Optimal Security End to End
It's possible to implement data encryption in hardware and software
- By Luther Martin
- Aug 01, 2011
Too often, the need for greater security is recognized only after a data breach. The consequences can be costly—steep fines and remediation mandated under a vast array of data protection regulations, including PCI DSS, US HITECH and data-breach notification laws. It also can result in deep and possibly irreparable damage to the brand.
To reduce risk, organizations employ auditable data protection management processes such as encryption and key management to render sensitive information useless to hackers. National governments use encryption to protect the most sensitive diplomatic and military secrets. It also is useful in the private sector as a good way to comply with the many data security and privacy laws that have complicated the business world in the past few years. But there’s a big difference between the way government and businesses use encryption: Governments use hardware while businesses tend to go with software.
Understanding why isn’t a simple matter; but if you’re in the market for an encryption solution to protect sensitive information, you should understand the tradeoffs. Let’s look at the differences between hardware and software encryption, what each means to your business and how you can achieve optimal information protection.
Hardware vs. Software
In the context we’ll address first, “hardware” means special-purpose, high-security hardware designed to protect cryptographic keys and the cryptographic operations, such as encryption, that use them. This can range from devices as simple as smart cards to advanced appliances that encrypt sensitive data on behalf of mainframes.
Now, there are three areas in which to compare hardware and software encryption: security, performance and cost. But when we compare the two, it’s not always clear which approach has the advantage in any of these areas. Understanding the difference between hardware and software encryption isn’t as difficult as understanding the economy, certainly, but there are still many cases where we must say, “On one hand . . . on the other. . . .” That’s because there are many areas in which encryption can be used to protect sensitive data—including mainframes, servers, desktop computers and inexpensive retail point-of-sale devices—and what makes sense in one case might not work in another. Also, because there are always tradeoffs to be made between security, performance and cost, there’s rarely a single solution that’s clearly superior.
Security
It’s true that hardware encryption can be more secure than software encryption, but it’s tricky to explain what this really means.
One obvious difference is that it’s easier for hackers to change software on a laptop, a server or even a mainframe than it is for them to change the embedded software or firmware inside a dedicated hardware device. The news is full of stories that detail how viruses or other malware have corrupted a PC user’s software environment. It can be as simple as tricking the user into clicking on an attachment or a hyperlink in an e-mail. After all, computers are specifically designed to make it easy to develop and run applications. It’s no different with malware.
Hardware devices are different. First of all, it’s hard to know what’s happening inside the black box in the first place. Second, manufacturers build such devices to run only their own software, so they can check whether anything has changed and shut it down if so. Third, many hardware devices incorporate physical protections such as trip switches and hardened construction that prevent attackers from extracting inner secrets, such as encryption keys.
There are thousands of exploitable security vulnerabilities in all software products that have shipped. It’s not uncommon for even relatively simple software applications to be built from more than one million lines of source code, and this complexity gives security vulnerabilities a bigger chance of creeping in. But hardware devices can present their own set of risks. One downside is that because the devices are closed—literally, they are black boxes—you never really know what’s going on inside, and therefore you have no choice but to trust the vendors who built them. You have to trust that they correctly implemented the security features that they claim, and that they are keeping that functionality up to date and fixing any bugs found.
Worse still, you have to trust that the vendors didn’t build a back door into the device through which they can see all of your secrets. When someone claims a device is secure, why should you believe him?
Even if you trust your hardware vendors, it doesn’t mean hackers can’t attack the hardware.
Hackers can do many things to defeat the protection hardware encryption provides, but they must either have the hardware they’re attacking in their possession or be very close to it. Hackers can attack software remotely, such as over the Internet. That’s a big difference. So if you can keep your encryption hardware out of the hands of hackers, you’ve probably stopped them from exploiting it, which means it’s probably secure.
But this isn’t always possible. It’s fairly easy to keep hackers away from a hardware appliance running in your data center. It’s almost impossible to keep them away from small, portable hardware devices such as point-of-sale devices or smart cards. Of course, there’s more data at risk in your data center than at a single retail location, and so it’s always important to keep the combination of risk and value in mind when planning where you might need hardware encryption.
But what can hackers do if they get their hands on encryption hardware? In some cases it’s possible for hackers to tell what encryption key a piece of hardware is using by taking careful measurements of the hardware when it’s operating. Attributes such as how much power a device is using or how long calculations take can leak information about the encryption key a device is using.
Clever hackers can make hardware function in unexpected ways, for example by operating it in conditions that it wasn’t designed to operate in, exposing a device to very high or very low temperatures, or changing the input voltage for a device. In some cases, the way hardware operates in these non-standard conditions can actually defeat the protection it’s designed to provide.
Even more advanced hackers can use the exotic equipment that’s used to test semiconductor devices, such as electron microscopes and focused-ion beam lithography machines, to bypass even the most advanced security features in hardware devices. But this equipment costs millions of dollars and requires specialized skills. It’s not something most hackers have access to.
So on one hand, there are ways for hackers to beat the security that hardware encryption can provide, even if such methods sound a bit like science fiction. But on the other hand, these types of attacks really aren’t practical for most hackers to actually carry out. The bottom line is that hardware can be less complex and less accessible than software, and this will almost certainly make it more secure.
Performance
Hardware and software encryption can vary greatly in performance. SSL accelerator boards commonly used in Web servers and networking gear are a good example of this. Setting up secure connections to a Web server requires doing calculations with big numbers—numbers that typically have 2,048 bits or more. That’s more than 616 decimal digits, and doing anything with numbers that big takes lots of computing power—so much computing power, in fact, that it would dramatically reduce the performance of a Web server if it conducted such calculations within software.
An easy solution to this problem is to add special-purpose hardware that’s optimized to do the expensive operations with big numbers. This hardware isn’t suitable for general-purpose tasks such as running a Web server, but it’s very fast for the type of operations for which it’s optimized, and offloading the expensive operations from software running on a server to the optimized hardware can give a big increase in performance.
But hardware encryption isn’t always faster. By adding hardware encryption to a mainframe, an end user might find that doing the encryption in hardware is actually slower than doing the encryption in software. Using an optimized SSL accelerator board to do encryption will probably be faster than doing the encryption in software, but using a smart card to do encryption will almost certainly be slower than doing the encryption in software. So don’t always assume that using hardware will give you better performance than using software. In some cases it will; in others it will not.
Cost
Another difference between hardware and software encryption is cost. Software encryption can be cheaper than hardware encryption. But hardware encryption can also be cheaper than software encryption, depending on how it’s used.
A hardware appliance that encrypts email can handle encryption for thousands of users. So although the encryption appliance itself may not be cheap, its cost per user can actually be fairly low. All things considered, using one appliance can cost much less than installing e-mail encryption software on many workstations.
On the other hand, a hardware encryption device that’s used infrequently by only a single or a few users can actually cost more than it would to implement the same encryption operations in software. In many cases, it can be much more.
Hardware encryption often scales better than software encryption. If you need to implement encryption on desktop computers, software encryption is probably much cheaper than hardware encryption. The same is true for servers that handle relatively few concurrent users. But in larger environments, dedicated encryption hardware is often a cheaper alternative.
Combining Hardware and Software
For optimal security without tradeoffs in performance or cost, organizations can use a combination of hardware and software. Taken together, they also can eliminate deployment and scale issues. This approach also enables users to leverage data protection innovations. Here’s an example from the payments industry.
A Case Study
After suffering what was the largest data breach of its time, Heartland Payment Systems, one of the nation’s largest payments processors, decided to invest in encryption technology to ensure its merchants, consumers and its own business were protected with the strongest security available.
“Hardware encryption is the best way to protect payments information,” said Steve Elefant, Heartland’s CIO, “and we decided to raise the bar in the industry by being the first to implement end-to-end encryption for sensitive data. Our new E3 technology, which as of now includes terminals, magnetic stripe readers and PIN pads, uses hardware and software to encrypt credit and debit card data at the point where it’s converted to a digital form at the merchant. The plaintext card data is never exposed throughout the transaction lifecycle outside a hardware security module.”
Heartland also wanted to take advantage of format-preserving encryption (FPE) and identity-based encryption (IBE). FPE lets users encrypt sensitive information without changing its format. A 16-digit credit card number can be encrypted and you still end up with a 16-digit value, for example. IBE lets you calculate users’ keys from their identity. The combination was just what Heartland was looking for.
“By using IBE, we’re able to offer significantly better security and avoid expensive key injection into our E3 devices, and this saves money for both us and our customers,” Elefant said. “And by using FPE to encrypt card data, we’re able to handle encrypted data without changing any database schemas or other parts of our network.”
Heartland did not, however, stop there. The company decided it would also provide hardware encryption.
“Because the security of our customers’ data is so important, we decided that we needed the best possible security solution, and that meant using hardware encryption. IBE and FPE weren’t available in hardware when we started this project, but by working with our POS terminal partners, as well as encryption vendor Voltage Security and hardware vendor Thales, we were able to create just what we were looking for,” Elefant said. “The result is our E3 terminal and product suite, and we’re extremely proud with how it turned out.
“Even with layered hardware and software security, we were able to make this an extremely cost-effective solution for merchants. And we’re so confident in the security it provides that Heartland offers what we call our ‘E3 End-to-end Encryption Warranty.’ This means that if a Heartland customer using E3 suffers a data breach, Heartland will reimburse them for all of their PCI-related breach fines and fees.”
This article originally appeared in the August 2011 issue of Network-Centric Security.