Key Management🔑 Flashcards
What is the purpose of the OCSP protocol?
Checking if a certificate is still valid.
Key Management
The strength of cryptographic security depends on:
- The size of the keys
- The robustness of cryptographic algorithms/protocols
- The protection and management afforded to the keys
Key management provides the foundation for the secure generation, storage, distribution, and destruction of keys. Key management is essential for cryptographic security. Poor key management may easily lead to compromise of systems where the security is based on cryptography.
Key Usage
A single key should be used for only one purpose e.g., encryption, authentication, key wrapping, random number generation, or digital signature generation. Using the same key for two different purposes may weaken the security of one or both purposes. Limiting the use of a key limits the damage that could be done if the key is compromised. Some uses of keys interfere with each other, e.g. an asymmetric key pair should only be used for either encryption or digital signatures, not both.
Crypto keys are classified according to:
- Private/public or symmetric
- Their intended use
- For asymmetric keys, also whether they are static(long life) or ephemeral (short life)
Crypto period
The crypto period is the time span during which a specific key is authorized for use.
The crypto period is important because it:
- Limits the amount of information, protected by a given key, that is available for cryptanalysis.
- Limits the amount of exposure and damage, should a single key be compromised.
- Limits the use of a particular algorithm to its estimated effective lifetime.
Factors affecting the crypto periods
In general, as the sensitivity of the information or the criticality of the processes increases, the crypto-period should decrease in order to limit the damage resulting from compromise.
Short crypto-periods may be counter-productive, particularly where denial of service is the paramount concern, and there is a significant overhead and potential for error in the re-keying, key update or key derivation process. The crypto-period is therefore a trade-off.
The processing period can continue after the protection period. The crypto-period lasts from the beginning of the protection period to the end of the processing period.
Key Compromise
Key compromise occurs when it is known or suspected that an unauthorized entity has obtained a secret/private key. When a key is compromised, immediately stop using the secret/public key for protection, and revoke the compromised key (pair).
A compromised key might be used for continued processing of protected information. In this case, the entity that uses the information must be made fully aware of the risks involved.
Continued key usage for processing depends on the risks, and on the organization’s Key Management Policy. The worst form of key compromise is when a key is compromised without detection.
Key Protection
Active keys should be accessible for authorised users, protected from unauthorised users.
Deactivated keys must be kept as long as there exists data protected by keys.
The policy must specify:
- Where keys shall be kept
- How keys shall be kept securely
- How to access keys when required
PKI provides the (5) following security services…
- Confidentiality
- Access control
- Integrity
- Authentication
- Nonrepudiation
Public key Certificates
A public-key certificate is a record of data, including the subject distinguished name and its public key, all digitally signed by a CA (Certificate Authority).
- Binds name to public key
- An authentic copy of the public key is needed in order to validate the certificate.
- Relying party validates the certificate (i.e. verifies that the digital signature is correct).
Meaning of trust for PKI
Trustworthy: When it is objectively secure and reliable.
Trusted: When we decide to depend on it.
A root certificate is trustworthy when it has been received
securely from a honest + reliable CA.
A root certificate is trusted when it is being used to
validate other certificates.
Ideally, only trustworthy root certificates should be trusted.
In reality, many untrustworthy certificates are trusted.
Browser PKI
The browser automatically validates certificates by checking: certificate name = domain name.
Criminals buy legitimate certificates which are automatically validated by browsers.
Legitimate certificates can be used for malicious phishing attacks, e.g. to masquerade as a bank.
Malicious sites can have legitimate certificates !!!
Server certificate validation is only syntactic authentication, not semantic authentication
users can’t know if the domain is good
What is X.509?
The standard for how the CA creates the certificate
Trust Models
Strict hierarchical model
Advantages:
works well in highly-structured setting such as military and government
unique certification path between two entities (so finding certification paths is trivial)
scales well to larger systems
Disadvantages:
need a trusted third party (root CA)
single point-of-failure target
If any node is compromised, trust impact on all entities stemming from that node
Does not work well for global implementation (who is root TTP?)
Digital signatures and keys?
Digital signature?
