-TCB-CTS (XTS)CBC-Mask-CBC (CMC)ECB-Mask-ECB (EME)
10
Encryption AlgorithmsAES
128 Bit Key192 Bit Key256 Bit Key
DES56 Bit Key
3DES168 Bit Key
![Page 11: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/11.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management
Key and Data LifetimeForever
Assure Access to Data Years from Now
For a Limited Time PeriodEphemeral – Milliseconds, SecondsWeeks, Months, Years
What Happens at End of Life?Mandatory Re-EncryptionDestruction of DataDestruction of Key
11
![Page 12: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/12.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management
PoliciesWho Can Establish Keys?Who Can Delete Keys?What is the Lifetime of a Key?Can the Key be Archived?Are the Keys Changed Periodically?Are Keys Automatically Deleted or Archived?Who Else Can Use the Key?
12
![Page 13: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/13.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management
AuditingTrack the Key over it’s LifetimeWho Created the Key and When?Who Changed the Key and When?Who Created a Copy of the Key and When?Where are the Copies of the KeyWho Deleted the Key and When?
13
![Page 14: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/14.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management
ThreatsConfidentiality
Key DisclosureData Accessible to Anyone
IntegrityKey has Been ModifiedKey has been CorruptedData Accessible by None
ArchiveKey has Been Lost
AvailabilityKey Cannot be Accessed
14
![Page 15: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/15.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management Goals
Backup/Restore Key MaterialArchival and Retention of Key MaterialDistribution of Key MaterialExpiration, Deletion, and Destruction of Key MaterialAudit of Key's Life CycleReporting Events and Alerts
15
Source: NIST Special Publication 800-57: Recommendation for Key Management
![Page 16: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/16.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Keying Material
16
![Page 17: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/17.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Keys
Two Major Types of EncryptionSymmetric KeysAsymmetric Keys
Storage Systems May Use BothAsymmetric Keys to Exchange Symmetric KeysSymmetric Keys to Encrypt/Decrypt Data
17
![Page 18: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/18.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Symmetric Keys
One KeyUsed for Both Encryption and Decryption
Requires Lower Computing Power
18
![Page 19: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/19.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Asymmetric Key
Uses Private and Public Key PairCan’t be Derived from Each OtherData Encrypted with One Can Only Be Decrypted With the OtherRequires Greater Computing Power
19
![Page 20: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/20.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Encryption Strength
20
![Page 21: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/21.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Formats
Key FormatsAny and All Key Formats Must Be ManagedKeys are Viewed as Objects
Key MaterialKey DataKey Information: Metadata
Storage Generally Uses Symmetric KeysA Secure Key Exchange AssumedEasier to ImplementLess Client Resources
21
![Page 22: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/22.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Wrapping
Used to Move KeysBackupArchivingInstallation
22
Source: AES Key Wrap Specification (http://csrc.nist.gov/CryptoToolkit/kms/key-wrap.pdf)
![Page 23: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/23.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Pass Phrase
Commonly Used to Generate Key Encryption Key
23
Pass Phrase
Hashing Algorithm
AES Encryption
Key
Key Encryption Key Backup
Media
![Page 24: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/24.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Basic Key Metadata
ValueThe Actual Key
Unique Identifier (GUID)Unique Within a Domain (Name Space)
The Domain May be World Wide Unique
May be a Globally Unique IdentifierWorld Wide Unique Name
May be a HierarchyImportant for Identifying Keys that are Moved
Across DomainsAcross CompaniesAcross Countries
24
![Page 25: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/25.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Optional Key Metadata
NameUser readable name, not necessarily Unique
Creator nameDomain nameParent GUIDPrevious version GUIDVersion string
25
![Page 26: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/26.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Optional Key Metadata
TimestampsCreationModifiedValid TimeExpiration Time
PoliciesUse of keyKey type
Access rights - who can: AccessModifyDisableDestroy
Vendor-Specific Metadata
26
![Page 27: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/27.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management Components
27
![Page 28: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/28.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management Components
Client-Server ViewThe KeyThe Key ServerThe Key Transport Channel
Secure ChannelAuthenticationIn-BandOut of Band
Key Exchange Protocol
28
![Page 29: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/29.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Client-Server View
ClientUser or Consumer of Keys
ServerProvider of Keys
29
![Page 30: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/30.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Client-Server Authentication
Client and Server Must AuthenticateAssures IdentitySecrets or CertificatesPre-Shared Keys or PKI
Communications are SecureChannel Encryption
30
![Page 31: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/31.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Clients - Lightweight
Limited ResourcesLimited Computational RequirementsLimited Memory Requirements
ApplicationsDisk DrivesTape Drives, LibrariesArray Controllers
Simple ProtocolFixed Fields and ValuesSimilar to SCSI CDBs
31
![Page 32: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/32.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Clients - Complex
Unlimited ResourcesApplications
Key ServersData BasesObjectsFile Servers
May Use a Complex ProtocolRequires Complex Protocol Parser
32
![Page 33: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/33.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Server
Key ServerSoftware Application
Generic Hardware Platform
Dedicated Hardware ServersHardened
Multiple Key ServersKey Management Between Servers
Policy ManagementAccountingValidation
Backup
33
![Page 34: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/34.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Clients and Servers - Disk
Typical KM ScenarioClient: Host PCPasses Key to Drive
34
![Page 35: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/35.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Clients and Servers - Disk
Client is the DriveDrive or SubsystemRequests Key Directly from Server
35
![Page 36: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/36.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Clients and Servers - Tape
Manual Key Management
36
![Page 37: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/37.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Clients and Servers - Tape
Automated Key Management
37
![Page 38: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/38.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Clients and Servers - Tape
Automated Key Management
38
![Page 39: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/39.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Host Based Key ManagementCryptographic Unit
HBASoftware
39
![Page 40: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/40.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Clients and Servers - Enterprise
40
![Page 41: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/41.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
KMS Protocol
Two Primary OperationsSet key
Server ClientGet key
Client Server
Optional OperationsFind keyUpdate keyReplicate keyDisable keyDestroy keyAccess rightsGet service infoAudit log functions
41
![Page 42: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/42.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Key Management Standards for Storage
42
![Page 43: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/43.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved. 43
Key Management Standards for Storage
![Page 44: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/44.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved. 44
Key Management Standards for Storage
![Page 45: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/45.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
For More Information
45
Check out SNIA Tutorial:
An Inside Look at Imminent Key Management Standards
![Page 46: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/46.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
For More InformationNIST Special Publication 800-57: Recommendation for Key Management (http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf)ISO/IEC 11770 Parts 1-3: Information technology - Security techniques -Key management (http://webstore.ansi.org/ )FIPS 140-2: SECURITY REQUIREMENTS MODULES (http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) Trusted Computing Group (https://www.trustedcomputinggroup.org/home) IEEE P1619.3: Security in Storage Workgroup (SISWG) Key Management Subcommittee (http://siswg.net/) OASIS Enterprise Key Management Infrastructure (EKMI) Technical Committee (http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ekmi) IETF: Provisioning of Symmetric Keys (KEYPROV) (http://www.ietf.org/html.charters/keyprov-charter.html)
46
![Page 47: An Introduction to Key Management for Secure Storage · An Introduction to Key Management for Secure Storage As secure storage becomes more pervasive throughout the enterprise, the](https://reader031.vdocuments.us/reader031/viewer/2022013021/5f151d417f3f5e7eb521668d/html5/thumbnails/47.jpg)
An Introduction to Key Management for Secure Storage © 2010 Storage Networking Industry Association. All Rights Reserved.
Q&A / Feedback
Please send any questions or comments on this presentation to SNIA: [email protected]
47
Many thanks to the following individuals for their contributions to this tutorial.
SNIA Education Committee
Larry Hofer CISSP Blair SempleEric Hibbard CISSP SNIA SSIFMark Nossokoff SNIA Security TWG