In cybersecurity we often focus on preventative measures inside the electronics and software we use. Of utmost importance are the procedures surrounding the physical infrastructure: initial deployment, transport, and storage of the data, the keys, and the real-world location of the cryptographic servers. We’ll describe some additional security measures to be taken beyond the typical prescription of regular backups and data encrypted at the application layer, and of course, strong authentication.
To comply with PCI DSS one must have a secure element—a hardware-based cryptographic module—rated at Federal Information Processing Standards (FIPS) 140-2 Level 2 or higher. Each level assumes the qualities of the lower level. We have summarized them here:
Level 1 guarantees at least one approved algorithm is used to perform cryptographic operations
Level 2 imposes physical barriers
Level 3 guarantees the keys are useless if the hardware is opened
Level 4 demands responses to environmental risks (e.g., overheating or overloading electrically)
Level 4 is used most often where the protections of a data center do not apply, as physical tampering implies all other prevention of access has already failed. StrongKey offers Level 2 by default, but can optionally be upgraded to Level 3.
Given FIPS-compliant secure elements, a properly architected server intended for PCI DSS compliance only stores the pseudo numbers (encrypted values for the primary account number, or PAN) and keys used for encryption; no plaintext values are stored. These Master Keys form the foundational keys from which many other keys and cryptography operations on a server depend, and they are guarded by a group of people called “key custodians.”
If you’ve ever seen or read about scenarios requiring two or more keys to open a door or enable a weapon, the people in custody of those keys are the key custodians; but in this scenario, they’re unlocking the cryptographic functions of a secure element. Often these keys are created with what is known as an “m of n” scheme; for example, a “3 of 5” scheme would have 5 custodians (each with a unique key) total, but only require 3 keys to unlock the secure element. After booting up or restarting the web server software, the TPM can only be activated for cryptographic operations once the assigned key custodians set their PINs. Until then the data on the appliance cannot be decrypted or used. Additionally, because PCI DSS compliance mandates the keystores (the actual file that is considered the "key") that enable the secure element should never be stored on the server, it is a good idea before transporting a server carrying cardholder data (CHD) to make sure the keystores have not been copied to the server (because people can be lazy or forgetful) and to remove them if they have.
All of this must happen with each reboot; de facto it must occur if a server is to be relocated.
For even more extreme security when relocating servers in PCI DSS scope:
Create travel passwords for application owners and root temporarily just before shutdown
Remove the hard disk drives
Label them and store each one in separate, sealed tamper-evident packaging
Take pictures of the sealed tamper-evident envelopes
Ship them separately from the server hardware and from each other
Reassemble them in the right order and boot using the travel credentials
Change travel passwords to new permanent values
Taking photos of the tamper-evident packaging serves as a record of the control measures used to protect the information and keys should it ever come into question. The price of these measures is insignificant to the damage they can prevent if you are required to provide evidence that you were as careful as possible protecting CHD surrounding and during transport.
PCI DSS is unfortunately not taken so seriously by the companies handling our money. Though the above measures may seem extreme, the lengths to which attackers will go and the ingenuity with which they ply their trade must only be more extreme than your measures if they are to succeed. Standing behind reluctant admissions of laxity and apologies is not where you want to be; but online confidence is definitely a good look. It only takes is one slip to be the next breach headline; and it also only takes one meeting to set up the most cost-effective open source compliance measure you can buy: the StrongKey Tellaro.