Java Reference
In-Depth Information
8.2.4.4 Period of Key Usage
he period that an encryption key may be used for is known as a cryptoperiod . here are sev-
eral factors to be taken into consideration while selecting the cryptoperiod. Some factors are the
strength of the algorithm, the purpose the key is being used for, the volume of information being
encrypted, and so on. It is widely known that a shorter cryptoperiod is ideal for a higher level of
security; however, this is not always possible because encryption keys may have been utilized to
encrypt large volumes of data in databases and servers spread across several continents, making
it extremely cumbersome to decrypt the data entirely in one key and replace it by encrypting the
entire data set with another key. he NIST suggests that DEKs may be used for 2 to 3 years before
they are replaced with another key, to ensure security. While they are being used, they must be
stored securely. However, certain compliance requirements like the PCI-DSS and PA-DSS neces-
sitate an annual change of encryption keys, which would require the organization to change the
encryption keys annually.
he cryptoperiod of the KEK should not supersede the cryptoperiod of the DEK. In fact, it
would be ideal if the KEK is changed quicker than the DEK, because the volume of information
encrypted by the KEK is not as large as it is with the DEK, but the risk of unauthorized key dis-
closure is greater with the KEK as it is the key of keys .
8.2.4.5 Revocation of Keys
he following guidelines are to be implemented for revocation of encryption keys and replacing
the same with new encryption keys:
When the key is known to have been compromised or when there is a suspected compro-
mise of encryption keys, it is imperative that they be revoked and replaced by another set
of keys.
When there is a compromise or a suspected compromise, the organization must refer to a
written key management manual to ensure that they are able to handle the revocation and
re-keying process smoothly and in a methodical manner.
When the key is compromised or suspected as compromised, all the data protected by the
key is considered exposed. he organization must ensure that all the data protected are
decrypted with the older key and encrypted with the new key.
It must be noted that when the data is being decrypted with the older key and replaced by
encrypting it with the new key, the data are still exposed , as the older key is compromised
and the individual(s) compromising the key will want to gain access to the data and decrypt
it. herefore, the organization should ensure that the re-keying process (where the older key
is replaced with the encryption provided by the new key) is done under heavy supervision,
ensuring that unauthorized individuals cannot gain access to the data.
he new key being used to replace an old key should be as strong as, if not stronger than,
the key used previously.
Initialization vectors that were used previously (during the process of encrypting and
decrypting data with the older key) also have to be replaced with the introduction of the
new encryption keys.
he older key needs to be securely disposed. For instance, all media carrying instances of
the key must be subjected to a secure wipe (where the key is overwritten several times) to a
random set of bits.
Search WWH ::




Custom Search