PCI DSS has incorporated new requirements in the latest version 3.2.1. Within the new requirements for service providers, there is one of the requirements (3.5.1) which requires maintaining the documented cryptographic architecture where the algorithms, protocols and keys must be detailed including the strength of the key and the expiration date of this. For these last two concepts, it is important to include defining the cryptoperiod. We discuss the most common challenges and best practices on how to deal with cryptoperiods.
How to define the cryptoperiod?
The encryption period is a value that determines how long the encryption keys are considered secure. This value depends on the technology robustness and the use and key management.
This definition should not be chosen at random value or take as reference the typical password policies that ask a quarterly or annual change. If you take this as a starting point you might take a wrong turn, because it is not always correct. And in addition, it can make system maintenance tasks unnecessarily difficult. Therefore, a correct definition must be based on technology and the key management process, implemented also considering the risk associated with the protected resources.
We support the recommendations made by NIST (National Institute of Standards and Technology) about when and how the keys are used to protect the data and how to choose and apply the appropriate cryptographic periods.
Different key types
Cryptographic keys are usually divided into two big groups, symmetric and asymmetric keys. The asymmetric keys are formed by a mathematically related pair consisting of a public and private key and only the public key must be kept secret. The symmetric keys fundamentally depend on private keys, which must always be kept secret. The NIST recommends expanding this definition to specify the keys according to their type and use, generating an inventory of keys that are required by PCI DSS as well.
Each key must be used for a single purpose, whether for encryption, authentication process or for digital signatures. Because the use of a key for two different cryptographic processes could weaken the security required by the processes. By restricting the use of a single key for its sole purpose you can restrict the damage if the key is compromised.
Cryptoperiod and limitations
The Cryptoperiod is the period of time during which the use of a specific key is authorised. A well-defined encryption period should be limited to:
- Limits the amount of information protected by a given key that is available for cryptanalysis
- Limits the amount of exposure if a single key is compromised
- Limits the use of a particular algorithm (e.g., to its estimated effective lifetime)
- Limits the time available for attempts to penetrate physical, procedural, and logical access mechanisms that protect a key from unauthorized disclosure
- Limits the period within which information may be compromised by inadvertent disclosure of keying material to unauthorized entities
- Limits the time available for computationally intensive cryptanalytic attacks (in applications where long-term key protection is not required)
Sometimes cryptoperiods are defined by an arbitrary time period or maximum amount of data protected by the key. However, trade-offs associated with the determination of cryptoperiods involve the risk and consequences of exposure, which should be carefully considered when selecting the cryptoperiod.
Risk Factors Affecting the Cryptoperiods
Among the factors affecting the length of a cryptopperiod are:
- The strength of cryptographic mechanisms
- The embodiment of the mechanisms
- The operating environment
- The volume of information flow or the number of transactions
- The security life of the data
- The security functions
- The re-keying method (e.g., keyboard entry, re-keying using a key loading device where humans have no direct access to key information or remote re-keying within a PKI)
- The key update or key-derivation process
- The number of nodes in a network that share a common key
- The number of copies of a key and the distribution of those copies
- Personnel turnover
- The threat to the information from adversaries (e.g., whom the information is protected from, and what are their perceived technical capabilities and financial resources to mount an attack)
- The threat to the information from new and disruptive technologies (e.g., quantum computers)
Taking NIST’s recommendation to use short cryptographic modifications can mitigate the risk that cryptographic algorithms are less susceptible to cryptanalysis.
In general, the more a key is used, the greater the likelihood of the data being attacked and the risk if they are revealed. Important is that the keys are replaced periodically and when it is known or suspected that they are at risk.
NIST recommends a useful life of about one or two years for most cryptographic delays. This depends on the key type, the environment in which it is used and the characteristics of the data that is protected. In some cases, a recommended encryption period could be longer, between one and three years with private signature keys or it could be limited to a single communication, as could be the case with a symmetric data encryption key.
Sources:
NIST SP800-57 Part 1 Revision 4: A Recommendation for Key Management (2016) by Elaine Barker