KMIP 2.0 vs Crypto in a Cybersecurity Context (G23c)
The enterprise key management standards space has been incredibly dynamic over the last decade as a group of over twenty vendors have worked together under OASIS to create a standard that represents the combined needs of a broad range of applications, devices and deployment scenarios. From embedded systems, authentication tokens, mobile devices, desktops, servers, mainframes and virtualised platforms we have a mature key management standard that has been widely deployed. Following the recent release of KMIP (Key Management Interoperability Protocol) v1.4, the encryption key management community is pushing ahead with KMIP v2.0 bringing with it a range of new functionality beyond a range of new cryptographic algorithms. This includes scalability improvements, better handling for new algorithms including quantum resistant algorithms, enhanced client registration capabilities, increased PKI functionality, enhanced tokenisation support, more efficient decrypt and encrypt operations and cleaner PKCS#11 mapping for hardware-based security.
Following the constant stream of data breach stories we see in the media, the need for data encryption is greater now than ever however without effective encryption key management this effort may be in vain. Every encryption key must be effectively managed for data encryption to be useful in a cyber security or a business context. This means knowing which keys are in use when those keys were issued, how long they are effective for, and when or if they should be rolled. Effective management also allows us to respond to real or suspected compromises or systemic failures of individual algorithms and key types, meaning enterprises have a greater capability to respond to threats and incidents in a rapid timeframe.
In this session Tony Cox and Chuck White as authors of KMIP v2.0 Specification will explore the KMIP specification with particular emphasis on the new additions being specified in the coming version and how this new content relates to today’s crypto and the enterprises that deploy it. Alongside the KMIP v2.0 Specification, a range of new KMIP usage profiles are also being developed to assist implementers in the deployment of interoperable systems to meet specific requirements. These profiles cover a range of scenarios including post-quantum crypto behaviour, blockchain key management as well as smart-grid and smart-utility deployments, as well as supply-chain security as this relates to areas such as military technology and vehicle manufacturing industry. With greater support to interoperate with HSMs, implement operations within hardware-secured boundaries and validate connected security hardware, the presenters will explore the new developments linking the new content with current crypto development and cybersecurity solutions.