key management lifecycle key management lifecycle
play

Key Management Lifecycle Key Management Lifecycle Cryptographic key - PDF document

Jul 19, 2023 •327 likes •522 views

Key Management Lifecycle Key Management Lifecycle Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management guidance is provided in [SP800-21]. A single item of keying

  1. Key Management Lifecycle Key Management Lifecycle Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management guidance is provided in [SP800-21]. A single item of keying material (e.g., a key) has several states during its life, though some of these states may, in fact, be very short: - Pre-operational: The keying material is not yet available for normal cryptographic operations. - Operational: The keying material is available and in normal use. - Post-operational: The keying material is no longer in normal use , but access to the material is possible. - Obsolete/destroyed: The keying material is no longer available. All records of its existence may have been deleted. The next viewgraph identifies the subsections that discuss various stages of key management for a given entity. 1

  2. Key Management Lifecycle 4.1 User Registration 4.2 System and User Initialization 4.3 Keying Material Installation 4.4 Key Establishment 4.5 Key Registration 4.6 Operational Use 4.7 Storage of Keying Material 4.8 Key Update 4.9 Key Recovery 4.10 Key De-registration and Destruction 4.11 Key Revocation User Registration During registration, an entity becomes an authorized member of a security domain. This includes the acquisition or creation and exchange of initial keying material. 2

  3. System and User Initialization ♦ System initialization: setting up/configuring a system for secure operation. ♦ User initialization: an entity initializes its cryptographic application Keying Material Installation ♦ Keying material is installed for operational use Keying material – when the software, hardware, system, application, cryptomodule, or device is initially set up, – when new keying material is added to the existing keying material – when existing keying material is replaced ♦ Test keying material must be replaced prior to operational use. 3

  4. Key Establishment (This discussion is provided separately) Key Registration ♦ Keying material is bound to information or attributes associated with a particular entity. – Identity of the entity associated with the keying material – authorization information or specify a level of trust? This step is typically performed when the entity is a participant in a key management infrastructure 4

  5. Operational Use ♦ The objective of the key management lifecycle is to facilitate the operational availability of keying material for standard cryptographic purposes. ♦ Under normal circumstances, a key remains operational until the end of the key’s cryptoperiod. Storage of Keying Material 4.7.1 General Protection Methods Confidentiality Integrity Association With Usage or Application Association With the Other Entity Long Term Availability Association With Other Information 4.7.2 Operational Storage 4.7.3 Backup Storage 4.7.4 Key Archive Storage 5

  6. Storage of Keying Material ♦ Depends on type, protection requirements, and stage. ♦ When required for operational use, and not present in active memory, acquired from operational storage. ♦ If in active memory, or operational storage is lost or corrupted, may be recovered from backup storage ♦ After the end of a cryptoperiod, recover from archival storage ♦ May be stored to be immediately available to an application, e.g., on a local hard disk or server (typical for operational storage) ♦ Material may be stored in electronic form on a removable medium or in hard copy form and placed in a safe (typical for backup or archive storage) General Protection Methods 4.7.1.1 Confidentiality 4.7.1.2 Integrity 4.7.1.3 Association with Usage or Application 4.7.1.4 Association with the Other Entity 4.7.1.5 Long Term Availability 4.7.1.6 Association with Other Information 6

  7. Confidentiality ♦ Keying material (KM) may reside in Approved cryptographic module. (ACM). ♦ ACM must be designed to comply with FIPS 140-2 and have been tested by an accredited CMVP laboratory. ♦ KM may reside in appropriately configured trusted operating system environment. ♦ KM may be stored in a secured environment. KM must either be encrypted or stored using dual control. ♦ KM may be split into multiple components. Each must be the same length as the original (should appear as a random value). Components stored separately under dual control, split knowledge and be recombined only in a secure environment. Integrity ♦ Integrity is concerned with prevention and/or detection of modifications to information. ♦ Absolute protection not possible. ♦ All keying material requires integrity protection. ♦ Integrity protection provided when KM resides in an ACM or trusted OS. ♦ Alternatively, store in a secure environment, create multiple copies, or use a cryptographic mechanism (e.g., MAC or digital signature) 7

  8. Association with Usage or Application ♦ KM used with a given cryptographic mechanism or with a particular application. ♦ Protection provided to ensure that the KM is not used incorrectly. Protection may be provided by separating the KM from that of other mechanisms or applications, or by appropriate labeling of the KM. Association with the Other Entity ♦ Many keys must be correctly associated with another entity. ♦ A symmetric (secret) key used for the encryption of information, or keys used for the computation of a MAC must be associated with the other entity(ies) that shares the key. ♦ Public keys must be correctly associated (bound) with the owner of the public/private key pair. ♦ The symmetric keys and public keys may retain their association during storage by separating the keys by “entity” or by properly labeling the keys. 8

  9. Long Term Availability ♦ Some KM may be easily replaced without serious consequences if it becomes unavailable (e.g., is lost or modified). ♦ Other KM may need to be readily available for as long as information is protected by that KM. ♦ The primary method for providing protection is to make one or more copies of the KM that are stored in separate locations (i.e., back up the keying material). Association with Other Information An association may need to be maintained between protected information and the key (or the associated key) that protected that information - Signing Keys - Key Transport Private Keys - Public Keys Used to Verify - Static Key Agreement Private Keys Digital Signatures - Static Key Agreement Public Keys - Secret Authentication Keys - Domain Parameters - Public Authorization Keys - Initialization Vectors - Long term Data Encrypting Keys - Shared Secrets - Encrypted Keys - Seeds - Master Keys Used to Derive Other Keys 9

  10. Association with Other Information ♦ Signing keys used with the DSA and ECDSA must remain associated with domain parameters so that digital signatures (DS) can be created ♦ Public keys used to verify DS must be associated with the signed information ♦ Secret authentication keys must remain associated with the authenticated information for the lifetime of that information Association with Other Information ♦ Public authentication keys must remain associated with the information that was protected by the associated private authentication key during the lifetime of the protected information. ♦ Long term data encrypting keys must remain associated with the encrypted information. ♦ Encrypted keys must remain associated with the key that will decrypt the encrypted keys. 10

  11. Association with Other Information ♦ Master keys used to derive other keys may need to be available for the lifetime of any keys derived from the master key. ♦ Keys derived from a master key may need to remain with that master key. ♦ Key transport private keys must be associated with the KM that is transported using that key. ♦ Static key agreement private keys must be associated with domain parameters to allow calculation of shared secrets during key agreement process. Association with Other Information ♦ Static key agreement public keys must remain associated with domain parameters to allow calculation of shared secrets during key agreement. ♦ Public key/private key pairs generated using domain parameters must remain associated with those domain parameters. ♦ Initialization vectors (IVs) must remain available to decrypt information encrypted using the IVs or verify integrity of MACs computed using IVs. 11

  12. Association with Other Information ♦ Shared secrets may or may not need to remain associated with KM derived from the shared secrets. ♦ Seeds may need to be associated with information that was generated from the seed (e.g., domain parameters). ♦ Intermediate results may need to be associated with processes that use those results until such time as the intermediate results are no longer needed. Operational Storage Keying material may need to be stored for normal cryptographic operations during the cryptoperiod of the key. The storage requirements of Section 4.7.1 apply to this keying material 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lifecycle Management Methodology using Lifecycle Cost Benefit Analysis for Washing Machine H.

Lifecycle Management Methodology using Lifecycle Cost Benefit Analysis for Washing Machine H.

Lifecycle Management Methodology using Lifecycle Cost Benefit Analysis for Washing Machine H. Yamaguchi, N. Itsubo, S. Lee, I. Jeong, M. Motoshita, A. Inaba LCA Research Center, AIST M. Ichinohe, N. Yamamoto, Hitachi, Ltd. Y. Miyano ,

356 views • 33 slides
Understanding Understanding Lifecycle Management Lifecycle Management Complexity of Datacenter

Understanding Understanding Lifecycle Management Lifecycle Management Complexity of Datacenter

Understanding Understanding Lifecycle Management Lifecycle Management Complexity of Datacenter Complexity of Datacenter Topologies Topologies Mingyang Zhang (USC) Mingyang Zhang (USC) Radhika Niranjan Mysore (VMware Research) Sucha

1.12k views • 93 slides
Application of ICH Q12 Tools and Enablers Post-Approval Lifecycle Management Protocols 1 Outline

Application of ICH Q12 Tools and Enablers Post-Approval Lifecycle Management Protocols 1 Outline

Joint BWP/QWP/GMDP IWG Industry European Workshop on Lifecycle Management Application of ICH Q12 Tools and Enablers Post-Approval Lifecycle Management Protocols 1 Outline Introduction: evolution of PACMP concept Expanded (multi-site,

580 views • 33 slides
Application Lifecycle Management Accelerate Innovation By Rick Stroot - InnoFour Application

Application Lifecycle Management Accelerate Innovation By Rick Stroot - InnoFour Application

Application Lifecycle Management Accelerate Innovation By Rick Stroot - InnoFour Application Lifecycle Management . Agenda Trends & Challenges 3 Core Pillars of ALM Key Differentiators Page 2 Software is eating the world 2011 -

425 views • 29 slides
United States Air Force: USAF Product Lifecycle Management (PLM) for Integrating Program

United States Air Force: USAF Product Lifecycle Management (PLM) for Integrating Program

United States Air Force: USAF Product Lifecycle Management (PLM) for Integrating Program Requirements through an Assets Lifecycle Larry Uchmanowicz Siemens Government Technologies Problem Statement USAF needs to own and manage the

335 views • 14 slides
PLM Nat atha han Har artman an Co-Director PLM Center of Excellence Richa hard C d Couc

PLM Nat atha han Har artman an Co-Director PLM Center of Excellence Richa hard C d Couc

Product Lifecycle Management Center of Excellence Product Lifecycle Management Produc roduct Li Lifec ecycle M Managem anagemen ent Indu ndustri rial A Advi dvisor ory B Board oard Meet eeting ng Novem ovember 11t 11th, h, 2009

472 views • 13 slides
Lifecycle Management of Rela1onal Records for External Audi1ng

Lifecycle Management of Rela1onal Records for External Audi1ng

Lifecycle Management of Rela1onal Records for External Audi1ng and Regulatory Compliance Ahmed Ataullah Frank Wm. Tompa Policies and Constraints

417 views • 26 slides
PLM Nat atha han Har artman an Co-Director PLM Center of Excellence Richa hard C d Couc

PLM Nat atha han Har artman an Co-Director PLM Center of Excellence Richa hard C d Couc

Product Lifecycle Management Center of Excellence Product Lifecycle Management Produc roduct Li Lifec ecycle M Managem anagemen ent Indu ndustri rial A Advi dvisor ory B Board oard Meet eeting ng Apri pril 30, 30, 2009 2009

313 views • 15 slides
PLM Nat athan an H Har artman an Co-Director PLM Center of Excellence Richa chard C

PLM Nat athan an H Har artman an Co-Director PLM Center of Excellence Richa chard C

Product Lifecycle Management Center of Excellence Product Lifecycle Management Product duct Li Lifecy ecycl cle M e Mana nagem ement ent Industrial trial Advis visory ry Board ard Meetin ting Novem ember ber 12, 12, 2008 2008

159 views • 12 slides
Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12

Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12

Identity and Access Management IAM Lifecycle Committee Jan. 12, 2015 | Monday | 10:30 a.m.-12 p.m. | 561 Smith Center Agenda Short Program Status Update User Name Progress Discussion Topics: Sponsored people tool will be

613 views • 22 slides
Identity & Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m.

Identity & Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m.

Identity & Access Management IAM Lifecycle Committee Feb. 29, 2016 Monday 10:00-11:30 a.m. 561 Smith Center Agenda Introductions Meeting Purposes and Intended Outcomes Status Update Discussion: SSN Remediation Plans

219 views • 21 slides
MIS 5203 Systems & Infrastructure Lifecycle Management 1 Week 2 January 21, 2016 Study

MIS 5203 Systems & Infrastructure Lifecycle Management 1 Week 2 January 21, 2016 Study

MIS 5203 Systems & Infrastructure Lifecycle Management 1 Week 2 January 21, 2016 Study Objectives Understand Program Management, Project Management, and Project Portfolio IT Project Management Structure Roles and

622 views • 18 slides
IBF Marketing Lifecycle 4. Customer Management Michael Stimson Or: What really hacks off your

IBF Marketing Lifecycle 4. Customer Management Michael Stimson Or: What really hacks off your

IBF Marketing Lifecycle 4. Customer Management Michael Stimson Or: What really hacks off your customers? Build Your Buyer Persona What are the biggest problems they are trying to solve? What does he or she need most? What information

778 views • 24 slides
Identity and Access Management IAM Lifecycle Committee October 1, 2014 Wednesday 11 a.m. 1

Identity and Access Management IAM Lifecycle Committee October 1, 2014 Wednesday 11 a.m. 1

Identity and Access Management IAM Lifecycle Committee October 1, 2014 Wednesday 11 a.m. 1 p.m. 6 Story Street Agenda Summary: IAM Program News Quick Demo: Connections Feature To Be Added Discussion Topics : Latest on

410 views • 19 slides
Lifecycle CMC Management: ICH Q12 Progress to date BWP/QWP/GMDP IWG Industry European workshop

Lifecycle CMC Management: ICH Q12 Progress to date BWP/QWP/GMDP IWG Industry European workshop

Lifecycle CMC Management: ICH Q12 Progress to date BWP/QWP/GMDP IWG Industry European workshop 28-29 October 2015 Jean-Louis ROBERT (EU) Graham Cook (EFPIA) Please take note The following slides represent the current status of Q12

576 views • 29 slides
Iden%ty and Access Management IAM Lifecycle Commi/ee Kick-off

Iden%ty and Access Management IAM Lifecycle Commi/ee Kick-off

Iden%ty and Access Management IAM Lifecycle Commi/ee Kick-off Mee4ng April 2, 2014 Wednesday 12:00 - 2:00 Holyoke 561 Agenda Mee4ng Purpose

529 views • 18 slides
Cultural Custodianship and the Digitisation of First Nations Community Media Archives Simon

Cultural Custodianship and the Digitisation of First Nations Community Media Archives Simon

Cultural Custodianship and the Digitisation of First Nations Community Media Archives Simon japangardi Fisher Senior Archivist, PAW Media Archive Yuendumu, NT Elizabeth Napaljarri Katakarinja Womens Side Archivist, PAW Media Archive

86 views • 6 slides
simpleArchive Making an Archive Accessible to the User Marius Politze, Florian Claus RWTH

simpleArchive Making an Archive Accessible to the User Marius Politze, Florian Claus RWTH

simpleArchive Making an Archive Accessible to the User Marius Politze, Florian Claus RWTH Aachen University IT Center Content A quick word about RWTH Aachen University and Research Data Management Challenge: How to get researchers

689 views • 21 slides
Sociolinguistic Archive Preparation January 4-5, 2012, Portland, Oregon Organizers Malcah Yaeger

Sociolinguistic Archive Preparation January 4-5, 2012, Portland, Oregon Organizers Malcah Yaeger

LSA Annual Meeting: Satellite Workshop for Sociolinguistic Archive Preparation January 4-5, 2012, Portland, Oregon Organizers Malcah Yaeger Laurel Mackenzie Christopher Cieri Brittany McLaughlin Definitions data=recorded observation of

289 views • 14 slides
JUST THE MATHS SLIDES NUMBER 11.3 DIFFERENTIATION APPLICATIONS 3 (Curvature) by

JUST THE MATHS SLIDES NUMBER 11.3 DIFFERENTIATION APPLICATIONS 3 (Curvature) by

JUST THE MATHS SLIDES NUMBER 11.3 DIFFERENTIATION APPLICATIONS 3 (Curvature) by A.J.Hobson 11.3.1 Introduction 11.3.2 Curvature in cartesian co-ordinates UNIT 11.3 - DIFFERENTIATION APPLICATIONS 3 CURVATURE 11.3.1 INTRODUCTION The

446 views • 9 slides
Jihye Kwon *, Matthew M. Ziegler , Luca P. Carloni* *Department of Computer Science, Columbia

Jihye Kwon *, Matthew M. Ziegler , Luca P. Carloni* *Department of Computer Science, Columbia

2019 Design Automation Conference Jihye Kwon *, Matthew M. Ziegler , Luca P. Carloni* *Department of Computer Science, Columbia University, New York, NY, USA IBM T. J. Watson Research Center, Yorktown Heights, NY, USA Diverse

692 views • 13 slides
Introduction to Web Archiving Marc Spaniol Marc Spaniol Saarbrcken, May 28, 2009 Databases

Introduction to Web Archiving Marc Spaniol Marc Spaniol Saarbrcken, May 28, 2009 Databases

Web Dynamics Introduction to Web Archiving Introduction to Web Archiving Marc Spaniol Marc Spaniol Saarbrcken, May 28, 2009 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0509-1/50 Agenda Motivation - Indexing vs.

872 views • 50 slides
Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information

Learning Kernel-matrix-based Representation for Fine-grained Image Recognition Lei Wang VILA group School of Computing and Information Technology University of Wollongong, Australia 11-Dec-2019 Introduction Fine-grained image recognition

1.56k views • 58 slides
CS 241: Systems Programming Lecture 29. Static Libraries Fall 2019 Prof. Stephen Checkoway 1

CS 241: Systems Programming Lecture 29. Static Libraries Fall 2019 Prof. Stephen Checkoway 1

CS 241: Systems Programming Lecture 29. Static Libraries Fall 2019 Prof. Stephen Checkoway 1 Announcement Homework 5 Regular Expressions is now available Due Sunday 2019-11-24 at 23:59 2 Code reuse is good! Why? 3 Multiple forms of code

348 views • 19 slides

More recommend