Crypto U10 (part 1), Key Management & Lifecycle

jjanesko
Mind Map by , created over 6 years ago

IYM002 (Unit 10 - Key Mgt Lifecycle) Mind Map on Crypto U10 (part 1), Key Management & Lifecycle, created by jjanesko on 04/27/2013.

87
10
0
jjanesko
Created by jjanesko over 6 years ago
Ciphers
Abraham Nwokolo
Ciphers
Abraham Nwokolo
PUBLIC KEY ENCRYPTION
Bhagya Prasad
C2 - Formulae to learn
Tech Wilkinson
Using GoConqr to study Art
Sarah Egan
Cryptography
Cher Bachar
SYMMETRIC ENCRYPTION
Bhagya Prasad
PUBLIC KEY ENCRYPTION
Bhagya Prasad
Cipher
Aina Syazwani
Introduction to Cryptography, Lecture 1
Jörg Schwartz
Crypto U10 (part 1), Key Management & Lifecycle
1 key lifecycle
1.1 key generation
1.1.1 direct key generation
1.1.1.1 symmetric keys
1.1.1.2 generate (pseudo)random number
1.1.1.3 careful: for some algorithms certain values should be avoided
1.1.2 key derivation
1.1.2.1 derive keys from other keys
1.1.2.2 derivation function should be one way
1.1.2.3 prolongs life of base key which is expensive to create
1.1.3 component key generation
1.1.3.1 different entities provide input to the key
1.1.3.2 components put into a "combiner"
1.1.4 public key pair generation
1.1.4.1 requires random number generation
1.1.4.2 only mathematically appropriate values
1.1.4.3 must consult relevant standard before generating values for keys
1.2 key establishment
1.2.1 getting the key to the right place
1.2.2 Does it need to be.
1.2.2.1 shared?
1.2.2.1.1 distributed in controlled environment?
1.2.2.1.2 distributed in uncontrolled environment?
1.2.2.2 kept secret?
1.2.2.3 predistributed?
1.2.3 example methods
1.2.3.1 key hierarchy
1.2.3.1.1 key translation
1.2.3.1.1.1 key center has master keys for each entity in network and facilitates key exchange between entitites
1.2.3.1.2 key despatch
1.2.3.1.2.1 key center has master keys for each entity in network and generates and dispatches keys for communication between entities
1.2.3.2 unique key per transaction (UKPT)
1.2.3.2.1 a new key is created for each transaction based on value stored in key register and transaction information
1.2.3.2.1.1 Racal UKPT
1.2.3.2.1.2 Derived UKPT Scheme (Visa)
1.2.3.3 quantum key establishment
1.3 key storage
1.3.1 stored encrypted
1.3.1.1 can be retrieved with correct passphrase
1.3.1.2 user enters passphrase, passcode turned into key encrypting key, decrypts key
1.3.2 embed in software
1.3.3 store "in the clear"
1.3.3.1 hide key
1.3.4 store on hardware device
1.3.4.1 HSM - hardware security module
1.3.4.1.1 tamper resistant
1.3.4.1.1.1 micro switches
1.3.4.1.1.2 electronic mesh
1.3.4.1.1.3 resin
1.3.4.1.1.4 temperature detectors
1.3.4.1.1.5 light sensitive diodes
1.3.4.1.1.6 movement or tilt detectors
1.3.4.1.1.7 security chips
1.3.4.1.2 keys are generally stored encrypted by local master key (LMK)
1.3.4.1.3 standard: FIPS 140
1.3.5 store in component form
1.3.6 backup
1.3.6.1 keep in case key-in-use is destroyed
1.3.7 archival
1.3.7.1 keep record after key removed from circulation (legal purposes)
1.3.8 recovery
1.3.8.1 accessing key on a backup device
1.3.8.1.1 can be associated with key escrow
2 basics
2.1 definition: secure administration of cryptographic keys
2.1.1 control types
2.1.1.1 technical
2.1.1.2 process
2.1.1.3 environmental
2.1.1.4 human factors
2.2 requirements
2.2.1 secrecy of key
2.2.1.1 only the intended audience has access
2.2.2 assurance of purpose
2.2.2.1 entities must be assured that the key is only used as intended
2.3 key management system
2.3.1 system for managing the various phase of the key life cycle
2.3.2 dependent on
2.3.2.1 network topology
2.3.2.2 cryptographic mechanisms
2.3.2.3 legacy issues
2.3.2.4 compliance restrictions
2.4 key properties
2.4.1 length
2.4.2 lifetime (limited)
2.4.2.1 against key compromise
2.4.2.2 against key management failures
2.4.2.3 enforcement of management cycles
2.4.2.4 against future attacks
2.4.2.5 flexibility
2.4.2.6 limitation of key exposure
2.4.2.7 "cryptoperiod"

Media attachments