Are You Ready for the TR-31 Migration (Part One)
Starting January 2018, organizations that primarily use cryptogram-based encryption methods to protect their symmetric keys will need to begin transferring to a key block-based encryption method. This change reflects the update to made to PCI PIN guidelines in order to better protect cryptographic keys from unintended use. Of the various methods available, the TR-31 key block format is the most popular. In this multi-part blog post we will be discussing the coming migration, as well as providing essential information on TR-31 as well as the conversion process.
What is a Key Block?
Essentially, key blocks protect DES and 3DES keys from unauthorized substitution, key replacement, or misuse from outside influences. The sensitive information of each key is bookended by a header and binding method. This specific format allows for unique key protection, meaning that each key is provided with unique information in the header than allows for it to be easily distinguished and identified in a cryptographic system. This allows for quick identification of false keys inserted by false entities in hopes of retrieving sensitive information.
TR-31, specifically, has three block elements to it, as well as a few optional elements. The first block element is the header. As mentioned previously, the header contains information unique to the key it is protecting. The information includes metadata and specific attributes about the key and the key block itself, which is why it’s able to be easily distinguished form other keys within the cryptographic system. However, specific elements such as key use and type are stored elsewhere, in a separate database, rather than the header. It’s in this way that any false keys attempting to enter the database will be quickly identified, as it’s lacking this specific reference data.
The next element that rounds out the key block is the binding method. More specifics about the binding method can be seen in the X9 TR-31 technical report Interoperable Secure Key Exchange Block Specification for Symmetric Algorithms. Published in 2010, this ANSI published document specifically outlines TR-31 specifications, and is a recommended addition to both this blog post and the Futurex Whitepaper Migrating to Standards-Based Key Blocks for PCI PIN Compliance, which also discusses at length the transition to TR-31.
Bookended by the header and binding method is the padding bytes, which assist in disguising the key length from any interceptors. As well, there is an optional header block that can be used, though it’s not essential to the TR-31 key block to function properly. Finally, after these additional elements, is the sensitive data being protected.
Why Will the Switch to TR-31 be Beneficial?
As previously mentioned, the format and extra layers of security included in the TR-31 format provide a large amount of padding and protection around sensitive symmetric key information. In addition to this, though, when switching a cryptogram to a TR-31 key block format, you are fortifying the key against outsider influence. This extra layer of protection, provided by both the header and embedded MAC, are what make the TR-31 format appealing.
Each header, unique to the key its attached to, is the main element in preventing advisories from gaining the sensitive information within the key. In addition to this, the embedded MAC will also fail to verify if this information is missing or altered slightly.
For more Information on key blocks and TR-31, please see Futurex’s Whitepaper: TR-31 key block implementation, in the "Relate Case Studies" section below.