Google Site Search

Google
 

Tuesday, July 1, 2008

Key Management - Oasis EKMI and IEEE P1619

InformationWeek has an article titled "Oasis' open Enterprise Key Management Infrastructure initiative promises less-complex encryption. But will vendors get on board?", written by David Brown.
Information security pros do put stock in encryption--it was named the third-most-effective security practice in our most recent Strategic Security Survey, behind only firewalls and antivirus products. However, there have been obstacles along the path to ubiquitous encryption of data, including weak ciphers, deployment and integration issues, and, perhaps most notably, key management.


It is very critical that the issue of key management is tackled with utmost importance. PKI/Asymmetric Encryption is all fun and good but they internally do latch on to symmetric encryption during a transport layer handshake such as SSL/TLS(with the generation of session key during the handshake). Symmetric encryption is here to stay in the industry.

It is very easy to do encryption with keys, but managing keys is NOT EASY.

EKMI is trying to secure security systems mainly at layer 7. If you secure data at any of the lower layers, you still expose your applications to breaches, because breaches can occur at higher layers.

NOTE: I am a secretary of the EKMI Technical Committee. I would very much liked to see a little more detail on EKMI efforts in the Information Week article rather than a bird's eye view.

Related Efforts:
IEEE P1619 is an effort by IEEE for encrypting stored data. The IEEE efforts work close to the network later. EKMI focuses at the layer 7.

http://events.oasis-open.org/home//forum/2008/schedule has a session on PKI and EKMI by Tomas Gustavsson, Co-Founder, PrimeKey Solutions AB

No comments: