In Zero Trust, Identity management and data encryption play an important role. Since both disciplines rely on cryptographic keys, Zero Trust also requires a solution for key generation, management, and storage. This article explains why and how Hardware Security Modules are the best option for this requirement.
Perimeter Security vs. Zero Trust
The increased threats and security incidents have raised serious concerns about the existing cybersecurity models, which are based on “perimeter security” or “castle-and-moat” models. They consider that all users inside a network are trusted, which at times could include threat actors and malicious insiders. While no one outside the network can access inside data, everyone inside the network can. The weakness of these models lies in their misplaced intense focus on external threats.
To address these concerns, organizations can utilize a zero-trust approach to better protect business-critical data. Zero Trust is an information security framework with strategic initiatives augmenting organizations to safeguard their critical assets and data against breaches.
A Zero trust model is based on a basic assumption that it treats trust as a vulnerability and as a result, no node, user or entity of the system should be trusted.
Role of Cryptography & Keys in Zero Trust
Cryptography lies within the core of modern products, technologies, and services since it provides a security mechanism for strong authentication and data encryption. The best practice of the zero-trust principle is the comprehensive application of cryptographic technology and cryptographic services, which not only solves the problem of cyber trust but also enables data security. Each node (user, device, or service) has to prove their trusted identity whenever they authenticate or access network resources.
Digital identities and data encryption are managed through cryptographic keys.
Identity management is at the heart of the Zero Trust model since identities need to be authenticated and authorized before allowing any access to resources. Zero Trust requires strong authentication with various cryptographic mechanisms. For each digital identity, there also resides a key. Key-based authentication delivers greater security and should be implemented by generating and storing cryptographic keys in a Hardware Security Module (HSM), ensuring secure generation and storage of cryptographic keys and never being exported unauthorized from the HSM. Encrypting keys under a password or passphrase offers only a single layer of defense, and is much easier to break by an attacker than the physical protection offered by an HSM. HSMs should be used where key loss can lead to catastrophic consequences. An HSM should be used to anchor critical keys, therefore establishing a cryptographic Root of Trust (RoT).
Organizations have incorporated encryption mechanisms to protect sensitive data. This is achieved through encryption which ensures the protection of data at rest and data in transit. All types of encryption mechanisms use cryptographic keys.
Role of Hardware Security Modules in Zero Trust
HSMs are dedicated hardware appliances with an embedded processor to swiftly accomplish cryptographic operations and are explicitly considered to protect cryptographic keys at every phase. Since HSMs manage the crypto keys of an entire infrastructure, HSMs have a requirement to undergo thorough testing and validation certifications by the Federal Information Processing Standard (FIPS) and Common Criteria (CC) in order to meet the required levels of security.
Secure Key Generation
The creation of cryptographic keys is based on the generation of random numbers. Higher quality or degree of random numbers ensures strong keys.
HSMs incorporate hardware-based TRNGs (True Random Number Generators) which engender real-time random numbers based on physical entropy sources e.g., avalanche, thermal, and atmospheric factors. These random numbers are used as seeds for the secure generation of unique cryptographic keys. The strength of keys is mainly dependent on these random numbers. If the random number generator is predictable or weak then the whole key generation mechanism is cryptographically weak.
Protection of Cryptographic Keys
After key generation, another important aspect is the secure storage of the cryptographic key so that it cannot be accessed, used, and exported in an unauthorized manner. Software-based key storage and management (stored in applications and OS) are less secure than hardware-based key stores since they are more vulnerable to unauthorized access by malware and not evaluated/tested as per international requirements/compliance, for example, only to FIPS Level 1 and not 2 and 3.
Therefore, hardware-based key storage is the most secure way to manage keys during all phases of a key life cycle since HSMs protect and secure keys, starting from generation and through to destruction. The private keys and other sensitive cryptographic material never leave the HSM (unless encrypted) and can only be used following specific access control mechanisms.
Zero Trust eradicates the legacy concept of a “safe network” and mandates strong identity verification along with the encryption of data to ensure confidentiality. The security level of Identity management and data encryption in Zero Trust relies on the use of cryptographic keys. For a reliable and secure generation, management, and storage of these keys, a hardware security module should be the tool of choice - serving as the sole root of trust in your Zero Trust Architecture.