Cryptography As A Service Barclays Crypto Application Gateway and Beyond 23rd May 2013 George French – Barclays Dan Cvrcek – Smart Architects Unrestricted distribution

Cryptography As A Service Key Management Applications Application Cryptography Interface Audit Logging Authentication BCAG / CSG Service Vendor HSM interfaces Application Key Management Cryptography Policy Enforcement Why Do Banks Use Cryptography - Traditionally as a control to mitigate risk Legal Regulatory Scheme Governance Reputation Interoperability - Recently Business Enabler for new tech The real value is to reduce the burden on existing systems to “enable more to be done” HSMs Operations and Audit 2 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Beginning … Cryptography and Business Requirement Solution lead time Encrypt data (... and decrypt possibly) day Secure key generation and management, recovery months Decryption after 30 years, huge data collections (tera bytes), multiple application support, integration > year Support and recovery after incidents Multiply by 2+ As surprising as it may sound there are very few security products that would actually work and could be managed with a small operational team. The main culprits: - integration, scalability, reliability, support 3 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Crypto Service Must Provide For … Audit Cryptography is deployed as a control to mitigate a risk it is therefore necessary to be able to demonstrate that the control is effective. Cryptographic Management The problem with cryptography is the decryption process. NEVER GIVE DEVELOPERS OPTIONS WHEN ENCRYPTING DATA Centralised Management Small teams even in multinational companies Monitoring of usage / capacity BAU operational tasks Security audits Information for business units 4 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Problem Space for The Use of Cryptography What we are trying to manage Business Capturing Business Requirements Provision of a defined operational model Project/Bespoke development Testing Why Do Banks Use Cryptography - Traditionally as a control to mitigate risk Legal Regulatory Scheme Governance Reputation Interoperability - Recently Business Enabler for new tech The real value is to reduce the burden on existing systems to “enable more to be done” 5 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Problem Space for The Use of Cryptography What we are trying to manage Business Capturing Business Requirements Provision of a defined service Risk Mitigation Bullet Build Requires Specialised knowledge Meet requirements Internal governance and standards compliance Infrastructure build Change management “The usual suspects” Securely building data structures Data migration Secure clustering Access control Applications Use of vendor APIs Lack of understanding in the use of cryptography Problem with support for key rollover and data migration. Implementation issues Threading API credentials Hardware Vendor lock-in Bespoke development of processes and procedures that are specific to the vendors products. Under utilisation of hardware Due to the HA requirements of standard patterns and the requirement for application segregation based on the current deployed HSM products. Cost 6 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Problem Space for The Use of Cryptography What we are trying to manage Business Capturing Business Requirements. Provision of a defined service. Risk Mitigation Bullet Requires Specialised knowledge Meet requirements Internal governance and standards compliance Infrastructure build Change management Build Hardware Utilisation Project model delivers variances Patch and Security Vulnerability Management Operation impact of outages “Non-functional” Requirements Operation Management and support issues of device Location of HSMs HSMs are located in the Data Centres, access is restricted Manual intervention required Change configurations Key change (LMK) Collection of Diagnostic Information 7 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Problem Space for The Use of Cryptography What we are trying to manage Business Capturing Business Requirements. Provision of a defined service. Risk Mitigation Bullet Build Requires Specialised knowledge “The usual suspects” Internal governance and standards compliance Operation Hardware Utilisation Project model delivers variances Patch and Security Vulnerability Management Operation impact of outages Compliance Regulatory and scheme compliance Internal Audit Customer Due diligence 8 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Problem Space for The Use of Cryptography What we are trying to manage Business Capturing Business Requirements. Provision of a defined service. Risk Mitigation Bullet Build Requires Specialised knowledge “The usual suspects” Internal governance and standards compliance Operation Hardware Utilisation Project model delivers variances Patch and Security Vulnerability Management Operation impact of outages Compliance Regulatory and scheme compliance Internal Audit Customer Due diligence ... I know nothing short of impossible but here we go 9 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

BCAG Cryptographic Approach Separating use from management and configuration Use (business units): Request system authentication credentials (e.g., password); Do Crypto – e.g., Api.Encrypt(“CC_Number”, “ME”, “Main_DB”, <transaction>) Management (BU and Crypto Operations): Policy – what business functions (e.g., encrypt credit card number), how many parties (DB, web app, middleware, …). Technical (Crypto Operations): how many keys, algorithms, crypto modes, key lengths, key validity, and so on. It is possible to provide cryptographic solutions by providing two of the points e.g. API and a cryptographic provider or Crypto provider and Key management The first implementations of hardware based cryptography required bespoke vendor APIs to support applications. The next stage was the addition of simple Key Management functionality which again was vendor specific. This is the situation that we find ourselves in today with three separate Key Management systems that do not interoperate without manual key management operations taking place. It is worth noting that a number of standards (de facto and Standards Bodies) have been developed, but they deal with specific instances of cryptography, business sectors or products e.g. PKCS#1 – 16 Various uses of RSA based Asymmetric based cryptography from RSA Labs X 509 Exchange and use of Asymmetric keys from ANSI MSCAPI Cryptographic support for Microsoft applications from Microsoft BSAFE Cryptographic toolkits provider from RSA Control Vectors Key Management from IBM LMK Variants Key Management from Thales ACL Key Management from nCipher GSS-API API Framework from IETF X9.24 pt1/2 Key Management (Banking) from ANSI With any of the APIs described above there is the problem of vendor implementation and vendor lock-in, coupled with the reluctance of vendors to build solutions that support high levels of integration between other vendor’s products and services. This gives raise to the following issues: If we standardise on specific vendor then either the bespoke APIs or Key management implementations of the vendor will need to be integrated into applications. Change of vendor would require a change to applications. Reliant on sole provider It is possible for applications to adopt certain standards (e.g. PKCS#11); to try and de-couple vendor specific Application API implementations. In the case of PKCS#11 this would decouple the application API but there would still be a reliance on the vendor’s implementation and key management solution. Also the wholesale adoption general encryption APIs such as PKCS#11 do not allow for the deployment of business specific cryptographic mechanisms i.e. for the banking sector PIN block translation, CVV generation etc. In order to be vendor agnostic, a different approach to the provision of cryptography is required. To address this the HSM Farm was developed. 10 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

BCAG Business Approach Pay for what you use Centralised use of resources (people, hardware, network, …) HSMs used “per operation”, not “per project”. Commissioning of cryptographic system components by Crypto Operations skills; volume; and single place for deployment and management -> strategy. Decoupling components (i.e., HSM) from applications Eliminate vendor lock-in; and Introduce service-based architecture with replaceable products. 11 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

What Does It Look Like – Architectural Blocks Business Crypto support (1st line) Solution support (2nd line) Product support (3rd line) 12 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

System Mechanics - Onboarding Administrative process for enrolling new business application to BCAG Capture Business Requirements The most difficult part as the business does not usually have a structured description of cryptographic requirements Convert BR to policy specification Semi-automated process that generates a BCAG policy definition Amend BCAG access control with new “user” privileges Key generation and deployment (manual or semi-automatic process) Use. 13 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Mechanics - Operation And 3 pieces of information that have to align: Authentication details = username and password Policy = username and authorised operations and key locator data Crypto Key definitions = key value and key locator data 14 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Doing Crypto - Key Lookup Traditionally Key Label = Key Value You change a key value, you get a new key label The new key label has to be propagated to all applications using the old key BCAG Approach Structured key locators: user, function, base_function, from, to Algorithm for locating keys Dynamic, as it does not use 1:1 mapping but lookup algorithm Efficient – 2 layers of caching of recently used keys 15 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Key Lookup – BCAG 16 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Beyond Large data processing; we talk about Daily encryption of giga and terabytes of data Protection of archives with 100,000s of DB tables Composite cryptography Grouping cryptographic operations into transactions that require specific order of operations Breach of a transaction is a potential data compromise Centralised key management Replacement of manual key loading to HSMs with an automatic process to minimise human errors and increase security 17 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Beyond … banking Platform for mobile app cryptography Platform for financial services for future applications Providing API and system for banking transactions to developers without actually building a bank Being able to build own virtual Central Bank with a few button clicks All this requires something like BCAG to: Access to payment schemes (VISA, MasterCard) Strong cryptographic system able to ensure pre-defined security properties (like cheating, counterfeiting … within the model of a virtual world) In some cases compliance with financial regulations 18 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Thank you for your attention! Dan@SmartArchitects.co.uk George.French@Barclays.com

Security Policy – Two Abstractions Use - Visible for Business Units Users just names, possibly with domain (e.g., LDAP) And authentication options (specs for tickets) User groups – just names Alias – just names for required crypto operations Manage - Internal to Crypto Management Params – the technical bit, e.g. [PARAMS CookieParams] ManagedEncryption=false Cipher=AES KeySize=128 ModeOfOperation=CBC IV=Random Padding=NoPad 20 | Cryptography as a Service 23rd May 2013 Unrestricted distribution

Doing Crypto - Key Lookup as You Know It 21 | Cryptography as a Service 23rd May 2013 Unrestricted distribution