S 1.7 Crypto-concept
Description
This module describes an approach for effectively protecting both the data stored locally as well as the data to be transmitted in a heterogeneous environment using cryptographic methods and technologies. To describe the approach, the module explains how and where cryptographic methods and the corresponding components can be used in a heterogeneous environment. Since a large number of complex influencing factors need to be considered when using cryptographic methods, a cryptographic concept should be created for this purpose.
This module therefore describes how to create a crypto-concept. It starts with the requirements determination and the survey of influencing factors and continues with the selection of suitable cryptographic products and solutions, and also includes awareness-raising and training measures for the users and the cryptographic contingency plan.
This module can also be referred to even if only one cryptographic product needs to be selected for one of the possible areas of application. In this case, some of the steps described in the following can be omitted, and you only need to go though the parts relevant to your particular area of application.
In order to implement this module, it is necessary to have a basic understanding of the fundamental cryptographic mechanisms. An overview of cryptographic terminology can be found in S 3.23 Introduction to basic cryptographic terms.
Threat scenario
Cryptographic methods are used to guarantee the following:
- confidentiality,
- integrity,
- authenticity and
- non-repudiation.
For this reason, primarily the following threats to cryptographic methods are examined for IT-Grundschutz:
Organisational Shortcomings
| T 2.1 | Lack of, or insufficient, rules |
| T 2.2 | Insufficient knowledge of rules and procedures |
| T 2.4 | Insufficient monitoring of security safeguards |
| T 2.19 | Inadequate key management for encryption |
Human Error
| T 3.1 | Loss of data confidentiality or integrity as a result of user error |
| T 3.32 | Violation of basic legal conditions for the use of cryptographic procedures |
| T 3.33 | Improper use of cryptomodules |
Technical Failure
| T 4.22 | Software vulnerabilities or errors |
| T 4.33 | Poor-quality or missing authentication |
| T 4.34 | Failure of a cryptomodule |
| T 4.35 | Insecure cryptographic algorithms |
| T 4.36 | Mistakes in encrypted data |
Deliberate Acts
| T 5.27 | Repudiation of a message |
| T 5.71 | Loss of confidentiality of classified information |
| T 5.81 | Unauthorized use of a cryptomodule |
| T 5.82 | Manipulation of a cryptomodule |
| T 5.83 | Compromising cryptographic keys |
| T 5.84 | Forged certificates |
| T 5.85 | Loss of integrity of information that should be protected |
Method recommendation
To secure the information system examined, other modules will need to be implemented in addition to this module. These modules are selected based on the results of the IT-Grundschutz modelling process.
In addition, the following fundamental steps need to be taken in the area of cryptographic methods:
Development of a cryptographic concept
A large number of factors influence the application of cryptographic methods. The IT system, the amount of data, the desired level of security, and the availability requirements are just some of these factors. For this reason, it is necessary to develop a concept at the beginning that takes all influencing factors and criteria used to select the specific cryptographic method and the corresponding products into account, but that is also financially and economically feasible at the same time (see S 2.161 Development of a cryptographic concept).
Determination of the requirements for the cryptographic method
A requirements catalogue must be created that describes the influencing factors and selection criteria used as a basis for selection of the cryptographic method (see S 2.162 Determining the need to use cryptographic methods and products and S 2.163 Determining the factors influencing cryptographic methods and products). Cryptographic methods can be used in various layers of the ISO/OSI layer model. Their use in certain layers is recommended depending on the requirements determined or applied threats (see also S 4.90 Use of cryptographic methods on the various layers of the ISO/OSI reference model).
Selection of a suitable cryptographic product
After all general conditions have been determined, it is necessary to select a product that offers the security functionality described in the crypto-concept (see S 2.165 Selection of a suitable cryptographic method). Such a product, which is referred to in the following as a crypto module, can consist of hardware, software, firmware, or a combination of these as well as the components needed to execute the cryptographic processes such as memory, processors, buses, power supplies, etc. A crypto module can be used to protect sensitive data and information found in a wide variety of computer or telecommunication systems.
Appropriate use of the crypto module
A crypto module needs to meet a series of security requirements, even during live operation. In addition to the security of the data to be protected by the crypto module, it is also particularly important to protect the crypto module itself against direct attacks and manipulation (see S 2.166 Provisions governing the use of crypto modules).
The security-related requirements placed on the IT systems on which the cryptographic methods will be used can be found in the corresponding system-specific modules.
Contingency Planning
Contingency planning includes:
- Data backups when using cryptographic methods (see S 6.56 Data backup when using cryptographic methods), i.e. backing up the keys, the configuration data of the products used, and the encrypted data,
- Obtaining the latest information on security gaps and how to react to them.
The bundle of security safeguards relating to the crypto-concept are presented in the following. Safeguards from other modules are not repeated here.
Planning and design
| S 2.161 | (A) | Development of a cryptographic concept |
| S 2.162 | (A) | Determining the need to use cryptographic procedures and products |
| S 2.163 | (A) | Determining the factors influencing cryptographic procedures and products |
| S 2.164 | (A) | Selection of a suitable cryptographic procedure |
| S 2.166 | (A) | Provisions governing the use of crypto modules |
| S 3.23 | (W) | Introduction to basic cryptographic terms |
| S 4.90 | (W) | Use of cryptographic procedures on the various layers of the ISO/OSI reference model |
| S 4.433 | (Z) | Use of data medium encryption |
| S 4.435 | (Z) | Self-encrypting hard disks |
| S 5.63 | (Z) | Use of GnuPG or PGP |
| S 5.67 | (Z) | Use of a time stamp service |
| S 5.110 | (Z) | Protection of e-mail with SPHINX (S/MIME) |
Purchasing
| S 2.165 | (A) | Selection of a suitable cryptographic method |
| S 4.85 | (Z) | Design of suitable interfaces for crypto modules |
| S 4.88 | (A) | Operating system security requirements when using crypto modules |
Implementation
| S 2.46 | (A) | Appropriate key management |
| S 4.86 | (A) | Secure separation of roles and configuration with crypto modules |
| S 4.87 | (Z) | Physical security of crypto modules |
| S 4.89 | (Z) | Emission security |
Contingency Planning
| S 6.56 | (A) | Data backup when using cryptographic methods |