Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
establishment keys, see [SP800-56]; for specific details regarding assurance of possession of<br />
digital signature keys, see [FIPS186-3]. Assurance of private key possession may be obtained by<br />
participating in a protocol with the claimed owner of the key that uses the private key as it is<br />
intended to be used. For example, a private digital signature key may be confirmed by using it to<br />
sign data (see Section 8.1.5.1.1.1, item 1), and a private key establishment key may be confirmed<br />
by performing a key confirmation protocol with the claimed owner of the key (see [SP800-56]).<br />
Sometimes when a CA public key is distributed, the CA will sign its own public key to provide<br />
assurance of possession. Assurance of validity shall always be obtained prior to, or concurrently<br />
with, assurance of possession.<br />
5.5 Compromise of Keys and other Keying Material<br />
Information protected by cryptographic mechanisms is secure only if the algorithms remain<br />
strong, and the keys have not been compromised. Key compromise occurs when the protective<br />
mechanisms for the key fail (e.g., the confidentiality, integrity or association of the key to its<br />
owner fail - see Section 6), and the key can no longer be trusted to provide the required security.<br />
When a key is compromised, all use of the key to protect information (e.g., compute a digital<br />
signature or encrypt information) shall cease and the compromised key shall be revoked (see<br />
Section 8.3.5). However, the continued use of the key under controlled circumstances to remove<br />
or verify the protections (e.g., decrypt or verify a digital signature) may be warranted, depending<br />
on the risks of continued use and an organization's Key Management Policy (see <strong>Part</strong> 2). The<br />
continued use of a compromised key shall be limited to processing protected information. In this<br />
case, the entity that uses the information shall be made fully aware of the dangers involved.<br />
Limiting the cryptoperiod of the key limits the amount of material that would be compromised<br />
(exposed) if the key were compromised. Using different keys for different purposes (e.g.,<br />
different applications as well as different cryptographic mechanisms), as well as limiting the<br />
amount of information protected by a single key, also achieves this purpose.<br />
The compromise of a key has the following implications:<br />
1. The unauthorized disclosure of a key means that another entity (an unauthorized entity)<br />
may know the key and be able to use that key to perform computations requiring the use<br />
of the key.<br />
In general, the unauthorized disclosure of a key used to provide confidentiality<br />
protection 16 (i.e., via encryption) means that all information encrypted by that key could<br />
be known by unauthorized entities. For example, if a symmetric data encryption key is<br />
compromised, the unauthorized entity might use the key to decrypt past or future<br />
encrypted information, i.e., the information is no longer confidential between the<br />
authorized entities.<br />
In the case of the unauthorized disclosure of a key used to provide integrity protection<br />
(e.g., via digital signatures), the integrity protection on the data may be lost. For example,<br />
if a private signature key is compromised, the unauthorized entity might sign messages as<br />
if they were originated by the key’s real owner (either new messages or messages that are<br />
16 As opposed to the confidentiality of a key that could, for example, be used as a signing private<br />
key.<br />
58