Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
symmetric authentication key rather than reusing the “lost” key is also acceptable; a new<br />
MAC would need to be computed on the information using the new authentication key.<br />
Otherwise, the symmetric authentication key should be backed up. Archiving the<br />
authentication key is not appropriate if the MAC and the authenticated information are<br />
not subsequently stored, since the use of the key for both applying and checking the<br />
MAC would be discontinued at the end of the key's cryptoperiod. If the MAC and the<br />
authenticated information are subsequently stored, then the symmetric authentication key<br />
should be backed up or archived for as long as the integrity and source of the information<br />
needs to be determined. However, at some time the cryptographic strength of the MAC<br />
may be reduced or lost completely. If the MAC algorithm has been withdrawn or the<br />
cryptoperiod of the MAC key has expired, the MAC shall be regarded as an error<br />
detection code rather than a cryptographic integrity check.<br />
In case 4, the symmetric authentication key should be backed up or archived for as long<br />
as the integrity and source of the information needs to be determined. However, at some<br />
time the cryptographic strength of the MAC may be reduced or lost completely. If the<br />
MAC algorithm has been withdrawn or the cryptoperiod of the MAC key has expired, the<br />
MAC shall be regarded as an error detection code rather than a cryptographic integrity<br />
check.<br />
The symmetric authentication key may be stored in backup storage for the cryptoperiod of the<br />
key, and in archive storage until no longer required. If the authentication key is recovered by<br />
reconstruction, the “base” key (e.g., the master key for a key derivation method) may be stored in<br />
normal operational storage or backup storage for the cryptoperiod of the key, and in archive<br />
storage until no longer required.<br />
B.3.3 Authentication Key Pairs<br />
A public authentication key is used by a receiving entity to obtain the assurance of both the<br />
identity of the entity that originated information and the integrity of the information. The<br />
associated private authentication key is used by the originating entity to provide this assurance to<br />
a receiving entity by computing a digital signature on the information. This key pair may not<br />
provide non-repudiation.<br />
B.3.3.1 Public Authentication Keys<br />
It is appropriate to store a public authentication key in either backup or archive storage for as<br />
long as required to verify the authenticity of the data that was authenticated by the associated<br />
private authentication key. However, at some time the cryptographic strength of the signature<br />
may be reduced or lost completely. The signature algorithm may no longer offer adequate<br />
security or the private authentication key may have been compromised. If the signature algorithm<br />
has been withdrawn or the cryptoperiod of the private authentication key has expired, signature<br />
shall be regarded as an error detection code rather than a digital signature. Appropriate storage<br />
systems are being developed that employ cryptographic time stamps to store sensitive data<br />
beyond the normal security life of the original signature algorithm or its keys.<br />
In the case of a public key that has been certified (e.g., by a Certificate Authority), saving the<br />
public key certificate would be an appropriate form of storing the public key; backup or archive<br />
storage may be provided by the infrastructure (e.g., by a certificate repository). The public key<br />
129