Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
altered from their original contents), i.e., non-repudiation and the authenticity of the<br />
information is in question.<br />
The unauthorized disclosure of a private signature key means that the integrity and nonrepudiation<br />
qualities of all data signed by that key are suspect. An unauthorized party in<br />
possession of the private key could sign false information and make it appear to be valid.<br />
In cases where it can be shown that the signed data was protected by other mechanisms<br />
(e.g., physical security) from a time before the compromise, the signature may still have<br />
some value. For example, if a signed message was received on day 1 and it was later<br />
determined that the private signing key was compromised on day 15, the receiver may<br />
still have confidence that the message is valid because it was maintained in the receiver’s<br />
possession. Note that cryptographic time stamping may also provide protection for<br />
messages signed before the private signature key was compromised. However, the<br />
security provided by these other mechanisms is now critical to the security of the<br />
signature. In addition the non-repudiation may be questioned, since the private signature<br />
key may have been disclosed to the message receiver who then altered the message in<br />
some way.<br />
2. A compromise of the integrity of a key means that the key is incorrect - either that the<br />
key has been modified (either deliberately or accidentally), or that another key has been<br />
substituted; this includes a deletion (non-availability) of the key. The compromise of a<br />
key used to provide integrity 17 calls into question the integrity of all information<br />
protected by the key. This information could have been provided by, or changed by, an<br />
unauthorized entity.<br />
3. A compromise of a key’s usage or application association means that the key could be<br />
used for the wrong purpose (e.g., key establishment instead of digital signatures) or for<br />
the wrong application, and could result in the compromise of information protected by<br />
the key.<br />
4. A compromise of a key’s association with the owner or other entity means that the<br />
identity of the other entity cannot be assured (i.e., one doesn’t know who the other entity<br />
really is) or that information cannot be processed correctly (e.g., encrypted or decrypted<br />
with the correct key).<br />
5. A compromise of a key’s association with other information means that there is no<br />
association at all, or the association is with the wrong “information”. This could cause the<br />
cryptographic services to fail, information to be lost, or the security of the information to<br />
be compromised.<br />
Certain protective measures may be taken in order to minimize the likelihood or consequences of<br />
a key compromise. The following procedures are usually involved:<br />
a. Limiting the amount of time a symmetric or private key is in plaintext form.<br />
b. Preventing humans from viewing plaintext symmetric and private keys.<br />
17 As opposed to the integrity of a key that could, for example, be used for encryption.<br />
59