Page 41

EETE JULAUG 2014

processes are staff members subject to? Also, consider under whose jurisdiction the keys will fall: make sure your keys are not being held in a country where access to them can be mandated by the state without due process being employed. Yet, while this is all sound advice, obtaining this level of detail from large a CSP can prove difficult. In such circumstances, organisations will need to put in the hard graft themselves by carefully considering the potential consequences and appropriately risk assessing any potential outcomes before proceeding. Organisations must also be wary of using CSPs with proprietary encryption software and mechanisms. What happens when you decide to move to a new Cloud Provider, for instance? It is also more difficult to protect your data when you are retro-fitting encryption to an already established cloud solution. By design, encryption should be intrinsic to the solution: it should be considered from the outset, enabling a provider to offer a solution which applies the most appropriate type of encryption to the right parts of the infrastructure. In addition, be wary of how the solution has been implemented. Spend time researching options, arranging a trial and even prototyping a solution, and be sure your organisation understands its feature set and any limitations before a decision is made. It is very common for most solutions to appear to use standard and established encryption algorithms such as AES-256, however the implementation and storage of the encrypted data often result in a proprietary product that is not compatible with other provider offerings. A good example of this are the products provided by Amazon Web Services (AWS) and Microsoft Azure, and the inability to migrate data in its original raw encrypted form between the two services. At present, considerable migration planning and effort would be required to transfer data between the two platforms. Keeper of the keys Try to utilise asymmetric keys where possible and ensure the derivation and management process is robust. Always ask where the keys are to be stored and understand the mechanisms in place for the management of those keys. Wherever you employ encryption, ensure you understand where your keys are held, who has access to them and when, and what supporting processes are in place. For example, with regards to incident Dual radio transceiver for Car-to-X applications With the second product for its RoadLink family of after the SAF10x baseband chip, NXP continues to populate the market for Car-t-X products. The TEF510x dual radio multi band RF transceiver provides OEMs and tier ones with a 802.11p modem that supports global deployments and multiple system configurations. The TEF510x meets Japanese 760Mz C2X requirements, US and European (5.9GHz) as well as Wi-Fi and DSRC (5.8GHz) specifications. It will be released for automotive production in 2015 and is expected to be available to consumers in 2016. Together with the SAF510x baseband processor jointly developed by NXP and its Car2X technology partner Cohda Wireless, the RoadLink TEF510x takes C2X communications to the next level by bringing safety-critical information to the driver significantly faster than current, conventional applications can. management, what happens if a compromise is discovered? Who gets notified? What happens to existing keys? What governance requirements and expectations need to be met? Organisations must also ensure access to keys is made available at all times, as business continuity is paramount. Ask the organisation what they do with regards to their Business Continuity Plan (BCP). Are they BS25999/ISO22301 certified? What guarantees are in place that access to the keys will be maintained at all times and what Service Level Agreements (SLAs) are in place? Cloud encryption and key management are still nascent markets but are becoming an integral part of service offerings rather than a bolt-on. Many of the large CSPs such as AWS and Azure have begun to offer key management services to support their existing and established service offerings. In addition, more and more key management organisations are entering the market because this service is seen as a lucrative addition to existing web-based ICT offerings. There is a temptation for these providers to think that if they can provide online backup, they can provide key management, however this is a specialist area. The more companies that offer these services without fully understanding the nuances, the more likely there will be a major compromise or loss of keys. In the future, key management is likely to become part of business intelligent encryption solutions which integrate with existing security tools and give rise to the concept of ‘enterprise encryption in a box’. However for now, existing key management and storage requirements will continue to be extended beyond the physical boundaries of traditional ICT. Key management and storage requirements are already integrated into most governance and regulatory regimes. What is new is the outsourced nature of today’s key management options. Outsourcing key management will require additional contractual and physical requirements within the existing governance and regulatory regimes: a requirement that will continue to become more important as the market grows. Compliance regimes such as ISO 27001 seem to have enough catch-alls to capture out-sourced key management and storage at the moment but as the market matures, expect to see more pressure brought to bear upon the CSP. After all, he who keeps the keys rules the world. Key Features of the TEF510x include an RF-Transceiver for global C2X standards, covering Europe, US and Japan, as well as DSRC and Wi-Fi (802.11abgn) standards and support for various antenna configurations and diversity schemes. Together with SAF510x, the new chip enables best-in-class 802.11p reception performance and communication range for mobility use cases even in non-lineof sight conditions. AEC-Q100 qualification scheduled for 2015. NXP named Japanese component manufacturer ALPS Electric as an early adopter of the RoadLink platform. As part of its commitment to deliver connected car technology, ALPS chose the NXP/Cohda tandem for its application-ready C2X solution, NXP www.nxp.com/connected-mobility www.electronics-eetimes.com Electronic Engineering Times Europe July/August 2014 41


EETE JULAUG 2014
To see the actual publication please follow the link above