Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
March, 2007<br />
may be applied only to the cryptographic information, or may be applied to an entire<br />
message,<br />
-OR-<br />
(b) The keying material is used to perform the intended cryptographic operation. If the<br />
use of the keying material produces incorrect results, or the data is inconsistent in the<br />
context of the application, then the received keying material may have been<br />
corrupted.<br />
The response to the detection of an integrity failure will vary depending on the specific<br />
environment. Improper error handling can allow attacks (e.g., side channel attacks). A security<br />
policy (see <strong>Part</strong> 2) should define the response to such an event. For example, if an error is<br />
detected in the received information, and the receiver requires that the information is entirely<br />
correct (e.g., the receiver cannot proceed when the information is in error), then:<br />
a. the information should not be used,<br />
b. the recipient may request that the information be resent (retransmissions should be<br />
limited to a predetermined number of times), and<br />
c. information related to the incident may be stored in an audit log to later identify the<br />
source of the error.<br />
6.2.1.3 Confidentiality<br />
Keying material may require confidentiality protection during transit. If confidentiality<br />
protection is required, the keying material shall be protected using one or more of the following<br />
mechanisms:<br />
1. Manual method:<br />
(a) The keying material is encrypted,<br />
-OR-<br />
(b) The keying material is separated into key components. Each key component is<br />
handled, using split knowledge procedures (see Sections 8.1.5.2.1 and 8.1.5.2.2.1), so<br />
that no single individual can acquire access to all key components.<br />
-OR-<br />
(c) Appropriate physical and procedural protection is provided (e.g., by using a trusted<br />
courier).<br />
2. Electronic distribution via communication protocols: The keying material is encrypted.<br />
6.2.1.4 Association with Usage or Application<br />
The association of keying material with its usage or application shall be either specifically<br />
identified during the distribution process or be implicitly defined by the use of the application.<br />
See Section 6.2.3 for guidance on labeling.<br />
80