Message in a PCI bottle - preserving message queue integrity

Ben Rothke and David Mundhenk close out their series on achieving PCI compliance when dealing with message queues.

First, a confession. When David and I started writing this series, we envisioned it would be completed after the third part. It appears we were a bit short-sighted. An astute reader challenged us to help address the concepts of preserving queue message data integrity. With that, we welcome you to part 4.

In parts 1, 2 and 3 of this series we wrote at length about the possible compliance and security issues associated with the queueing of cardholder data (CHD) within a PCI compliant cardholder data environment (CDE).

The queuing of CHD in volatile system memory can sometimes be affected by system resource issues due to loading, transaction latencies, intervention by journaling file system processes and more. Under such circumstances, a payment application or operating system may temporarily write CHD to disk. When this happens, and it’s not infrequently, the CHD is often written to disk undetected and unprotected.

Our interested reader of the previous article asked how to ensure the integrity of CHD when it’s transmitted from one queue to another within a given system, or even if such data transmission occurs across a suspect trust boundary such as the internet. What tools or safeguards are available to application developers that could help protect the integrity of the messages being sent? Also, he asked, wouldn’t it be great if there could be some level of assurance that the sender of the message is genuine and can be validated as a trusted entity? This would be especially important if the content of such messages contained payment transaction data including cardholder data, or even other such sensitive data such as personally identifiable information (PII) or other authentication requests.

MAC – meet HMAC

Enter the dragon that is the Message Authentication Code (MAC), and its more secure cousin the hash-based Message Authentication Code (HMAC). A MAC is a minimal piece of information used to authenticate a transmitted message. The HMAC is a specific, albeit special type of message authentication code that couples a cryptographic mathematical hashing function along with pre-shared secret cryptographic keys. HMAC authentication code provides the server and the client with a cryptographic key that helps to protect the integrity of given message while in transit, and also helps substantiate the sender as a trusted entity.

[ MORE FROM THIS SERIES: How to ensure PCI DSS compliance when dealing with message queues ]

For the HMAC, the secret key is known only to the server and specific client system. Using the secret key and a cryptographic hashing function, the client creates a unique mathematical hash to be sent to the server per each message being transmitted. Upon receipt of the message, the server then generates its own HMAC based upon the pre-shared, secret cryptographic key and compares the two values. If the values match, the client has been trusted and there is a high-level of assurance that the message has not been tampered with. If not, the data and the sender are suspect, the message is discarded and the event is hopefully recorded within an event log. Inordinate numbers of discarded messages are often harbinger of an untrusted sender attempting to communicate with a message recipient in an unauthorized fashion.

While authentication and data integrity has been preserved in HMAC use, it should be noted that any sensitive data contained with the message (such as CHD) could still require additional protections. This can be accomplished by encrypting the data prior to transmission using strong cryptographic algorithm, or by using a cryptographically strong, encrypted transmission protocol such as TLS v1.2 or IPsec.

HMAC use is becoming ubiquitous due in part to the prevalence of cloud computing and web services architectures. Entities attempting to connect to Internet exposed web services must have a valid, pre-shared cryptographic key or the messages being transmitted are suspect and ultimately discarded. That using Amazon Web Services can integrate its own messaging architecture called Amazon Simple Queue Service (SQS)

HMAC at AWS

Not only is it quite easy to get queuing working on AWS, they also provide good documentation on how to do it. For anyone using AWS, a good place to start is here. Amazon does a good job of providing the steps on how the HMAC basic authentication process works.

For those who want a more detailed understanding of how Amazon SQS queues work, a great place to see is here.

Conclusion

As stated previously, message queue security is something not enough people think much about. In this, our final installment in this four-part series, we hope you now have a better appreciation of the importance of message queuing, especially for those needing to be PCI compliant or otherwise interested in preserving message data integrity in transit.

Join the CSO newsletter!

Error: Please check your email address.

Tags PCPCI

More about Amazon Web ServicesAWS

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ben Rothke

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place