Crypto U10 (part 1), Key Management & Lifecycle

Description

IYM002 (Unit 10 - Key Mgt Lifecycle) Mind Map on Crypto U10 (part 1), Key Management & Lifecycle, created by jjanesko on 27/04/2013.
jjanesko
Mind Map by jjanesko, updated more than 1 year ago
jjanesko
Created by jjanesko over 11 years ago
135
10

Resource summary

Crypto U10 (part 1), Key Management & Lifecycle
  1. key lifecycle
    1. key generation
      1. direct key generation
        1. symmetric keys
          1. generate (pseudo)random number
            1. careful: for some algorithms certain values should be avoided
            2. key derivation
              1. derive keys from other keys
                1. derivation function should be one way
                  1. prolongs life of base key which is expensive to create
                  2. component key generation
                    1. different entities provide input to the key
                      1. components put into a "combiner"
                      2. public key pair generation
                        1. requires random number generation
                          1. only mathematically appropriate values
                            1. must consult relevant standard before generating values for keys
                          2. key establishment
                            1. getting the key to the right place
                              1. Does it need to be.
                                1. shared?
                                  1. distributed in controlled environment?
                                    1. distributed in uncontrolled environment?
                                    2. kept secret?
                                      1. predistributed?
                                      2. example methods
                                        1. key hierarchy
                                          1. key translation
                                            1. key center has master keys for each entity in network and facilitates key exchange between entitites
                                            2. key despatch
                                              1. key center has master keys for each entity in network and generates and dispatches keys for communication between entities
                                            3. unique key per transaction (UKPT)
                                              1. a new key is created for each transaction based on value stored in key register and transaction information
                                                1. Racal UKPT
                                                  1. Derived UKPT Scheme (Visa)
                                                2. quantum key establishment
                                              2. key storage
                                                1. stored encrypted
                                                  1. can be retrieved with correct passphrase
                                                    1. user enters passphrase, passcode turned into key encrypting key, decrypts key
                                                    2. embed in software
                                                      1. store "in the clear"
                                                        1. hide key
                                                        2. store on hardware device
                                                          1. HSM - hardware security module
                                                            1. tamper resistant
                                                              1. micro switches
                                                                1. electronic mesh
                                                                  1. resin
                                                                    1. temperature detectors
                                                                      1. light sensitive diodes
                                                                        1. movement or tilt detectors
                                                                          1. security chips
                                                                          2. keys are generally stored encrypted by local master key (LMK)
                                                                            1. standard: FIPS 140
                                                                          3. store in component form
                                                                            1. backup
                                                                              1. keep in case key-in-use is destroyed
                                                                              2. archival
                                                                                1. keep record after key removed from circulation (legal purposes)
                                                                                2. recovery
                                                                                  1. accessing key on a backup device
                                                                                    1. can be associated with key escrow
                                                                              3. basics
                                                                                1. definition: secure administration of cryptographic keys
                                                                                  1. control types
                                                                                    1. technical
                                                                                      1. process
                                                                                        1. environmental
                                                                                          1. human factors
                                                                                        2. requirements
                                                                                          1. secrecy of key
                                                                                            1. only the intended audience has access
                                                                                            2. assurance of purpose
                                                                                              1. entities must be assured that the key is only used as intended
                                                                                            3. key management system
                                                                                              1. system for managing the various phase of the key life cycle
                                                                                                1. dependent on
                                                                                                  1. network topology
                                                                                                    1. cryptographic mechanisms
                                                                                                      1. legacy issues
                                                                                                        1. compliance restrictions
                                                                                                      2. key properties
                                                                                                        1. length
                                                                                                          1. lifetime (limited)
                                                                                                            1. against key compromise
                                                                                                              1. against key management failures
                                                                                                                1. enforcement of management cycles
                                                                                                                  1. against future attacks
                                                                                                                    1. flexibility
                                                                                                                      1. limitation of key exposure
                                                                                                                        1. "cryptoperiod"
                                                                                                                    Show full summary Hide full summary

                                                                                                                    Similar

                                                                                                                    Crypto U10 (part 2), Key Management and Lifecycle
                                                                                                                    jjanesko
                                                                                                                    Crypto U4, Block Cipher, Cipher Feedback Mode (CFB)
                                                                                                                    jjanesko
                                                                                                                    Crypto U4, Block Cipher, Cipher Block Chaining Mode (CBC)
                                                                                                                    jjanesko
                                                                                                                    Crypto U3, Theoretical vs. Practical Security
                                                                                                                    jjanesko
                                                                                                                    Crypto U1, Basic Principles
                                                                                                                    jjanesko
                                                                                                                    Crypto U4, Stream Cipher
                                                                                                                    jjanesko
                                                                                                                    Crypto U4, Block Cipher, Counter Mode
                                                                                                                    jjanesko
                                                                                                                    Crypto U4, Block Cipher, Electronic Codebook Mode (ECB)
                                                                                                                    jjanesko
                                                                                                                    Crypto U2, Crypto design principles
                                                                                                                    jjanesko
                                                                                                                    Crypto U9, Cryptographic Protocols
                                                                                                                    jjanesko
                                                                                                                    Crypto U8, example dynamic password scheme
                                                                                                                    jjanesko