What is Key Management?

"Encryption is easy; key management is hard."

That classic saying neatly encompasses the need for key management: while many tools can provide encryption capabilities, where do the encryption keys come from?  Key Management is the set of administrative and operational processes needed to manage cryptographic keys used for encryption of systems or data.  Typically, key management encompasses three functions:

• Providing an encryption key for a user or system that wants to protect data
• Providing the appropriate decryption key for a user or system that wants to access encrypted data
• Allowing an administrator to specify policies that dictate who can get which keys, how keys are recovered, and how users must authenticate

How Voltage Key Management Works

Voltage employs an identity-based key management architecture that eliminates much of the complexity associated with traditional key management systems.

Voltage keys are given names (identities) that are can be used to easily reference the appropriate key.  Names are typically of the form <identifier>@<domain>, and may represent a user, a group, or even a complex policy.  Examples of key names might include:

This naming model is used both with Identity-Based Encryption (where the name can be mathematically converted into a public key) as well as with symmetric encryption algorithms such as Format-Preserving Encryption and AES (where the name is used to derive the symmetric key, as described below).

Key Generation

When a Voltage system is first instantiated, a base key is generated (a separate base key is generated for each encryption algorithm; the IBE base key is often referred to as a master secret).  A one-time backup of these base keys is performed in order to provide for disaster recovery.

When a key is requested from the Key Management Server, the key name is used to generate the actual keying material (the symmetric key in the case of symmetric encryption algorithms such as FPE, AES, and 3DES, and the private key in the case of Identity-Based Encryption).  After the requesting entity has been appropriately authenticated (described below), the Server uses a Key Derivation Function (KDF) in order to combine the base key and the key name, producing the actual keying material.

Stateless Operation

This derived-key approach enables the Voltage Key Management Server to be completely stateless. 

Traditional key management architectures are highly stateful: when a new key is required, it is randomly generated and stored within a key database or directory.  Each of these keys must be individually backed up for disaster recovery, replicated across distributed key servers for high availability, and archived for audit and compliance access.  A single key that is not appropriately stored can result in permanent loss of data.  With thousands or potentially millions of keys in a typical enterprise environment, this state can quickly become massively expensive to manage.

Because Voltage is stateless, enabling individual encryption keys to be generated on-demand from a base key, it eliminates these operational complexities.  If a key is required for disaster recovery or audit purposes, it can simply be regenerated; a one-time backup of the base keys guarantees that data can never be "lost".  Similarly, the ability to derive keys allows deployment in a highly distributed environment without the need to continuously replicate keys across servers.

	Other systems: Stateful   Voltage: Stateless           Constant backups required     One-time backup           Key replication required among servers     No replication required - all servers can derive the same keys           Lost key can result in lost data     Keys can never be lost

Key Lifecycle

In many applications, it is important to control how long keys are used to encrypt data, and to refresh keys on a regular schedule.  The Voltage Key Management System incorporates a key expiration and derivation system that allows complete management of the key lifecycle.  All keys in the Voltage System contain an inherent time reference that determines when that key is to be automatically cycled.  Voltage managed keys also can reference distinct base keys, allowing for policy-based key refreshes.

Authentication

Authentication is a critical aspect of any key management architecture; it ensures that keys are only distributed to those users or systems that are appropriately authorized.

Voltage employs a federated authentication model that allows users, systems, and applications to be authenticated using nearly any mechanism.  From the Voltage Key Management Server, security administrators can easily associate key names with the desired authentication method, including LDAP, Active Directory, single sign-on systems, client certificates, and customer portals.  For example, the key hr@company.com can be associated with an existing Active Directory group, ensuring that any member of that group is granted the appropriate access to the key.