PCI Mandates Use of Key Blocks for Encryption of Symmetric Keys

This article highlights the use of key blocks for securing cryptographic keys under the latest versions of PCI PTS and PCI PIN Security.

Essential Protection of the Cryptographic Keys 

Since the exponential increase of digital assets in banking transactions, the requirement for protection of cryptographic mechanisms has also increased respectively. 

The constantly evolving complexity of cyberattacks exploits vulnerabilities in IT systems, making the secure creation and storage of cryptographic keys a crucial task for organizations seeking to protect business transactions. As the potential loss or compromise of cryptographic keys would lead to regulatory penalties and reputational damage, resulting in a loss of trust in the business.

Payment Hardware Security Modules (HSM) which have been an essential element of the security architecture use key block structures as a way of protecting the integrity of cryptographic keys.  

With the release of   the latest version 4.0 of PCI PTS HSM   and version 3.1 of PCI PIN Security Requirements and Testing Procedures the cybersecurity providers and financial services institution are strongly mandated to use key blocks.

This article highlights the importance of key blocks as part of the new PCI PTS certification version for the security of cryptographic keys.

Crucial role of Key Blocks  in Securing Cryptographic Keys

As mandated by PCI, the standard mechanism for protecting the integrity and usage/association of cryptographic keys is the implementation of key blocks. The payment data is protected by cryptographic keys, which are in turn protected by key blocks. Without the proper implementation of key blocks, banking solutions would be more vulnerable to attacks or breaches, resulting in potential payment data compromises. 

Structure of a Key Block

A key block provides confidentiality (secret data/keys cannot be disclosed) and integrity (associated data cannot be modified without detection) of the key(s). The integrity of a key block is protected as well. 

A key block contains attributes that allow vendors and implementers to design policies for specific key types, e.g. if the HSM knows that a given key is a PIN key, it will not allow its use for non-PIN data. 

Similarly, if the HSM knows that a key is a key-encrypting key, it will not allow it to encrypt data. Vendors enforce these policies based on attributes to prevent attacks against the keys. The attacks on cryptographic keys were successful only in the scenarios where these attributes and policies were not effectively enforced.

The Need for Key Blocks

The reason for fortifying cryptographic keys is to provide security and reliability that targets two basic requirements: 

•  Key Usage Control: The usage, purpose, and type of keys should be strictly bound to ensure that the key cannot be used for unauthorized purposes.
• Key Integrity: The key cannot be modified by an unauthorized party.

ASC X9 TR 31-2019 - Interoperable Secure Key Exchange Key Block Specification addresses the requirements for key blocks and standards for key blocks.

PCI Standards that Mandate the Use of Key Blocks

• PCI PTS HSM Version 4.0, released in December 2021   , provides guidelines for the Payment HSMs  throughout their whole lifecycle (fabricating, conveyance, utilization, and decommissioning) for HSM producers to follow under PCI PTS (PIN Transaction Security) HSM "Modular Security Requirements." PCI PTS provides operational/technical security requirements for the protection of cardholder data along with cardholder authentication, payment processing, and cryptographic key management, etc. The principal goal of these requirements is to eliminate the possibility of business fraud and decrease its likelihood and confinement of its implications. All HSM vendors and applications that store, process, or transmit cardholder data must comply with this standard.
• PCI PIN Security Requirements and Testing Procedures Version 3.1 released in March 2021, provides a set of comprehensive security requirements for the complete management (storage, processing, and transmission) of PIN data of offline & online payment card transactions processed by Point-of-Sale (POS) terminals and ATMs. The agenda for implementation of Key Blocks was introduced as a new requirement for better security of encrypted keys, which greatly improves the security of symmetric keys that are shared among payment participants to protect PINs and other sensitive data.

What Do Key Blocks Successfully Achieve?

Encryption keys must be used only for the purpose for which they were intended. For example, a PEK (PIN Encrypting Key) cannot be used as a KEK (Key Encrypting Key) and vice versa. Similarly, the keys for decryption and generation of digital signatures must be different. This segregation is necessary to limit the exposure of keys to maintain the strength of the overall system.
Key usage must be cryptographically bound to the key using accepted methods. Acceptable methods of implementing the integrity requirements include, but are not limited to:

• A MAC computed over the concatenation of the clear-text attributes and the enciphered portion of the key block, which includes the key itself.
• A digital signature computed over that same data.
• An integrity check that is an implicit part of the key-encryption process, such as what is used in the AES key-wrap process specified in ANSI X9.102 - Symmetric Key Cryptography for the Financial Services Industry - Wrapping of Keys and Associated Data.

Implementation Timeline of Key Blocks

The PCI PIN Security - Requirement 18-3 Key Blocks mandates that encrypted symmetric keys should be managed in key block structures. Key blocks must be used for all types of PIN security-relevant symmetric keys, including:

• PEK (PIN-Encryption Keys)
• KEK (Key-Encipherment Keys)
• ZMK (Zone Master Keys)
• BDK (Base Derivation Keys)
• TMK (Terminal Master Keys)

PCI has rolled out a phase-wise implementation of three phases with each having its own effective date. The main aim of dividing the process into three phases is to allow organizations to focus their resources on implementation tasks specific to their environment and to support a smooth migration across the payments network.

The phase-wise implementation plan is as follows:
 

Conclusion

Payment HSMs are widely deployed in organizations for effective management and security of crypto keys. 
The changes introduced in the PCI PIN Security Requirements in March 2021 extended the implementation deadlines for Phases One and Two, opening a compliance window for organizations that were behind schedule. The changes also encourage the adoption of TR-31 and TR-34.

The latest versions of PCI PTS HSM and PIN Security Requirements strongly mandate the compliance of key blocks. Validations carried out by older HSMs do not comply with the latest HSM security requirements and standards. They may not be able to withstand the latest generations of attacks and should, therefore, be replaced with key block-oriented, architecture-based hardware.

Utimaco’s Payment HSMs 

Utimaco offers market leading Payment HSMs securing payment, banking and fintech use cases. 

Both Utimaco’s Payment HSMs - the Atalla AT1000 and the CryptoSec Payment HSM support the TR-31 key block standard for both AES and TDES algorithms, strengthening encryption and security across use cases in the payments and banking industries.

In addition, both Utimaco Payment HSMs meet the requirements of PCI PTS HSM v3 and are candidates for PCI PTS HSM v4.

About the Author

Peter Czempas

Product Marketing Manager, Utimaco