Java Reference
In-Depth Information
for Web application cryptography is to store encryption keys in a system that is separate from the
Web/application server. his results in the application accessing the encryption keys over a net-
work. Encryption keys are transported over a network for an application to access these keys for
encrypting and decrypting data. If the network link for the transport of keys is unencrypted, an
attacker capturing network traic has access to the encryption keys, which may result in the unau-
thorized disclosure of the encrypted sensitive information. his renders the encryption of sensitive
data inefective. his is analogous to locking the keys of a high-security vault with a complex key
and leaving the same key under the loor mat. Keys need to be transmitted or exchanged over an
encrypted link that requires transport layer security implemented for not only the user access to
the Web application but also the exchange of keys and other critical information.
8.2.4 Key Management—Principles and Practical Implementation
Encryption of data is one part of the challenge of data protection. Most security experts in the
world agree that this is a small piece of the larger puzzle of data protection that has been completed
with the use of encryption to protect data; the greater puzzle to solve is the issue of key manage-
ment. Key management is one of the most critical aspects of the entire data protection sphere. It
is essential that the keys used for the protection of stored data are also subject to certain security
controls. Key management encompasses several activities relating to the security practices involv-
ing the encryption keys used to protect the sensitive data in an application:
◾
Generation of keys
General guidelines for key usage
◾
◾
Transport of keys
Storage of keys
◾
◾
Revocation of key
Period of key usage
◾
8.2.4.1 General Guidelines for Key Usage
he following are some of the general guidelines for the usage of encryption keys:
◾
multiple purposes and tasks. he use of the same key for multiple purposes will reduce the
security provided by either of the purposes the key is used for.
If the key used for a single purpose is compromised, then the damage that is done is also limited.
A single key should be used for one purpose only. he same key should not be used for
◾
For instance, if a key used to encrypt sensitive information that is stored is also used to encrypt
information during transmission, then the damage could be greater if the key is compromised.
here should be a key present to encrypt the data and another key to encrypt the key that is
◾
used to encrypt the data. he key used to encrypt the data is the
DEK
, or the
data encrypting
key
, and the key used to encrypt the key is called the
KEK
, or the
key encrypting key
.
he DEK and KEK need to be stored in two separate locations to ensure that an attacker
◾
gaining access to the database does not gain access to the keys protecting the sensitive data
as well. It is usually advised that the DEK (used to protect information in the database)
is stored in a separate system and the KEK is stored in the database. his way, even if an
attacker gains access to the key-encrypting key, he or she does not gain access to the DEK
and, consequently, the cleartext of the data protected by the DEK. It must be noted that
Search WWH ::
Custom Search