When relying on hashing for rendering PAN unreadable PCI DSS requires the use of keyed cryptographic methods not limited to HMAC (Hash-based Message Authentication Code), CMAC (Cipher-based Message Authentication Code), and GMAC (Galois/Counter Mode MAC) keyed-hash message authentication codes (MACs) used to ensure data confidentiality, integrity and authenticity. Here's a breakdown of each and their PCI DSS relevance:
HMAC (Hash-based Message Authentication Code)
- How it works: HMAC combines a cryptographic hash function (like SHA-256) with a secret key. It's designed to prevent various attacks on simpler MAC constructions.
- PCI DSS Relevance: HMAC is widely used in PCI DSS for message authentication in various contexts, including:
- Protecting stored cardholder data: HMACs can be used to protect sensitive data at rest.
- Securing communication channels: HMACs can be used to authenticate messages transmitted over insecure networks.
- Validating data integrity: HMACs can be used to ensure that data has not been tampered with.
- Generation of a Secret Key: It must be generated securely using a cryptographically secure random number generator (CSPRNG). The key size should be appropriate for the chosen hash function (e.g., at least 128 bits for SHA-256).
- Key derivation: Keys are derived by taking 2 constants and xor them with the key separately.
CMAC (Cipher-based Message Authentication Code)
- How it works: CMAC is similar to HMAC but uses a block cipher (like AES) instead of a hash function. It provides similar security guarantees.
- PCI DSS Relevance: CMAC is also acceptable for use in PCI DSS compliant systems, offering an alternative to HMAC. It might be preferred in certain situations where block ciphers are already being used extensively.
GMAC (Galois/Counter Mode MAC)
- How it works: GMAC is specifically designed for use with block ciphers operating in Galois/Counter Mode (GCM). GCM combines confidentiality (encryption) and authentication (GMAC) in a single operation.
- PCI DSS Relevance: GMAC, when used with approved ciphers in GCM, is a strong authentication method and can be used in PCI DSS compliant environments. Because it combines encryption and authentication, it's often preferred for data in transit and can be used for data at rest as well.
General PCI DSS Requirements related to MACs:
- Strong Cryptography: PCI DSS requires the use of strong cryptography to protect cardholder data. HMAC, CMAC, and GMAC, when implemented correctly, are considered strong cryptographic methods.
- Key Management: PCI DSS emphasizes the importance of proper key management. The secret keys used in HMAC, CMAC, and GMAC must be securely generated, stored, and rotated.
- Standards and Regulations: Implementations must adhere to relevant industry standards and regulations related to cryptography.
Choosing the right MAC:
The choice between HMAC, CMAC, and GMAC depends on the specific requirements of the system and the existing cryptographic infrastructure. HMAC is a very common and well-vetted choice. CMAC is an alternative when block ciphers are preferred. GMAC, when used with GCM, offers the advantage of combined encryption and authentication. Regardless of the choice, proper key management is paramount for security.
Important Note: This information provides a general overview of the relevance of HMAC, CMAC, and GMAC. Always consult the full PCI DSS documentation and engage with qualified security assessor.
