null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
58670
Crypto U10 (part 1), Key Management & Lifecycle
Description
IYM002 (Unit 10 - Key Mgt Lifecycle) Mind Map on Crypto U10 (part 1), Key Management & Lifecycle, created by jjanesko on 27/04/2013.
No tags specified
iym002
unit 10 - key mgt lifecycle
iym002
unit 10 - key mgt lifecycle
Mind Map by
jjanesko
, updated more than 1 year ago
More
Less
Created by
jjanesko
over 11 years ago
135
10
0
Resource summary
Crypto U10 (part 1), Key Management & Lifecycle
key lifecycle
key generation
direct key generation
symmetric keys
generate (pseudo)random number
careful: for some algorithms certain values should be avoided
key derivation
derive keys from other keys
derivation function should be one way
prolongs life of base key which is expensive to create
component key generation
different entities provide input to the key
components put into a "combiner"
public key pair generation
requires random number generation
only mathematically appropriate values
must consult relevant standard before generating values for keys
key establishment
getting the key to the right place
Does it need to be.
shared?
distributed in controlled environment?
distributed in uncontrolled environment?
kept secret?
predistributed?
example methods
key hierarchy
key translation
key center has master keys for each entity in network and facilitates key exchange between entitites
key despatch
key center has master keys for each entity in network and generates and dispatches keys for communication between entities
unique key per transaction (UKPT)
a new key is created for each transaction based on value stored in key register and transaction information
Racal UKPT
Derived UKPT Scheme (Visa)
quantum key establishment
key storage
stored encrypted
can be retrieved with correct passphrase
user enters passphrase, passcode turned into key encrypting key, decrypts key
embed in software
store "in the clear"
hide key
store on hardware device
HSM - hardware security module
tamper resistant
micro switches
electronic mesh
resin
temperature detectors
light sensitive diodes
movement or tilt detectors
security chips
keys are generally stored encrypted by local master key (LMK)
standard: FIPS 140
store in component form
backup
keep in case key-in-use is destroyed
archival
keep record after key removed from circulation (legal purposes)
recovery
accessing key on a backup device
can be associated with key escrow
basics
definition: secure administration of cryptographic keys
control types
technical
process
environmental
human factors
requirements
secrecy of key
only the intended audience has access
assurance of purpose
entities must be assured that the key is only used as intended
key management system
system for managing the various phase of the key life cycle
dependent on
network topology
cryptographic mechanisms
legacy issues
compliance restrictions
key properties
length
lifetime (limited)
against key compromise
against key management failures
enforcement of management cycles
against future attacks
flexibility
limitation of key exposure
"cryptoperiod"
Show full summary
Hide full summary
Want to create your own
Mind Maps
for
free
with GoConqr?
Learn more
.
Similar
Crypto U10 (part 2), Key Management and Lifecycle
jjanesko
Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
jjanesko
Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
jjanesko
Crypto U3, Theoretical vs. Practical Security
jjanesko
Crypto U1, Basic Principles
jjanesko
Crypto U4, Stream Cipher
jjanesko
Crypto U4, Block Cipher, Counter Mode
jjanesko
Crypto U4, Block Cipher, Electronic Codebook Mode (ECB)
jjanesko
Crypto U2, Crypto design principles
jjanesko
Crypto U9, Cryptographic Protocols
jjanesko
Crypto U8, example dynamic password scheme
jjanesko
Browse Library