S 2.165 Selection of a suitable cryptographic product

Initiation responsibility: IT Security Management

Implementation responsibility: IT Security Management

The spectrum of cryptographic applications is very wide, ranging from simple programs for file encryption on a single-user PC through firewall computers with crypto functions for protecting a local network to the real-time hardware encryption of video conferences. Given this range, it is plain that recommendations on the selection of cryptographic products have been kept to generalities.

Before a selection is made, the user should determine all requirements that the product is expected to meet. The selected product should cover the user's requirements to as great an extent as possible.

Functionality

The selected product must exhibit the functionality specified by the user; in particular, it must:

• perform the required basic cryptographic services

• satisfy any special requirements imposed by the application environment (e.g. single-user/multi-user PC, LAN environment, WAN link)

• exhibit the required technical performance characteristics (e.g. throughput rates)

• offer the required security functionalities; in particular the cryptographic mechanisms used must be of the required strength

Interoperability

The selected product is generally incorporated into an existing IT environment. It must be as interoperable as possible within that environment. It is essential to observe internal standards in order to ensure interoperability with the IT system and system components already in place. The use of international standards for cryptographic techniques should be a matter of course; among other things it makes it easier to evaluate the security of the cryptographic component.

Cost-effectiveness

The selected product should be as cost-effective as possible. Procurement costs, the quantities required and the costs of maintenance and product updating must be taken into account, but also the savings made through any rationalisation effects.

Certified products

Over the past decades, an internationally recognised methodology for evaluating IT security products has become established: the European ITSEC (Information Technology Security Evaluation Criteria) and the subsequent development, CC (The Common Criteria for Information Technology Security Evaluation). The ITSEC and CC provide a framework within which the security functionalities of an IT product can be fitted into a precisely specified hierarchy by the application of established criteria. The information security authorities of several countries have each set up a national certification scheme according to these criteria.

The use of a certified product provides a guarantee that the security functionality of the product has been independently tested and does not fall below the standard specified in the evaluation level (see also S 2.66 Consideration of the contribution of certification to procurement).

Imported products

In several countries, especially in the USA, the export of strong cryptography is at present (still) subject to severe restrictions. In particular, the strength of essentially strong encryption products is artificially diminished (by reducing the number of possible keys). These artificially weakened procedures do not generally reach the mechanism strength necessary for medium-level protection requirements.

In Germany and most other countries, cryptographic products are not subject to any restrictions when used within the national boundaries. When imported products are used, attention should always be paid to whether they provide the full range and scope of capabilities.

Transnational use

Many companies and agencies are increasingly faced with the problem that they also want to secure their international communications, for example with overseas subsidiaries, by cryptographic means. First it is necessary to examine the following points:

• Whether restrictions on the use of cryptographic products have to be observed in the countries concerned

• Whether any export or import restrictions applying to products under consideration have to be observed

Security against improper use and malfunctions

The dangerous aspect of cryptographic products is that they lull users into a (sometimes false) sense of security: no problem: it's all encrypted"! This is why measures against being compromised as a result of operating errors or technical failure are particularly important, because their consequences cannot be limited to a simple defect but may immediately lead to a security breach. However, there is a large range in terms of redundant system design and additional monitoring functions and hence equipment costs so that in this regard the measures have to be determined in each individual case, in accordance with requirements.

Implementation in software, firmware or hardware

Cryptographic algorithms can be implemented in software, firmware or hardware. Software implementations are usually controlled by the operating system of the respective IT system. The term firmware covers programs and data which are permanently stored in hardware in such a way that the stored contents cannot be dynamically altered, nor can they be modified during execution. Hardware solutions entail the implementation of cryptographic procedures directly in hardware, for example as a separate security module or as a plug-in card.

It is not possible to offer any general recommendation on which type of implementation should be chosen, because various factors have to be weighed up before the decision is made:

• The protection requirements applying to the data to be protected by the cryptographic procedure, or the security level aimed for

• The intended data throughput

• Economic considerations and constraints

• The operating environment and surrounding safeguards

• National classification of the data being processed, if applicable

Software solutions offer the advantage of being easily adaptable and low-cost. Hardware implementations generally offer both greater resistance to manipulation (and therefore greater security) and a higher throughput rate than software implementations, but they are usually also more expensive.

Firmware solutions can be seen as a compromise between the two other options. However, the advantages and disadvantages of each implementation always relate only to local aspects (including key management, above all). Once the data has been encrypted and is on the communication path, the way in which the encryption came about is essentially no longer relevant.

One example of (relatively) inexpensive, transportable and user-friendly crypto modules is chip cards, which can be used in the field of local encryption as a secure storage medium for cryptographic keys or in the field of authentication for password generation and encryption.

When all of the requirements to be met by the cryptographic product have been defined, you have at your disposal a portfolio of requirements which can then also be used directly in an invitation to tender, should one be necessary.