Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
A key agreement scheme and its associated key establishment protocol should provide the<br />
following assurances:<br />
1. Each entity in the key establishment process knows the identifier of the other entity(ies);<br />
this may be achieved by the key agreement scheme or may be achieved by the protocol in<br />
which key agreement is performed. Note that the identifier may be a “pseudo-identifier”,<br />
not the identifier appearing on the entity’s birth certificate, for example.<br />
2. The keys used in the key agreement scheme are correctly associated with the entities<br />
involved in the key establishment process.<br />
3. The derived keys are correct.<br />
Keys derived through key agreement and its enabling protocol should not be used to protect and<br />
send information until the three assurances described above have been achieved.<br />
8.1.5.3 Generation and Distribution of Other Keying Material<br />
Keys are often generated in conjunction with or are used with other keying material. This other<br />
keying material shall be protected in accordance with Section 6.2.<br />
8.1.5.3.1 Domain Parameters<br />
Domain parameters are used by some public key algorithms to generate key pairs, to compute<br />
digital signatures, or to establish keys. Typically, domain parameters are generated infrequently<br />
and used by a community of users for a substantial period of time. Domain parameters may be<br />
distributed in the same manner as the public keys with which they are associated, or they may be<br />
made available at some other accessible site. Assurance of the validity of the domain parameters<br />
shall be obtained prior to use, either by a trusted entity that vouches for the parameters (e.g., a<br />
CA), or by the entities themselves. Assurance of domain parameter validity is addressed in<br />
[FIPS186-3] and [SP800-56]. Obtaining this assurance should be addressed in a CA’s certificate<br />
practices statement or an organization's security plan.<br />
8.1.5.3.2 Initialization Vectors<br />
Initialization vectors (IVs) are used by symmetric algorithms in several modes of operation for<br />
encryption and decryption, or for authentication. The criteria for the generation and use of IVs is<br />
provided in [SP800-38]; IVs shall be protected as specified in Section 6. When distributed, IVs<br />
may be distributed in the same manner as their associated keys, or may be distributed with the<br />
information that uses the IVs as part of the encryption or authentication mechanism.<br />
8.1.5.3.3 Shared Secrets<br />
Shared secrets are computed during a key agreement process and are subsequently used to derive<br />
keying material. Shared secrets are generated as specified by the appropriate key agreement<br />
scheme (see [SP800-56]), but shall not be distributed.<br />
8.1.5.3.4 RNG Seeds<br />
RNG seeds are used to initialize a Deterministic Random Bit Generator (DRBG). The criteria for<br />
the selection of a RNG seed are provided in the specification of an Approved DRBG. When<br />
distributed using an Approved method, the integrity and confidentiality of RNG seeds shall be<br />
protected in accordance with Section 6.<br />
101