Previously, Todd Cignetti, AWS Security Product Manager, wrote a post that covered some typical use cases for AWS CloudHSM, a service that helps you securely generate, store, and manage the cryptographic keys used for data encryption such that they are accessible only by you. In this post, Todd continues the series on AWS CloudHSM with a discussion of key hierarchies.
Application developers are often asked to encrypt data to protect that data's confidentiality, to meet compliance requirements or as a best practice. There are several options for generating an encryption key in software and using it to encrypt data, whether from open source or vendor-specific solutions. But once an encryption key is created and used to encrypt data, that key has to be stored for later use when the data needs to be decrypted. Storing the key with the data is like locking your front door while leaving the key in the lock—not recommended
So how and where can developers securely store encryption keys? One good way is by using a key hierarchy. This is simply a way to organize encryption keys so that a root (or master) key is used to encrypt other keys that are in turn used to encrypt the actual data you want to protect. A key hierarchy provides a powerful pattern for storing an application’s cryptographic keys. It also allows you to use different keys for different data while allowing you to focus your protection efforts on the master key.
An important aspect of a key hierarchy is that the master key can decrypt all of the other keys, and therefore (indirectly) all of the data. The master key needs to be protected, of course, but it it’s also important that it be accessible and available to decrypt the other keys. How can you protect a master key while keeping it available when needed?
This is where AWS CloudHSM comes in. The AWS CloudHSM service allows you to protect your encryption keys by storing them in an HSM (Hardware Security Module). An HSM is a purpose-built appliance that provides physical and logical protection for cryptographic key material that can go beyond the protection offered by typical servers and operating systems. HSMs are designed to meet some of the highest and most stringent security standards (for example FIPS 140-2 [PDF] and Common Criteria EAL4+). The HSM client software your applications use to reach the HSM supports duplicating keys among HSM devices (cloning), spreading the workload among HSMs (load balancing), and failover (high availability).
Using AWS CloudHSM, therefore, you can generate, store, and manage the cryptographic keys used for data encryption, and do so while limiting access only to you. This helps you design systems that make the master key available to your application when it’s needed, while offering a high level of security for the key.
Key Hierarchies in Practice
The following figure illustrates a simple key hierarchy and its relationship to encrypted (bulk) data.
In the figure, "bulk data" refers to the data you ultimately want to protect, such as file blocks, information in a database, or a plaintext password. For these scenarios, symmetric key encryption (where the same key is used both to encrypt and decrypt the data) is the norm, because it's efficient for bulk data.
After an application encrypts the bulk data using the data key, the application encrypts the data key itself with the master key, and stores the encrypted data key. The application then throws away (i.e., shreds) the plaintext copy of the data key, typically by writing a random bit pattern over the area of memory where the data key was stored. When the application wants to decrypt the bulk data, it fetches the encrypted data key and uses the master key to decrypt the data key. The application can then use the decrypted data key to decrypt the bulk data.
Benefits of a Key Hierarchy
A key hierarchy provides three major benefits. The first is that it minimizes the amount of plaintext key material that needs to be protected. In a key hierarchy, only the master key needs to be stored in plaintext, and it's typically easier to provide strong protection and restrict access to one key than to many keys. Storing the master key in an HSM allows you to take advantage of purpose-built hardware that is designed to protect sensitive data. For some applications that have regulatory or contractual requirements for hardware-based key protection and isolation, CloudHSM can help meet these requirements. The AWS CloudHSM service provides you with dedicated and exclusive (single-tenant) access to HSMs, so the master keys stored there are protected in hardware that's accessible only to you. For many applications, data encryption keys that are lower in the key hierarchy and that have been encrypted using the master key can be stored outside the HSM.
The second benefit of a key hierarchy is that it allows segmentation of the data that needs to be protected. Different data can be encrypted using separate data encryption keys instead of having all data encrypted using a single key. These separate data encryption keys and the data they protect can be managed independently. For example, a data key can be distributed to one user to grant access to the data; other users cannot access the data, since they don't have the key. If the user loses the data key, the data protected with other data keys remains protected. In effect, this limits the potential impact of losing a key to data protected with that key, which is important when data keys need to be widely distributed.
The third benefit of a key hierarchy is that it avoids the need to perform bulk encryption operations in the HSM, and therefore reduces the processing load on the HSM. With a key hierarchy, the HSM only has to do the work of decrypting data keys, and bulk encryption can be distributed to one or more application instances, while the most sensitive keys stay protected in the HSM.
Deeper key hierarchies (i.e., with more levels) are also possible. For example, the master key stored in an HSM can be used to protect the highest level keys of an enterprise key management system, which in turn might have several levels of keys in a key hierarchy.
Key hierarchies are commonly used to segment data, limit risk of key exposure, and minimize key material that needs to be stored in plaintext. Using key hierarchies makes it easier to manage keys, since you only need to provide full protection to some keys, and HSM hardware can provide extra protection for storing those keys.
If your applications can benefit from using a key hierarchy for strengthened encryption security, check out what AWS CloudHSM can do for you. For more information, visit the AWS CloudHSM detail page. If you have questions about CloudHSM, please visit the CloudHSM forum.