Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March, 2007<br />
Crypto. <strong>Security</strong> <strong>Security</strong> Association Assurance Period of Protection<br />
Information Service Protection Protection of Domain<br />
Type Parameter<br />
Validity<br />
RNG Seeds Support Confidentiality;<br />
Integrity<br />
Usage or application Used once and destroyed<br />
From generation until no<br />
longer needed for<br />
subsequent reseeding.<br />
The RNG seed shall be<br />
destroyed at the end of the<br />
period of protection<br />
Other public Support Archive; Usage or application; From generation until no<br />
information<br />
Integrity; Other authorized<br />
entities;<br />
Data processed using<br />
the nonce<br />
longer needed to process<br />
data using the public<br />
information<br />
Intermediate<br />
results<br />
Key control<br />
information<br />
(e.g., IDs,<br />
purpose)<br />
Random<br />
number<br />
Support Confidentiality;<br />
Integrity<br />
Support Archive;<br />
Integrity<br />
Support Integrity;<br />
Confidentiality<br />
(depends on<br />
usage)<br />
Password Authentication Integrity;<br />
Confidentiality<br />
Usage or application From generation until no<br />
longer needed and the<br />
intermediate results are<br />
destroyed<br />
Key From generation until the<br />
associated key is destroyed<br />
Usage or application;<br />
Owning entity<br />
From generation until no<br />
longer needed, and the<br />
random number is destroyed<br />
From generation until<br />
replaced or no longer needed<br />
to authenticate the entity<br />
Audit Support Archive; Audited events; From generation until no<br />
information<br />
Integrity; Key control<br />
longer needed<br />
Access<br />
authorization<br />
information<br />
6.2 Protection Mechanisms<br />
During the lifetime of cryptographic information, the information is either “in transit” (e.g., is in<br />
the process of being manually or electronically distributed to the authorized communications<br />
participants for use by those entities) or is “at rest” (e.g., the information is in storage). In either<br />
case, the keying material shall be protected in accordance with Section 6.1. However, the choice<br />
of protection mechanisms may vary. Although several methods of protection are provided in the<br />
following subsections, not all methods provide equal security. The method should be carefully<br />
selected. In addition, the mechanisms prescribed do not, by themselves, guarantee protection.<br />
78