Crypto Key Generation & Management

Ever wondered how strong your crypto keys are and whether they are secure against the ever growing threat of being compromised? The threat continues to grow daily in a world where hackers are mounting more sophisticated and complex attacks against a constantly increasing attack surface. The attacks vectors are exponentially amplified when considering the addition of new technologies and protocols in a field where change is the only constant. Based on experience and feedback, there is a need to provide robust and crypto strong security tools to empower the developers to implement infallible security into their applications and safeguard their infrastructure.

 

Crypto Gen is designed to do just that by protecting one of the most sensitive and confidential asset of an organization: crypto keys! It alleviates and abstracts the developer from the task of key generation, management and code implementation to perform the encryption & decryption operations. This is elaborated in the sections below.

Key Generation

 

Crypto Gen encompasses one of the most cryptographically strong number generators (being omitted for obvious reasons) and is FIPS-140-1 compliant. In many instances, the most difficult task is to determine what to utilize and the developer avoids the pitfall of using cryptographically weak number generators.

Key Management

 

Crypto Gen employs strong crypto to encrypt the secret and stores it into the registry under the user-defined hive. It supports user and machine stores and allows for an optional parameter for additional entropy. While handling the secret, the data is encrypted in memory by utilizing the DPAPI which uses the LSA to manage keys and decrypted via inter-process communication.

Code Implementation

 

The tool auto-generates a “customized” encryption solution based on the user’s selection and provides an API in the form of an assembly that can simply be plugged into the application to enable seamless integration. For simplicity, it exposes only two functions encrypt() and decrypt() which will encapsulate the key retrieval and utilization process.

 

The diagram below illustrates and provides a summary of this process:
 

 

Features on the Horizon

Key Replication

 

In order to scale across a large enterprise that deploys Web Farms, manageable and efficient dispersal of keys becomes a topmost priority. The overhead of disseminating the keys across the infrastructure should be minimal in order to reduce cost and utilization of valuable resources.

Key Management Server

 

Ever contemplated the implications of a system crash where the crypto keys are lost and no viable backup exists? Gigabytes or even terabytes bytes of data may suddenly become obsolete and archaic and negatively affect the organization’s customer segments.

Summary:

 

In an ever increasing hostile world, the developers require an arsenal of robust security tools in order to alleviate threats and safeguard their infrastructure against compromise. Crypto Gen caters to this need by enabling implementation of strong crypto without the traditional overhead and prevents the development team from scripting “an application within an application”. As a result, the organization will incur minimal cost to employ strong security mechanisms and yield efficient resource utilization benefits.

 

I hope you have found this article interesting, insightful and welcome your comments. Thanks,

 

Maqbool Malik

Security Technologist

Microsoft – ACE Team

Comments

  • Anonymous
    April 23, 2006
    Hi,

    I have a few queries with regards to this article.

    From what I understand Crypto Gen is a library of functions for software implementors. Is my understanding  correct?

    Does the "most cryptographically strong number generators" referred to in the article, refer to some cryptographically strong "random" number generator? This would be the generator for the crypto keys I presume.

    The reason for omitting out the details of the generator given are "..being omitted for obvious reasons)..". I think I am missing something here for the reason can't be "security by obscurity", right?

    thanks,
    Deapesh Misra.
  • Anonymous
    May 08, 2007
    PingBack from http://www.rachner.us/blog/?p=5