Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
B.3.14.7 Key Control Information<br />
March, 2007<br />
Key control information is used, for example, to determine the keys and other information to be<br />
used to process cryptographically protected information (e.g., decrypt or authenticate), to<br />
identify the purpose of a key, or the entities that share the key (see Section 6.2.3).<br />
Key control information should be backed up or archived for as long as the associated key needs<br />
to be available.<br />
B.3.14.8 Random Numbers<br />
Random numbers are generated by random number generators. The backup or archiving of a<br />
random number depends on how it is used.<br />
B.3.14.9 Passwords<br />
A password is used to acquire access to privileges by an entity. The loss of a password will deny<br />
the privileges. If the password can be replaced in a timely fashion, then the password need not be<br />
backed up. A password shall not be archived.<br />
B.3.14.10 Audit Information<br />
Audit information containing key management events shall be backed up and archived.<br />
B.4 Key Recovery Systems<br />
Key recovery is a broad term that may be applied to several different key recovery techniques.<br />
Each technique will result in the recovery of a cryptographic key and other information<br />
associated with that key (i.e., the keying material). The information required to recover that key<br />
may be different for each application or each key recovery technique. The term “Key Recovery<br />
Information” (KRI) is used to refer to the aggregate of information that is needed to recover or<br />
verify cryptographically protected information. Information that may be considered as KRI<br />
includes the keying material to be recovered or sufficient information to reconstruct the keying<br />
material, other associated cryptographic information, the time when the key was created, the<br />
identifier of the owner of the key (i.e., the individual, application or organization who created the<br />
key or who own the data protected by that key) and any conditions that must be met by a<br />
requestor to be able to recover the keying material.<br />
When an organization determines that key recovery is required for all or part of its keying<br />
material, a secure Key Recovery System (KRS) needs to be established in accordance with a well<br />
defined Key Recovery Policy (see Appendix B.5). The KRS shall support the Key Recovery<br />
Policy and consists of the techniques and facilities for saving and recovering the keying material,<br />
the procedures for administering the system, and the personnel associated with the system.<br />
When key recovery is determined to be necessary, the KRI may be stored either within an<br />
organization (in backup or archive storage) or may be stored at a remote site by a trusted entity.<br />
There are many acceptable methods for enabling key recovery. A KRS could be established<br />
using a safe for keying material storage; a KRS might use a single computer that provides the<br />
initial protection of the plaintext information, storage of the associated keying material and<br />
recovery of that keying material; a KRS may include a network of computers with a central Key<br />
Recovery <strong>Center</strong>; or a KRS could be designed using other configurations. Since a KRS provides<br />
an alternative means for recovering cryptographic keys, a risk assessment should be performed<br />
to ensure that the KRS adequately protects the organization’s information and reliably provides<br />
136