Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
6 Protection Requirements for Cryptographic Information<br />
This section gives guidance on the types of protection for keying material. Cryptographic keying<br />
material is defined as the cryptographic key and associated information required to use the key.<br />
The specific information varies depending on the type of key. The cryptographic keying material<br />
must be protected in order for the security services to be “meaningful.” Much of the protection<br />
needed may be provided by a FIPS140-2 validated cryptographic module; however, whenever<br />
the keying material exists external to a FIPS140-2 cryptomodule, additional protection is<br />
required. The type of protection needed depends on the type of key and the security service for<br />
which the key is used.<br />
6.1 Protection Requirements<br />
Keying material should be (operationally) available as long as the associated cryptographic<br />
service is required. Keys may be maintained within a cryptographic module while they are being<br />
actively used, or they may be stored externally (provided proper protection is afforded) and<br />
recalled as needed. Some keys may need to be archived if required beyond the key’s originator<br />
usage period (see Section 5.3.5).<br />
The following protections may be provided to the keying material.<br />
Integrity protection (Also called assurance of integrity) shall be provided for all keying<br />
material. Integrity protection always involves checking the source and format of received<br />
keying material (see Section 5.4.1). Integrity protection can be provided by cryptographic<br />
integrity mechanisms (e.g. cryptographic checksums, cryptographic hashes, MACs, and<br />
signatures), non-cryptographic integrity mechanisms (e.g. CRCs, parity, etc.) (see<br />
Appendix A), or physical protection mechanisms. Guidance for the selection of<br />
appropriate integrity mechanisms is given in Sections 6.2.1.2 and 6.2.2.2.<br />
The confidentiality of all symmetric and private keys shall be protected. Public keys<br />
generally do not require confidentiality protection. When the symmetric or private key<br />
exists internal to a validated cryptomodule, confidentiality protection is provided by the<br />
cryptomodule in accordance with [FIPS140-2]. When the symmetric or private key exists<br />
external to the cryptomodule, confidentiality protection shall be provided either by<br />
encryption (e.g., key wrapping) or by controlling access to the key via physical means<br />
(e.g. storing the keying material in a safe with limited access). The security and<br />
operational impact of specific confidentiality mechanisms varies. Guidance for the<br />
selection of appropriate confidentiality mechanisms is given in Sections 6.2.1.3 and<br />
6.2.2.3.<br />
Association protection shall be provided for a cryptographic security service by ensuring<br />
that the correct keying material is used with the correct data in the correct application or<br />
equipment. Guidance for the selection of appropriate association protection is given in<br />
Sections 6.2.1.4 and 6.2.2.4.<br />
Assurance of domain parameter and public key validity provides confidence that the<br />
parameters and keys are arithmetically correct (see Section 5.4.2 and 5.4.3). Guidance for<br />
the selection of appropriate validation mechanisms is given in [SP800-56], [FIPS186-3],<br />
as well as this document.<br />
72