Part 1: General - Computer Security Resource Center - National ...

More documents

Recommendations

Info

March, 2007 symmetric key or the public key of a key pair, although the private key associated with the public key is also revoked. Key revocation may be accomplished using a notification indicating that the continued use of the keying material is no longer recommended. The notification could be provided by actively sending the notification to all entities that might be using the revoked keying material, or by allowing the entities to request the status of the keying material (i.e., a “push” or a “pull” of the status information). The notification should include a complete identification of the keying material, the date and time of revocation and the reason for revocation, when appropriate (e.g., key compromised). Based on the revocation information provided, other entities could then make a determination of how they would treat information protected by the revoked keying material. For example, if a signature verification public key is revoked because an entity left an organization, it may be appropriate to honor all signatures created prior to the revocation date. If a signing private key is compromised resulting in the revocation of the associated public key, an assessment needs to be made as to whether or not information signed prior to the revocation would be considered as valid. As another example, a symmetric key that is used to generate MACs may be revoked so that it is not used to generate MACs on new information. However, the key may be retained so that archived documents can be verified. The details for key revocation should reflect the lifecycle for each particular key. If a key is used in a pair-wise situation (e.g., two entities communicating in a secure session), the entity revoking the key shall inform the other entity. If the key has been registered with an infrastructure, the entity revoking the key cannot always directly inform the other entities that may rely upon that key. Instead, the entity revoking the key shall inform the infrastructure that the key shall be revoked (e.g., using a certificate revocation request). The infrastructure shall respond by deregistering the key material (see 8.3.3). 8.4 Destroyed Phase The keying material is no longer available. All records of its existence may have been deleted. However, some organizations may require the retention of certain key attributes for audit purposes. For example, if a copy of an ostensibly destroyed key is found in an uncontrolled environment or later determined to have been compromised, records of the identifier of the key and its type, and cryptoperiod may be helpful in determining what information was protected under the key and how best to recover from the compromise. In addition, by keeping a record of the attributes of both destroyed and destroyed compromised keys, one will be able to track which keys transitioned through a normal lifecycle and which ones were compromised at some time during their lifecycle. Thus, protected information that is linked to key names that went through the normal lifecycle may still be considered secure, provided that the security strength of the algorithm remains sufficient. However, any protected information that is linked to a key name that has been compromised may itself be compromised. 9 Accountability, Audit, and Survivability Systems which process valuable information require controls in order to protect that information from unauthorized disclosure and modification. Cryptographic systems which contain keys and 113
March, 2007 other cryptographic information are especially critical. Three useful control principles and their application to the protection of keying material are highlighted in this section. 9.1 Accountability Accountability involves the identification of those entities that have access to, or control of, cryptographic keys throughout their lifecycles. Accountability can be an effective tool to help prevent key compromises and to reduce the impact of compromises once they are detected. Although it is preferred that no humans are able to view keys, as a minimum, the key management system should account for all individuals who are able to view plaintext cryptographic keys. In addition, more sophisticated key management systems may account for all individuals authorized to access or control any cryptographic keys, whether in plaintext or ciphertext form. For example, a sophisticated accountability system might be able to determine each individual who had control of any given key over its entire life span. This would include the person in charge of generating the key, the person who used the key to cryptographically protect data, and the person who was responsible for destroying the key when it was no longer needed. Even though these individuals never actually saw the key in plaintext form, they are held accountable for the actions that they performed on or with the key. Accountability provides three significant advantages: 1. It aids in the determination of when the compromise could have occurred and what individuals could have been involved, 2. It tends to protect against compromise, because individuals with access to the key know that their access to the key is known, and 3. It is very useful in recovering from a detected key compromise to know where the key was used and what data, or other keys, were protected by the compromised key. Certain principles have been found to be useful in enforcing the accountability of cryptographic keys. These principles might not apply to all systems or all types of keys. Some of the principles apply to longer-term keys that are controlled by humans. The principles include: a. Uniquely identifying keys, b. Identifying the key user, c. Identifying dates and times of key use along with the data that is protected, and d. Identifying other keys that are protected by a symmetric or private key. 9.2 Audit Two types of audit should be performed on key management systems: 1. The security plan and the procedures that are developed to support the plan should be periodically audited to ensure that they continue to support the Key Management Policy (see <strong>Part</strong> 2). 2. The protective mechanisms employed should be periodically reassessed with respect to the level of security that they provide and are expected to provide in the future, and that the mechanisms correctly and effectively support the appropriate policies. New technology developments and attacks should be taken into consideration. 114
Page 1 and 2:
ARCHIVED PUBLICATION The attached p
Page 3 and 4:
Abstract March, 2007 This Recommend
Page 5 and 6:
Authority March, 2007 This document
Page 7 and 8:
March, 2007 key validation, account
Page 9 and 10:
March, 2007 4.2.4.1 DSA............
Page 11 and 12:
March, 2007 8 KEY MANAGEMENT PHASES
Page 13 and 14:
March, 2007 10.2.9 Compromise Manag
Page 15 and 16:
March, 2007 Figure 3: Key states an
Page 17 and 18:
March, 2007 1.2 Audience The audien
Page 19 and 20:
March, 2007 1. Section 1, Introduct
Page 21 and 22:
March, 2007 Backup A copy of inform
Page 23 and 24:
March, 2007 Digital signature The r
Page 25 and 26:
Key Management Policy Key Managemen
Page 27 and 28:
Proof of possession (POP) Pseudoran
Page 29 and 30:
March, 2007 Split knowledge A proce
Page 31 and 32:
March, 2007 3 Security Services Cry
Page 33 and 34:
March, 2007 However, it is often th
Page 35 and 36:
March, 2007 4 Cryptographic Algorit
Page 37 and 38:
March, 2007 operates on blocks (chu
Page 39 and 40:
March, 2007 minimum key size 7 of 1
Page 41 and 42:
March, 2007 2. The protocols trigge
Page 43 and 44:
March, 2007 7. Symmetric key wrappi
Page 45 and 46:
March, 2007 9. Random numbers: The
Page 47 and 48:
March, 2007 In general, where stron
Page 49 and 50:
March, 2007 a. When a symmetric key
Page 51 and 52:
March, 2007 information. For less s
Page 53 and 54:
8. Symmetric and Asymmetric RNG key
Page 55 and 56:
15. Private ephemeral key agreement
Page 57 and 58:
Key Type 12. Symmetric Key Agreemen
Page 59 and 60:
March, 2007 establishment keys, see
Page 61 and 62:
March, 2007 c. Restricting plaintex
Page 63 and 64: March, 2007 algorithms completely i
Page 65 and 66: March, 2007 Table 3: Hash function
Page 67 and 68: Table 4: Recommended algorithms and
Page 69 and 70: March, 2007 size is available, the
Page 71 and 72: Security life of data up to 4 years
Page 73 and 74: March, 2007 6 Protection Requiremen
Page 75 and 76: Table 5: Protection requirements fo
Page 77 and 78: Key Type Security Service Private e
Page 79 and 80: March, 2007 Crypto. Security Securi
Page 81 and 82: March, 2007 may be applied only to
Page 83 and 84: March, 2007 All cryptographic infor
Page 85 and 86: March, 2007 8. Domain parameters (e
Page 87 and 88: March, 2007 6. Destroyed Compromise
Page 89 and 90: March, 2007 a. A private signature
Page 91 and 92: 2 Pre-Operational Phase 3 7 1 4 Ope
Page 93 and 94: March, 2007 8.1 Pre-operational Pha
Page 95 and 96: 8.1.5.1.1 Distribution of Static Pu
Page 97 and 98: March, 2007 and then provide eviden
Page 99 and 100: March, 2007 listed in Section 8.1.5
Page 101 and 102: March, 2007 encrypting key or publi
Page 103 and 104: March, 2007 8.1.5.3.5 Intermediate
Page 105 and 106: March, 2007 of keying material and
Page 107 and 108: March, 2007 2. The application in w
Page 109 and 110: March, 2007 and the key derivation
Page 111 and 112: March, 2007 Type of Key Archive? Re
Page 113: March, 2007 All records of the enti
Page 117 and 118: March, 2007 access to information e
Page 119 and 120: March, 2007 1. Private key used to
Page 121 and 122: March, 2007 10.2 Content of the Key
Page 123 and 124: March, 2007 Management Specificatio
Page 125 and 126: March, 2007 is the same value as th
Page 127 and 128: March, 2007 If the decision is made
Page 129 and 130: March, 2007 only, and then shall be
Page 131 and 132: March, 2007 may be stored in backup
Page 133 and 134: March, 2007 and the method of key r
Page 135 and 136: March, 2007 ephemeral key pairs, an
Page 137 and 138: B.3.14.7 Key Control Information Ma
Page 139 and 140: March, 2007 to be saved. Keys for t
Page 141 and 142: [HAC] Handbook of Applied Cryptogra
Page 143: March, 2007 the owner by the CA tha
show all

Part 1: General - Computer Security Resource Center - National ...

Create successful ePaper yourself

Delete template?

Save as template?