CIP Private Key Management
==========================

.. contents::

.. list-table:: Revision History
   :header-rows: 1
                              
   * - Revision No 
     - Date
     - Change description 
     - Author  
     - Reviewed by

   * - 001
     - 2021-08-17
     - Draft private key management document in CIP
     - Dinesh Kumar
     - To be reviewed by CIP Security WG members

1. Objective 
------------

The primary objective of this document is to explain about how various
private keys used in CIP development are maintained and kept secure and
confidential.

Moreover, subsequent revisions of this document may consider to add
details of keys which are added or used in future.

2. Assumptions 
--------------

+-----------------------------------+-----------------------------------+
| Assumption                        | Impact                            |
+===================================+===================================+
| All private keys used in CIP are  | Re-using CIP keys will make the   |
| only for reference and CIP users  | end product vulnerable            |
| need to re-generate these keys    |                                   |
| again and use in the end product  |                                   |
+-----------------------------------+-----------------------------------+

3. Scope 
--------

Scope of this document is to meet IEC-62443-4-1 SM-8 (Control of Private
Keys) security requirement. This document will explain about various
private keys used during CIP development, including generation, usage,
storage, password change, key rotation and protection of these keys.

4. Security Requirement 
-----------------------

CIP shall place procedural and technical control to protect all private
keys used in CIP development or needed at run time.

Since private keys are root of trust, they require extra protection so
that they are not stolen or compromised.

5. General Private Key Management Steps 
---------------------------------------

Following diagram illustrates steps fo private key management.

.. uml:: plantuml
  
  @startuml
   rectangle "Key Genreration" as r1
   rectangle "Key Storage" as r2
   rectangle "Key distribution & \n installation" as r3
   rectangle "Key Use" as r4
   rectangle "Key rotation" as r5
   rectangle "key backup & recovery" as r6
   rectangle "Key revocation & \n suspension" as r7
   rectangle "Key destruction" as r8

   r1-right->r2
   r2-right->r3
   r3-right->r4
   r4-->r5
   r5-left->r6
   r6-left->r7
   r7-left->r8
   @enduml

Private Key Management Life Cycle

6. About CIP Private Keys 
-------------------------

Currently CIP does not use any private keys which is expected to be used
by CIP based end products.

In future if any private key is used which would be used by CIP based
end products, it will added here.

7. Private Key Management Best Practices
----------------------------------------

CIP Security work group members did investigation to find best practices
for private key management which are recommnded to be followed by CIP
users.

Following best practices have been taken from [1], [2], [3].

1.  | According to NIST, in general, a single key should be used for
      only one
    | purpose (e.g., encryption, authentication, key wrapping, random
      number generation, or digital signatures

2.  Limiting the use of a key limits the damage that could be done if
    the key is compromised.

3.  Keys should never be stored in plaintext format.

4.  | Ensure all keys are stored in cryptographic vault, such as a
      hardware
    | security module (HSM) or isolated cryptographic service.

5.  | If you are planning on storing keys in offline devices/databases,
      then
    | encrypt the keys using Key Encryption Keys (KEKs) prior to the
      export of the key material.

6.  Ensure that keys and cryptographic operation is done inside the
    sealed vault

7.  Centralize Your Encryption Key Management Systems

8.  Centralize User Roles & Access

9.  Support Multiple Encryption Standards

10. Implement Robust Logging & Auditing

11. Implement the Principle of Least Privilege

12. Back Up Your Encryption Keys

13. Protection of the Key Manager & Recovery of Deleted Keys

14. Rotate Your Keys: No Decryption/Re-Encryption

15. Keep backup plan in case of key compromise/stolen

8. References 
-------------

1. https://www.thesslstore.com/blog/12-enterprise-encryption-key-management-best-practices/
2. https://www.snia.org/sites/default/education/tutorials/2008/fall/security/WaltHubis-Best_Practices_Secure_Storage.pdf
3. https://cheatsheetseries.owasp.org/cheatsheets/Key_Management_Cheat_Sheet.html