Key Management Plays Crucial Role In Database Encryption

User input error at Colorado County shows potential for database trouble, experts say

Database encryption can be a powerful tool for protecting sensitive data -- but without proper key management practices, big problems could be only one fat finger away.
Such was the case this week at a Colorado county election office, where an incident involving the encryption of its voter database is costing taxpayers tens of thousands of dollars and putting a wrinkle in the countys voting process.
As reported by
Steamboat Today
, northern Colorados Routt County Clerk and Recorders Office is currently scrambling to accommodate 5,773 voters whose mail-in ballots will not be recognized due to a user input error in the voter databases encryption system.
When an office worker for the county went to change the PIN for the election database earlier this month -- as required by the Colorado Secretary of State -- he or she made an inadvertent keystroke error that caused the system to reissue encryption keys. The mistake generated an encryption code that does not match the one already associated with the 5,773 ballots previously mailed to voters.
The net result of the snafu? The county now must bring in a team of election judges to replicate the election data under video surveillance to ensure voters get their say. Cost to fix the problem? More than $25,000.
This mistake was not brought on by a lack of protection, but rather by the lack of quality enterprise key management, says Chris Corde, senior manager of application security products at RSA. We always tell customers that encryption is the plumbing of the system, but its not where all of the operational interaction takes place. That happens at the key manager.
In this instance, Steamboat Springs experienced something we refer to as rekeying of their data, which is the unencrypting of data with the old key and then re-encrypting of it with a new one, Corde explains.
According to Ulf Mattson, CTO for security vendor Protegrity, the incident is unfortunate because the government agency was unable to leverage lessons that developers of database encryption systems learned a long time ago. Organizations should never use an authentication PIN or access code to generate encryption keys -- authentication should be separated from key management, he warns.
If you still want to use an authentication PIN or access code to generate encryption keys, you should not have one single person knowing the whole PIN that can generate an encryption code, Mattson says. Separation of duties -- split knowledge and potentially dual control -- should be used. Input validation, in general, can avoid that extra digit added by mistake.
Organizations should never allow for the automatic re-encryption of a database, Mattson advises. In the case of the county election, it must be scheduled properly to avoid mistakes like re-encryption of the database during an election cycle, he says. It should only allow changing the PIN before the election cycle.
RSAs Corde says that mistakes can also be avoided by not allowing certain key requests to be performed at the client. We do this by turning off client-side permissions for key rotation, or even decryption in some instances, he says.
Some enterprises could also avoid trouble by using a solution such as a hardware security module (HSM), experts say. HSMs ensure that authentication codes cant be handled or decrypted outside the boundary of the hardware -- and that PIN verification only occurs inside the secure application, says Juan Asenjo, global product marketing manager for Thales Information Systems Security.
HSMs also enable key replication to prevent disruption in service, Asenjo observes. HSMs could have helped prevent the problem experienced by the government agency in question, he says. Login authentication provided by an HSM would have protected sensitive login information [against alteration] and safeguarded them from the apparent inadvertent change.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Key Management Plays Crucial Role In Database Encryption