The key to strong encryption: Matching the right tools to the job

Cryptography can be a powerful tool—so powerful, in fact, that the federal government has regulated the export of the technology for national-security reasons. But no matter how strong it is, no single cryptographic tool can solve all your data security needs.

Security technologies each have strengths and limitations, even when they use the same types of algorithms and key strengths.

“Organizations have to think about what type of threats they want to protect against, and that will determine the type of technology used,” said Karen Scarfone, a computer scientist at the National Institute of Standards and Technology, who helped write NIST’s guide to storage encryption.

Is the data to be protected at rest or in transit? Where is it being stored? Is it sensitive or highly classified? How valuable is it to someone else? How long is it likely to remain valuable? Are you worried primarily about theft or about loss? Answers to questions such as those can help determine whether you want a broad tool such as full-disk encryption, a more granular tool such as file encryption, or a specialty tool such as format-preserving encryption. Your answers can help determine what strength key you should be using.

With the increasing power of small handheld devices and growing efficiency of cryptographic tools, the computational overhead of cryptography is becoming less of an issue when selecting a tool. Organizations probably should go with the strongest cryptographic tools available, experts say, because bad guys can more easily crack encryption as computers become more powerful.

“If you start out strong, you probably will be able to use it longer,” Scarfone said.

However, strong cryptographic tools are not enough, said Terence Spies, chief technology officer of Voltage Security. “It doesn’t excuse you from doing the other things you should do,” such as using firewalls and anti-malware tools, monitoring network activity, and defining access policies, Spies said.

Cryptography is the scrambling of a message according to a formula or algorithm so that only someone with the proper key can unscramble and read it. It has been around for millennia, but until recently, it has been used largely by governments because of the difficulty of generating, distributing and securing the keys that are adequately strong and complex.

“The big challenge is: How do you protect the keys?” said Wayne Grundy, director of the Transglobal Secure Collaboration Program (TSCP). “We’re using the standards that have been laid down by the government.”

TSCP was formed in 2002 by the United Kingdom's Ministry of Defence to define technical specifications for secure collaboration between governments and among contractors. Its members include the U.S. Defense Department, the Dutch government, and a handful of major international defense contractors, including BAE Systems, Boeing, EADS, Lockheed Martin, Northrop Grumman, Raytheon and Rolls-Royce.

Specifications for a secure e-mail standard developed by TSCP use a trusted public-key infrastructure model, similar to the U.S. government’s Federal PKI Bridge. The specifications also include a set of policies and procedures for vetting and managing an organization's identity and access controls. This would assure users that an e-mail is securely encrypted and the senders and receivers are who they say they are and are entitled to access the contents.

Although the U.S. government is still a leader in strong cryptography, the development of powerful computing technology and invention of public-key cryptography have moved it into the private sector.

“Government and business are more closely aligned now than they ever were before,” said Jeff Nigriny, president of identity management company Certipath.

Banks and other businesses use PKI routinely for online transactions, and it is being implemented throughout the defense supply chain to enable secure collaboration.

“All of these things are hallmarks of a maturing industry,” Nigriny said.

Encryption essentially is a way to simplify the job of securing information, Spies said. It enables access to a large amount of information through a small amount of data: the encryption key.

“You don’t have to hide the data anymore, you just have to hide the key,” he said. “And when you know who has the key, you know who has access to the data.”

Building blocks

However, encryption is only part of an overall strategy for security, and effective encryption is built on good identity management and access policies. “One of the most basic jobs is to express who should have access to any data,” Spies said.

A more basic task is identifying data to protect. “If you are going to have a policy on who can have access to data, you have to know what data you have,” he said.

After you have identified data, you can evaluate the threats your organization faces and begin to think about the technology you need to counter them.

There is a traditional trade-off between the strength of encryption and its impact on a system’s performance. That has led to the practice of using the minimum strength necessary to affect performance as little as possible.

“People want security to just work, without adding any overhead,” Spies said.

The standard for Internet commerce for some time has been the 1,024-bit RSA encryption key. The RSA algorithm uses public/private key pairs to encrypt and decrypt data. If someone could figure out the two prime numbers used to generate the public key, that person could derive the private key and decrypt the data. The size of the key determines how hard it is to calculate. It still takes months or years to factor a 1,024-bit key, but the task becomes easier as more computing power becomes available. Many experts consider the protection offered by a 1,024-bit RSA key to be minimal, at best.

“It is time to move on” from 1,024, said Bill Lattin, chief technology officer of Certicom, a PKI company.

How far you should move depends on several things, Lattin said. One is the value of your data. Is it worth someone spending a year harnessing a distributed network of computers to crack a key? If it is, use a key that will take 10 years to crack. Another issue is how long the system you are using will be fielded and the longevity of your data.

For ephemeral data, such as a stock trade, 1,024-bit encryption might be acceptable. Personal information and state secrets need longer protection. And utility companies are in the process of fielding smart meters that will provide two-way communication between a power grid and a consumer’s home to improve efficiency. That infrastructure will be in the field for 20 years or more, so security must be strong enough not only to last 20 years but also to survive much stronger attacks that will be possible 20 years from now.

Implementing encryption without excessively taxing today’s technology is becoming easier. One development is elliptic curve cryptography, a type of algorithm that is demonstrably more secure than RSA with much shorter key lengths. Certicom is a supplier of ECC technology.

“You’re talking to a biased source, but we certainly believe ECC will be the future of cryptography,” Lattin said.

ECC can provide the equivalent protection of a 3,072-bit RSA key with just 256 bits and the equivalent of a 15,360-bit RSA key with 512 bits. Such improvements are making it easier to get strong security on small devices. Encryption company PGP supports the Research In Motion BlackBerry and Microsoft Windows Mobile devices, providing the same look and feel for the user as for the desktop system.

“Mobile devices are becoming another endpoint within the enterprise infrastructure,” said Doris Yang, PGP's mobile products manager. The BlackBerry is the top enterprise tool, with Windows Mobile devices a close second, she said. But the approach PGP takes to these two types of devices are different.

Because the BlackBerry is primarily an e-mail tool, PGP supports e-mail encryption. Windows Mobile is an operating system for a more full-featured computer, so PGP focuses on disk and file encryption for it.

Agencies generally are required to encrypt sensitive data that residies on mobile devices, from laptop PCs to handheld devices, and there are a variety of techniques to choose from, including full-disk encryption, virtual disk or volume encryption, and file and folder encryption.

“They use the same cryptographic algorithms and the same strength keys,” Scarfone said, but they serve different purposes. Choosing the proper technique with the right algorithm and the right strength key requires a standardized way of comparing them.

“NIST has made standardization of encryption their business,” Nigriny said.

The standards are required only for government users, but they also are available for the private sector. NIST provides guidance on choosing the appropriate kind of cryptography in Special Publication 800-111, “Guide to Storage Encryption Technologies for End User Devices.”

“The appropriate encryption solution for a particular situation depends primarily upon the type of storage, the amount of information that needs to be protected, the environments where the storage will be located, and the threats that need to be mitigated,” the guidance states.

“We’re not trying to tell you how to secure a particular operating system or type of device,” Scarfone said. “The difference in the technologies is the type of threat they protect against.”

Types of encryption

Full-disk encryption, as its name implies, encrypts an entire drive so that a device cannot be booted without a credential to access the key to decrypt the disk. Because it is decrypted when booted, “it will only provide protection when the device has been powered off,” so it protects primarily against theft or loss of a device, Scarfone said. This is more important for mobile devices than desktop PCs.

Virtual disk encryption or volume encryption encrypts most of the drive but not all of it. An encrypted device can be booted without decrypting, but authentication is needed to access data.

“It helps to protect against things like malware,” which cannot see the encrypted data, and any data stolen from the device is not usable to a third party. It also gives protection in case of theft or loss.

File and folder encryption is more granular, allowing the encryption of specific files or folders. This method can be convenient because it allows a user to encrypt only data that is sensitive but can be less convenient because it can mean decrypting multiple files to access them.

“You want to choose the cryptographic method that is going to protect against the threat you want protection from,” Scarfone said. But regardless of the type of encryption used, the bias should be toward stronger rather than weaker keys. “In most cases, there is no reason not to use the strongest encryption you can,” she said.

Overkill is not a problem, because the strength of the attacks you are protecting against inevitably will grow over time, so strong encryption can help prepare systems and devices for future attacks. And although decryption requires an extra step in accessing data, the difference in performance varies little between weak and strong.

Of her own experience with full-disk encryption, Scarfone said, “it takes a little longer to boot up and shut down, but it is a matter of seconds, and I don’t notice any difference in performance.”