This section provides information and guidelines relative to hardware and software data protection techniques such as passwords, message authentication and data encryption.
State agencies, through diligent risk analysis, may determine that the risks associated with unauthorized access, disclosure or undetected data modification warrant the implementation of security measures that include one or a combination of data protection techniques.
STANDARD. Systems shall implement authentication functions that are consistent with the level of confidentiality or sensitivity of the information they contain and process.
GUIDELINES. The following determinations should be made regarding the level of authentication required for information processing systems:
1. Determine if the confidentiality and/or criticality of the information processed by the system requires stronger authentication than passwords alone. If so, the appropriate authentication device should be considered.
2. Determine which transactions will require that messages be authenticated.
3. Determine if third party authentication is required for effective authentication in distributed environments.
Authentication techniques function to protect automated information by controlling access to the assets of a data processing system. Authenticationtechniques permit validation of people's identities, hardware devices, and/or transmitted information. Validating or authenticating data and/or the identities of users, terminals, computers, and peripheral devices within a data processing system is vital to the security of the information the system processes.
Authentication schemes are based on the possession of specific knowledge, capabilities, or personal attributes. They function as challenge-response mechanisms and include password, smart card/token processing, message authentication, and fingerprint recognition techniques. Having and supplying the correct information authenticates an individual to the data processing system. Similarly, a computer, terminal, or other peripheral may be authenticated as an authorized device of a data processing system. Having and supplying the correct information when it is requested by an authorization system authenticates a device to the system.
Authentication schemes function to ascertain the authenticity of information, senders, receivers, or the related devices of a data processing system. Such schemes may function to ensure that information comes from or goes to a legitimate destination. Otherwise, data may be accidentally misrouted, printed at the wrong location, or sent to a wrong phone number. Whether incorrectly routed by human error, machine malfunction, or deliberate sabotage, an authentication scheme can disallow the receipt of information by an unauthorized individual or device.
Several types of authentication devices are available which permit the process of authentication to be inexpensively strengthened. The two most common types of authentication devices are the smart card and the smart token. Both devices strengthen the authentication process by providing its user with a unique computational capability or additional secret information.
The smart card is a passive device that requires a separate reader for operation. The smart token is an active device with keyboard and display. Both devices function in a cooperative challenge/response protocol with system authentication software.
The message authentication process enables users, devices, and processing functions to verify that received information is genuine. Specifically, it enables a receiver to validate that (1) the information originated with a specific sender, (2) the content of the data has not been changed, (3) the data is received in the same sequence as it was transmitted, and (4) the information is delivered to the intended receiver.
Trusted third party authentication services are implemented as specialized secured servers in networks employing the client/server architecture. These servers are used to authenticate clients and their respective servers to each other in a manner that avoids passing readable authentication information across the network.
Data encryption techniques are used to control access to information, protect the integrity of transactions, disguise data during transmission, and authenticate the users and devices of an information processing system.
Data encryption conceals actual data by transforming it through a special computer hardware component or specialized software from readable text to an unintelligible form called cipher. This process is achieved through the use of an algorithm and a key. Reversing the process of encryption, which transforms the cipher back into readable data, is called decryption.
Encryption techniques are used to protect against the risks associated with the transmission and storage of confidential or sensitive information. Data encryption is used in communications environments to protect against unauthorized or accidental access to information, in that it prevents recipients of encrypted data from interpreting its meaning. Additionally, data encryption is used to detect the modification of transmitted data. With the use of other software and hardware protective schemes and adequate backup facilities or copies, information recovery procedures are initiated in cases where data is modified or destroyed during transmission.
Encryption is also used in conjunction with data storage devices such as magnetic tapes and disks. In this application, data is encrypted for storage and then transformed to readable information prior to being processed.
STANDARD. It will not be a requirement at this time for agencies to use data encryption techniques for storage and transmission of data. However, those agencies who choose to employ data encryption shall adopt the Data Encryption Standard, also referred to as the DES algorithm, which is defined in the Federal Information Processing Standard Publication 46-1 (FIPS PUB 46-1). It is highly recommended that electronic fund transfer (EFT) systems use the Data Encryption Standard (DES). For systems employing encryption, procedures shall be prescribed for secure handling, distribution, storage, and construction of data encryption standard (DES) key variables used for encryption and decryption. Protection of the key shall be at least as stringent as the protection required for the information encrypted with the key.
DES has been adopted as a standard by the Federal government. Additionally, it has been approved as a standard by the American National Standards Institute (ANSI) and the American Bankers Association.
GUIDELINES. The following publications provide additional information regarding the standard implementations and use of DES technology.
1. Communication Equipment. Federal Information Processing Standard (FIPS) 1027 specifies the requirements for DES-based cryptographic communications equipment for government applications handling public interest information not affecting national security.
2. Message Authentication. The American National Standards Institute's (ANSI) X9.9 standard is employed in financial institution message authentication. It utilizes DES and a secret key to compute a financial message cryptographically derived checksum called a Message Authentication Code (MAC).
3. Key Management. Detailed guidelines for implementing key management functions can be found in ANSI Financial Institution Key Management Standard X9.17. The standard addresses the issue of wholesale financial institution key management. It describes a standard level of protection to ensure the security of keying material and the key management facility.
The costs associated with a hardware and software data encryption system vary greatly. Generally, costs are dependent upon the type of system each agency is using to protect its information. Is it a personal computer or mainframe system? How many secure nodes are required in the system? With respect to the benefits and costs associated with a data encryption system, consider the following:
Keys are an essential part of authentication and data encryption processes. Authentication and encryption keys are relatively short sequences of numbers or characters that are selected by the user or electronically generated by hardware devices.
A key is required as input by authentication and data encryption devices and is used in conjunction with an algorithm to encrypt and decrypt information or authenticate messages and the identities of users and devices.
Since most encryption algorithms are published and well known, the security of the data being processed is dependent upon the secrecy of the key. The destruction or loss of the key is equivalent to the loss or destruction of the data itself.
Encryption techniques can be divided into two general categories, symmetric or private key techniques and asymmetric or public key techniques. In private key encryption, the receiver of a message uses the same key to decrypt the message as the sender used to encrypt the message. Public key encryption provides both the sender and receiver with two keys, one private and one public. Private keys are the secret of their users, while public keys are openly available via a directory. When public key encryption is used, the sender encrypts the message in the public key of the intended receiver. Upon reception, the message is decrypted with the receiver's private key. Public key encryption technology simplifies the processes of key distribution and implementation of authentication functions. For these reasons, public key encryption technology is specified as part of the OSI X.500 Directory Service. However, no standards have been adopted for the specific public key encryption algorithm that will be employed. Until such standards exist, public key encryption technology is not recommended for use.
The functions associated with generating, distributing, storing, protecting, and destroying authentication and data encryption keys are collectively referred to as key management. Without adopting internal policies and procedures that address key management issues, an agency risks serious security problems. Specifically:
Key management functions should be designed to protect authentication and data encryption keys and associated materials from unauthorized disclosure, substitution, insertion, deletion, and recording. Unauthorized attempts to access key management information should be detectable and unsuccessful.