Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
APPENDIX B: Key Recovery<br />
Federal agencies have a responsibility to protect the information contained in, processed by and<br />
transmitted between their Information Technology systems. Cryptographic techniques are often<br />
used as part of this process. These techniques are used to provide confidentiality, assurance of<br />
integrity, non-repudiation or access control. Policies shall be established to address the<br />
protection and continued accessibility of cryptographically protected information, and<br />
procedures shall be in place to ensure that the information remains viable during its lifetime.<br />
When cryptographic keying material is used to protect the information, this same keying material<br />
may need to be available to remove (e.g., decrypt) or verify (e.g., verify the MAC) those<br />
protections.<br />
In many cases, the keying material used for cryptographic processes might not be readily<br />
available. This might be the case for a number of reasons, including:<br />
1. the cryptoperiod of the key has expired, and the keying material is no longer in<br />
operational storage,<br />
2. the keying material has been corrupted (e.g., the system has crashed or a virus has<br />
modified the saved keying material in operational storage), or<br />
3. the owner of the keying material is not available, and the owner’s organization needs to<br />
obtain the plaintext information.<br />
In order to have this keying material available when required, the keying material needs to be<br />
saved somewhere or to be constructible (e.g., derivable) from other available keying material.<br />
The process of re-acquiring the keying material is called key recovery. Key recovery is often<br />
used as one method of information recovery when the plaintext information needs to be<br />
recovered from encrypted information. However, keying material or other related information<br />
may need to be recovered for other reasons, such as the corruption of keying material in normal<br />
operational storage (see Section 8.2.1), e.g., the verification of MACS for archived documents.<br />
Key recovery may also be appropriate for situations in which it is easier or faster to recover the<br />
keying material than it is to generate and distribute new keying material. Key recovery is<br />
motivated by a need to recover or ascertain the validity of cryptographically protected<br />
information (e.g., the information that has been encrypted or authenticated) on behalf of an<br />
organization or individual.<br />
However, there are applications that may not need to save the keying material for an extended<br />
time because of other procedures to recover an operational capability when the keying material<br />
or the information protected by the keying material becomes inaccessible. Applications of this<br />
type could include telecommunications where the transmitted information could be resent, or<br />
applications that could quickly derive, or acquire and distribute new keying material.<br />
It is the responsibility of an organization to determine whether or not the recovery of keying<br />
material is required for their application. The decision as to whether key recovery is required<br />
should be made on a case by case basis, and this decision should be reflected in the Key<br />
Management Policy and the Key Management Practices Statement (see <strong>Part</strong> 2). If the decision is<br />
made to provide key recovery, the appropriate method of key recovery should be selected, based<br />
on the type of keying material to be recovered and the capabilities of the organization, and a<br />
suitable key recovery methodology should be designed and implemented.<br />
125