数据安全–KMS(Data security — KMS)

背景介绍

密钥管理服务(KMS)是一套密钥管理系统, 可以针对云上数据/各端上的加密需求精心设计的密码应用服务,为您的应用提供符合各种要求的密钥服务及极简应用加解密服务,助您轻松使用密钥来加密保护敏感的数据资产。方案开发者身份    受保护数据    保护目的    解决方案网站或应用开发    证书、密钥    网站和应用会使用HTTPS证书来保证通信协议的安全,也会使用密钥来给文件打上自己企业的签名,但是这些常见的安全解决方案非常依赖证书和密钥本身的安全。    KMS密钥管理后台服务开发    密码、登录密钥、配置    数据库密码、登录密钥、后台服务的配置信息可能会被黑客利用,明文存储在硬盘上非常危险。    KMS密钥管理内容、社交网站或应用    用户原创内容、有价值的知识产权    企业依赖核心的UGC内容或独特的知识产权来建立在行业的竞争优势,一定不能发生『拖库』这样的事故。    KMS信封加密政府、金融机构    协议通信内容、重要文件和资料    政府和金融机构任何的通信和存储数据都具有高价值性和高保密性,需要在建立业务系统时就考虑好合规性和安全性。    KMS信封加密架构

在这里插入图片描述

架构图描述:

    KMS: 根密钥生成,为了生成根密钥的保密性,由三个人分别输入三段约定好算法的随机因子到HSM中去生成根密钥,非法读取HSM中的根密钥会导致HSM被破坏而不可用从而保护了根密钥不被泄露。另外为了保存好根密钥以备及时恢复,要将三段随机因子分别保存到三个保险柜中。为了防止根密钥被泄露,根密钥RootKey由密钥管理服务KMS从硬件安全模块即HSM中读取,按照一定的分散算法打散存储在内存中。    SDK: 开发者将SDK集成到自己开发的服务或者系统的代码中,以实现只需要调用较为简单抽象的接口就能够使用密钥管理服务的相关功能。SDK中进行加解密是为了防止业务方私自保存密钥。Client主要是负责SDK的Http请求相关的功能,加解密模块则是负责SDK加解密相关的功能。

KMS核心功能

包括密钥生命周期:1、密钥生成 – 统一管理密钥的生成,一般要求根密钥具备较高的随机性以防止密钥被猜测、应用密钥通过安全的分散算法派生生成。2、密钥存储 – 安全的存储密钥,如使用专用的安全存储设施或采用高强度加密保护,防止密钥的泄露和窃取。3、密钥分发 – 确保密钥从生成、存储环境向使用环境传输的过程中不被泄露。4、密钥注销 – 密钥生命周期完结之后,合理、安全地销毁密钥,并对销毁步骤作进行记录。5、密钥更新 – 通过合理的密钥更替机制,降低密钥长期使用带来的暴露风险。一般要求:根密钥长期有效,具备更替能力;应用密钥定期更新,防止恶意破解;过程密钥一次一密,并通过引入时间戳、流水号等应用数据防止重放攻击。6、密钥备份 – 保证重要密钥的备份恢复机制,在密钥丢失、灾难场景下,能够较快恢复密码服务能力,恢复时间目标(RTO)和恢复点目标(RPO)满足业务方需求。7、密钥应用和密码运算服务 – 在具体的应用场景下,KMS还负责为业务方提供与应用相关的安全接口,如:数据加密封装、隐私数据脱敏、接口签名等。

一般情况下我们将KMS系统划分为三个核心模块:1、安全区 – 整个系统的安全根,主要负责安全存储系统的根密钥,仅对系统内必要的功能模块开放访问权限。2、服务层 – 系统主要功能的实现部分,为用户和KMS的应用提供密钥管理、数据加密、数字签名等服务,这也是KMS中与业务逻辑关系最紧密的部分。3、接入层 – 面向应用系统提供业务接入能力,通过提供多语言、多框架适配的SDK,来支持无侵入或低侵入的集成。密钥生成

从网上弄了一个图,大致如下:在这里插入图片描述

    初始密钥的密钥因子:用于导出初始秘钥。    初始密钥:用于加密工作密钥。    工作密钥:用于加密敏感数据(密码、个人信息等)的密钥。————————————————版权声明:本文为CSDN博主「_0x00」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。原文链接:https://blog.csdn.net/qq_39325340/article/details/123471184

————————

Background introduction

Key management service (KMS) is a set of key management system, which can be a password application service carefully designed for the encryption needs of data on the cloud / at all ends, and provide your application with key services and minimalist application encryption and decryption services that meet various requirements, so as to help you easily use the key to encrypt and protect sensitive data assets. Solution developer identity # protected data # protection purpose # solution website or application development # certificate, key # website and application will use HTTPS certificate to ensure the security of communication protocol, and will also use key to sign the file of their own enterprise. However, these common security solutions rely very much on the security of certificate and key itself. Kms key management background service development password, login key, configuration database password, login key and configuration information of background service may be used by hackers, and it is very dangerous to store plaintext on hard disk. Kms key management content, social networking sites or applications “user original content, valuable intellectual property rights” enterprises rely on core UGC content or unique intellectual property rights to establish their competitive advantage in the industry. There must be no accidents such as “dragging the library”. Kms envelope encrypts the communication contents, important documents and materials of the government and financial institutions. Any communication and storage data of the government and financial institutions have high value and high confidentiality. It is necessary to consider the compliance and security when establishing the business system. Kms envelope encryption architecture

Insert picture description here

Architecture diagram description:

Kms: root key generation: in order to generate the confidentiality of the root key, three people input three random factors of the agreed algorithm into HSM to generate the root key. Illegal reading of the root key in HSM will lead to the destruction and unavailability of HSM, so as to protect the root key from disclosure. In addition, in order to save the root key for timely recovery, three random factors should be saved in three safes respectively. In order to prevent the root key from being leaked, the root key is read from the hardware security module (HSM) by the key management service kms, scattered and stored in memory according to a certain decentralized algorithm. SDK: developers integrate the SDK into the service or system code developed by themselves to realize the relevant functions of key management service by calling a relatively simple and abstract interface. Encryption and decryption in the SDK is to prevent the business party from saving the key privately. The client is mainly responsible for the HTTP request related functions of the SDK, and the encryption and decryption module is responsible for the encryption and decryption related functions of the SDK.

Kms core functions

Including key life cycle: 1. Key generation – generation of unified management key. Generally, the root key is required to have high randomness to prevent the key from being guessed. The application key is derived and generated through a secure decentralized algorithm. 2. Key storage – secure storage of keys, such as using special secure storage facilities or high-strength encryption protection to prevent key leakage and theft. 3. Key distribution – ensure that the key is not disclosed in the process of transmission from the generation, storage environment to the use environment. 4. Key cancellation – after the end of the key life cycle, destroy the key reasonably and safely, and record the destruction steps. 5. Key update – reduce the exposure risk caused by the long-term use of the key through a reasonable key replacement mechanism. General requirements: the root key is valid for a long time and has the ability of replacement; The application key is updated regularly to prevent malicious cracking; The process key is encrypted one at a time, and the replay attack is prevented by introducing application data such as timestamp and serial number. 6. Key backup – ensure the backup and recovery mechanism of important keys. In case of key loss and disaster, it can quickly restore the cryptographic service capability, and the recovery time objective (RTO) and recovery point objective (RPO) meet the needs of the business party. 7. Key application and cryptographic operation Services – in specific application scenarios, KMS is also responsible for providing business parties with application related security interfaces, such as data encryption and encapsulation, privacy data desensitization, interface signature, etc.

In general, we divide the KMS system into three core modules: 1. Security zone – the security root of the whole system, which is mainly responsible for the secure storage of the root key of the system and only open access to the necessary functional modules in the system. 2. Service layer – the implementation part of the main functions of the system, which provides key management, data encryption, digital signature and other services for users and kms applications, which is also the part most closely related to business logic in KMS. 3. The intrusion oriented and application-oriented SDK supports multi-layer intrusion and adaptation. Key generation

I got a picture from the Internet, which is roughly as follows: insert a picture description here

Key factor of initial key: used to export the initial secret key. Initial key: used to encrypt the working key. Work key: the key used to encrypt sensitive data (password, personal information, etc.)———————————————— Copyright notice: This article is the original article of CSDN blogger “_0x00”, which follows the CC 4.0 by-sa copyright agreement. Please attach the original source link and this notice for reprint. Original link: https://blog.csdn.net/qq_39325340/article/details/123471184