The PCI PIN Standard requires implementation of Key Blocks. On this blog, the fourth of the series, we cover basic questions about the Advanced Encryption Standard (AES) and the Triple Data Encryption Standard (TDES) block ciphers and how they relate to key blocks. On our first blog, Key Blocks 101, we covered basic questions about this security method and how it helps secure payment data.
Q. What is AES?
A.The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data that was established in 2001 by the U.S. National Institute of Standards and Technology (NIST). This encryption method utilizes a block cipher algorithm and is a commonly used way to encrypt and decrypt important information worldwide. AES is included in the ISO/IEC 18033-3 standard making it an international standard.
Q. What is TDES/TDEA?
A. Triple DES (TDES) is a block cipher created from the original 1975 Data Encryption Standard (DES) and like AES is a symmetric key algorithm, i.e., where the same cryptographic keys are used for both the encryption of plain text data and the decryption of the resulting encrypted data. Triple Data Encryption Standard (TDES) is a type of computerized cryptography where the block cipher DES algorithm is applied three times to each data block using either a double or triple length key.1 TDES is also referred to as the Triple Data Encryption Algorithm (TDEA). The encryption world evolved to TDES as a result of DES being vulnerable to brute force attacks. The brute force attacks were possible because of increased computational power. By using three steps, in conjunction with longer keys, data security professionals are able to better defend against a meet-in-the-middle attack.
TDES is traditionally found in hardware applications which are still in use around the world in large numbers.
Q. Isn’t TDES/TDEA obsolete?
A. TDES cipher suites are commonly used by older operating systems (for example, Windows XP) and older protocols (for example, SSL and early TLS). Because the “Sweet32” exploit is ranked by the Common Vulnerability Scoring System (CVSS) as a medium risk, the presence of TDES will typically be reported as a “fail” during ASV scans. Entities that have implemented compensating or mitigating factors to reduce the risk of the exploit may follow processes defined in the ASV Program Guide to document how the risk has been reduced and the subsequent impact on scan results.
Additionally, the concept of “strong cryptography” in PCI DSS and other PCI standards is based on acceptance by authoritative bodies including NIST. Once TDES is fully disallowed by such authorities, it will no longer be considered “strong cryptography” by PCI SSC. The Council’s PIN Transaction Standard (PTS) currently allows for the support of TDES in HSM and Point-of-Interaction (POI) devices. Entities should contact their acquirer or the payment brand(s) of interest regarding requirements for the use of PCI approved devices.
Q. How are these related, or unrelated, to key blocks?
A. The Council urges merchants to use approved PTS devices in their payment environments which provide support for key blocks. Both TDES and AES are block ciphers, which are a type of cryptographic algorithm that operate on fixed length ‘blocks’ of data, termed the block size. When a key is encrypted using a block cipher that has a block size less than the size of the key, the key must be represented by several blocks resulting in a danger of substitution or misuse of a fragment of the overall encrypted key. The use of “key blocks” or “key wrapping” protects such keys from attacks that would attempt to re-order or otherwise modify the keys. Additionally, it protects the intended use of the key and provides confidentiality through encryption.
Q. The PCI SSC PIN Security Requirements state that encrypted symmetric keys must be managed in structures called key blocks. This applies to both conveyance and storage. Does this apply to only TDES/TDEA keys?
A. No, both AES and TDES keys are required to be managed in key blocks as stipulated by ANSI X9. For more information on the PCI PTS PIN security requirements on this topic please see the FAQs for Requirement 18 in our Technical FAQs document.
Q. Does the PCI Security Standards Council recommend AES or TDES or does it not matter?
A. While both are still currently accepted encryption practices, the PCI SSC recommends that entities with environments subject to PCI Standards that require the use of symmetric encryption algorithms migrate to AES as it is a stronger cryptographic algorithm.