Updating Storing and Backing Up Keys

Updating Keys

Imagine an encrypted data link where you want to change keys daily.Sometimes it’s a pain to distribute a new key every day. An easier solution is to generate a new key from the old key; this is sometimes called key updating.

All it takes is a one-way function. If Alice and Bob share the same key and they both operate on it using the same one-way function, they will get the same result. Then they can take the bits they need from the results to create the new key.

Key updating works, but remember that the new key is only as secure as the old key was. If Eve managed to get her hands on the old key, she can perform the key updating function herself. However, if Eve doesn’t have the old key and is trying a ciphertext-only attack on the encrypted traffic, this is a good way for Alice and Bob to protect themselves.

Storing Keys
The least complex key storage problem is that of a single user, Alice, encrypting files for later use. Since she is the only person involved, she is the only person responsible for the key. Some systems take the easy approach: The key is stored in Alice’s brain and never on the system. Alice is responsible for remembering the key and entering it every time she needs a file encrypted or decrypted.

An example of this system is where users can either directly enter the 64-bit key or enter the key as a longer character string. The system then generates a 64-bit key from the character string using a key-crunching technique.

Another solution is to store the key in a magnetic stripe card, plastic key with an embedded ROM chip (called a ROM key), or smart card [556,557,455]. A user could then enter his key into the system by inserting the physical token into a special reader in his encryption box or attached to his computer terminal.While the user can use the key, he does not know it and cannot compromise it.He can use it only in the way and for the purposes indicated by the control vector.

A ROM key is a very clever idea. People understand physical keys, what they signify and how to protect them. Putting a cryptographic key in the same physical form makes storing and protecting that key more intuitive.

This technique is made more secure by splitting the key into two halves, storing one half in the terminal and the other half in the ROM key. The U.S. government’s STU-III secure telephone works this way. Losing the ROM key does not compromise the cryptographic key—change that key and everything is back to normal. The same is true with the loss of the terminal. This way, compromising either the ROM key or the system does not compromise the cryptographic key—an adversary must have both parts.

Hard-to-remember keys can be stored in encrypted form, using something similar to a key-encryption key. For example, an RSA private key could be encrypted with a DES key and stored on disk. To recover the RSA key, the user has to type in the DES key to a decryption program.

If the keys are generated deterministically (with a cryptographically secure pseudo-random-sequence generator), it might be easier to regenerate the keys from an easy-to-remember password every time they are required.

Ideally, a key should never appear unencrypted outside the encryption device.This isn’t always possible, but it is a worthy goal.

Backup Keys
Alice is the chief financial officer at Secrets, Ltd.—“We don’t tell you our motto.” Like any good corporate officer, she follows the company’s security guidelines and encrypts all her data. Unfortunately, she ignores the company’s street-crossing guidelines and gets hit by a truck. What does the company’s president, Bob, do?

Unless Alice left a copy of her key, he’s in deep trouble. The whole point of encryption is to make files unrecoverable without the key. Unless Alice was a moron and used lousy encryption software, her files are gone forever.
Bob can avoid this in several ways. The simplest is sometimes called key escrow .He requires all employees to write their keys on paper and give them to the company’s security officer, who will lock them in a safe somewhere (or encrypt them all with a master key). Now, when Alice is bowled over on the Interstate, Bob can ask his security officer for her key. Bob should make sure to have the combination to the safe himself as well; otherwise, if the security officer is run over by another truck, Bob will be out of luck again.

The problem with this key management system is that Bob has to trust his security officer not to misuse everyone’s keys. Even more significantly, all the employees have to trust the security officer not to misuse their keys. A far better solution is to use a secret-sharing protocol.

When Alice generates a key, she also divides up that key into some number of pieces. She then sends each piece—encrypted, of course—to a different company officer. None of those pieces alone is the key, but someone can gather all the pieces together and reconstruct the key. Now Alice is protected against any one malicious person, and Bob is protected against losing all of Alice’s data after her run-in with the truck. Or, she could just store the different pieces, encrypted with each of the officer’s different public keys, on her own hard disk. That way, no one gets involved with key management until it becomes necessary.

Another backup scheme  uses smart cards  for the temporary escrow of keys. Alice can put the key to secure her hard drive onto the smart card and give it to Bob while she is away. Bob can use the card to get into Alice’s hard drive, but because the key is stored in the card Bob cannot learn it. And the system is bilaterally auditable: Bob can verify that the key will open Alice’s drive, and when Alice returns she can verify if Bob has used the key and how many times.

Compromised Keys
All of the protocols, techniques, and algorithms are secure only if the key (the private key in a public-key system) remains secret. If Alice’s key is lost, stolen, printed in the newspaper, or otherwise compromised, then all her security is gone.

If the compromised key was for a symmetric cryptosystem, Alice has to change her key and hope the actual damage was minimal. If it was a private key, she has bigger problems; her public key is probably on servers all over the network. And if Eve gets access to Alice’s private key, she can impersonate her on the network: reading encrypted mail, signing correspondence, entering into contracts, and so forth. Eve can, effectively, become Alice.

It is vital that news of a private key’s compromise propagate quickly throughout the network. Any databases of public keys must immediately be notified that a particular private key has been compromised, lest some unsuspecting person encrypt a message in that compromised key.

One hopes Alice knows when her key was compromised. If a KDC is managing the keys, Alice should notify it that her key has been compromised. If there is no KDC, then she should notify all correspondents who might receive messages from her. Someone should publicize the fact that any message received after her key was lost is suspect, and that no one should send messages to Alice with the associated public key. The application should be using some sort of timestamp, and then users can determine which messages are legitimate and which are suspect.

If Alice doesn’t know exactly when her key was compromised, things are more difficult. Alice may want to back out of a contract because the person who stole the key signed it instead of her. If the system allows this, then anyone can back out of a contract by claiming that his key was compromised before it was signed. It has to be a matter for an adjudicator to decide.

This is a serious problem and brings to light the dangers of Alice tying all of her identity to a single key. It would be better for Alice to have different keys for different applications—just as she has different physical keys in her pocket for different locks. Other solutions to this problem involve biometrics, limits
on what can be done with a key, time delays, and countersigning.

These procedures and tips are hardly optimal, but are the best we can do. The moral of the story is to protect keys, and protect private keys above all else.

Comments

Post a Comment

Popular posts from this blog

Cryptographic Algorithms CST 393 KTU CS Honour Notes Semester V -Dr Binu V P

About Me About the Course and Scheme Syllabus Model Question Paper University Question Papers ******************************************************** Module-1 (Introduction to the Concepts of Security) Introduction CIA Triad  OSI Security Architecture Security Attacks Security Services Security Mechanisms Model for Network Security Classical Encryption Techniques     Symmetric Cipher Model     Cryptography -  Crypt Analysis Substitution Ciphers-Caesar Cipher     Mono-alphabetic Ciphers     Playfair Cipher     Hill Cipher Poly Alphabetic Ciphers- Vigenere Cipher     Vernam Cipher- One Time Pad Transposition Ciphers Module-2 (Symmetric Key Crypto Systems) Stream Cipher Vs Block Cipher Traditional Block Cipher Structure- Fiestel Structure Data Encryption Standard - DES Algorithm Differential and Linear Cryptanalysis Double DES and Triple DES International Data Encryption Algorithm ( IDEA) Advanced Encryption Standard ( AES) Block Cipher Modes of Operation Stream Cipher and RC4 Module-3
Read more

Syllabus CST 393 Cryptographic Algorithms

Syllabus Module-1 (Introduction to the Concepts of Security) Need for security, Security approaches, Principles of security, Types of attacks, OSI Security Architecture, Classical encryption techniques - Substitution techniques, Transposition techniques. Stream cipher, Block cipher, Public key cryptosystems vs. Symmetric key cryptosystems, Encrypting communication channels. Module-2 (Symmetric Key Cryptosystems) Overview of symmetric key cryptography, Block cipher principles, Data Encryption Standard (DES), Differential and Linear cryptanalysis, Double DES, Triple DES, International Data Encryption Algorithm (IDEA), Advanced Encryption Algorithm (AES),Block cipher modes of operation, Stream cipher, RC4. Module-3 (Public Key Cryptosystems) Principles of public key cryptosystems, RSA algorithm, RSA illustration, Attacks, ElGamal cryptographic system, Knapsack algorithm, Diffie-Hellman key exchange algorithm, Elliptic curve cryptosystems. Module-4 (Key Management) Symmetric key distributi
Read more

Computer Security Concept- CIA Triad

Image
Definition of Computer Security The NIST Computer Security Handbook [NIST95] defines the term computer security as follows: Computer Security: The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability,and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).   This definition introduces three key objectives that are at the heart of computer  security: Confidentiality: This term covers two related concepts:             Data confidentiality: Assures that private or confidential information is not made available or disclosed to unauthorized individuals.      Privacy: Assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.   Integrity: This term covers two related concepts:      Data integrity: Assures that information
Read more