Encryption Planning Overview

Cryptography is the science of transforming data so that it is interpretable only by authorized persons. Data that is unencrypted is called plaintext. The process of disguising plaintext data is called encryption, and encrypted data is called ciphertext. The process of transforming ciphertext back to plaintext is called decryption. The Texas Administrative Code states that, "encryption techniques for storage and transmission of information shall be used based on documented court security risk management decisions.”

Cryptography relies upon two basic components: an algorithm and a key. Algorithms are complex mathematical formulae, and keys are strings of bits used in conjunction with algorithms to make the required transformations. There are two basic types of cryptography: symmetric and asymmetric. Each has advantages and disadvantages. Most current cryptographic applications combine both techniques to exploit the strengths of each type.

Symmetric-key cryptography—Two or more parties share the same key, which is used to both encrypt and decrypt data.
Asymmetric-key cryptography—Asymmetric-key cryptography (also called public-key cryptography) uses a pair of keys (pairs of numbers) that allows data encrypted with one key to be decrypted by the other key.

Management’s ability to monitor internal communications or audit internal computer systems may be impacted by the use of encryption. If a user encrypts outgoing email messages or the content of a hard disk drive, system administrative personnel will be unable to audit such messages and files. Also, if the decryption keys are lost, the data may then be permanently lost.

The Department of Information Resources’ (DIR) SRRPUB13 publication provides guidance on Digital Signatures and Public Key Infrastructure (PKI) that may be useful.

Encryption Planning Standards

Minimum Security Option

Description

Benefits

Disadvantages

Use approved encryption tools such as Secure Socket Layers (SSL) and IPSec to encrypt sensitive data traversing an un-trusted network.

Lower cost.

Does not protect data in storage. Slow speed.

1. If information that is considered to be sensitive or confidential, such as adjudication, credit card, or juvenile case information, traverses an un-trusted public network, such as the Internet, then the data shall be encrypted with at least 128-bit encryption. Options for encrypting data in transit include:

Secure Socket Layers (SSL) – which use public key cryptography to encrypt Web application sessions between the user’s browser and the Web server. The Web server must have a certificate that has been generated by a Public Key Infrastructure (PKI), which can be purchased from a well known “trusted” certification authority (CA) for less than $500. Users’ browsers come pre-configured to “trust” the certificates of these well-known CAs, and browser client side certificates are not required.

Virtual Private Networks (VPN) –use software and/or hardware to encrypt data between participating networks, or clients and networks. IP Security (IPSec) increasingly is becoming the standard for providing authentication and encryption between sites. IPSec authentication is based on the exchange of keys between communicating devices.

E-Mail – e-mail systems can support some types of encryption. Major mail clients can support encryption natively using S/MIME based on PKI issued certificates. Options to S/MIME exist including PGP (“Pretty Good Privacy”).

For Web servers using SSL, the certificate shall be purchased from a recognized CA vendor. The DIR has approved the following PKI service providers:

· Baltimore Technologies plc

· Digital Signature Trust Company

· Entrust, Inc

· VeriSign, Inc

2. Encryption keys shall be considered synonymous with the courts most sensitive category of information and access to those keys must be restricted on a “need-to-know” basis. The keys to be used for encryption must be generated by means that are not easily reproducible by outside parties.

3. The following features shall be required when purchasing encryption products:

The vendor must be financially stable.
The product shall provide a way for management to recover encrypted files in the event that an employee leaves the court or the employee’s key is lost or stolen.
The product shall employ features that enhance system integrity, such as self-testing, to the maximum degree possible.

Optimum Security Option

Description

Benefits

Disadvantages

Implement a high-level encryption policy based on the court risk analysis to define how the court will use encryption technology. The encryption policy will consider security requirements and resources required. Also, the policy will address the encryption of data in storage and in transit.

High security provided by encryption performed based on management-approved policy.

More costly than the minimum-security option. Slow speed.

In addition to encrypting data in transit, the following standards shall be followed:

1. A high-level encryption policy shall be developed to establish a coordinated strategy for encryption. The policy will include:

The decision to encrypt data shall be based on documented court security risk management decisions.
Anyone using encryption products must be identified to a central coordinator and provide information about the product functionality.
Users deploying encryption for stored information must develop and document procedures for recovering the information. A copy of this recovery information must be communicated to the central coordinator.
Care must be taken to protect private keys.
A central coordinator shall monitor all user requests for certificates.

2. If the court business environment and encryption policy require the use of encryption on stored data, then a commercial product shall be used to provide the encryption. In addition, if stored data is to be encrypted, then the courts must have a way to recover encrypted files in the event that an employee leaves the court or the employee’s key has been lost or stolen. Sensitive information stored in databases shall utilize the encryption capabilities of the database management system (DBMS).

Maximum Security Option

Description

Benefits

Disadvantages

Implement a high-level encryption policy to define how the court will use encryption technology. The policy will address the encryption of data in storage and in transit. Implement a Public Key Infrastructure (PKI).

Maximum security and capabilities are provided.

Even higher costs associated with deployment of PKI. PKI technology is immature and issues exist regarding interoperability, cross-certification, token technology, and government controls.

Slow speed.

In addition to the Optimum Security Option, the courts shall:

1. Implement a public key infrastructure (PKI) to provide maximum security. PKI provides the means for verifying identity and managing encryption. The following shall be considered in implementing and/or evaluating PKI:

The PKI must provide a means for:

Adding users;
Adding new certificates to the directory;
Certificate re-key and renewal and update;
Tracking and checking certificate status (suspension and revocation) in the directory controller;
Key recovery, key escrow, or key encapsulation capabilities to allow access to encrypted information in the event of a forgotten password (protecting the private key) or loss of the private key itself (due to hardware failure);
Time stamping service; and
Services for generating random numbers, generating cryptographic keys, generating hashing or authentication codes, creating and checking digital signatures, and encrypting information.

A cost analysis shall be performed to determine whether to implement an internal PKI or to use an outsourced PKI. Deploying a PKI internally requires knowledgeable staff and upfront costs for equipment, consulting, training, and testing. However, the cost per certificate goes down significantly as the PKI system is used.

According to the Gartner group, PKI vendors such as VeriSign, Entrust, RSA, and Baltimore are currently the market leaders for this type of technology.