Cryptography Reference
In-Depth Information
verifications if the public key is a verification key). There is no harm in such a
deliberate choice of key since the public key is not a secret value. Clearly, if
similar restrictions were placed on a private key then an attacker might benefit
from having many fewer candidate private keys to choose from.
• The generation of a key pair can be slow and complex. Some devices, such as
smart cards, may not have the computational resources to generate key pairs.
In such cases it may be necessary to generate key pairs off the card and import
them.
Thus, while key generation is always a delicate part of the cryptographic lifecycle,
particular care and attention needs to be paid to the generation of public-key
pairs. We will also discuss this issue in Section 11.2.2.
Key establishment is the process of getting cryptographic keys to the locations
where they will be used. This part of the key lifecycle tends either to be relatively
straightforward, or very hard, to manage. Key establishment is generally hard
when keys need to be shared by more than one party, as is the case for most
symmetric keys. It is relatively straightforward when:
The key does not need to be shared
. This applies to any keys that can be locally
generated and do not need to be transferred anywhere, such as symmetric keys
for encrypting data on a local machine. Of course, if such keys are not locally
generated then key establishment becomes hard again! We will consider this
issue for private keys in Section 11.2.2.
The key does not need to be secret
. This applies mainly to public keys. In this
case key establishment is more of a logistical problem than a security issue. We
also discuss this in Section 11.2.2.
The key can be established in a controlled environment
. In some cryptographic
applications it is possible to establish all the required keys within a controlled
environment before the devices containing the keys are deployed. This is often
termed
key predistribution
. While this makes key establishment fairly easy,
there are still issues:
• Some key establishment problems are transferred into 'device establishment'
problems. However, these may be less sensitive. For example, key predistribu-
tion can be used to preload keys onto mobile phones (see Section 12.3.5) or
set-top boxes for digital television services (see Section 12.5.4). In this case the
provider still needs to keep track of which customer receives which device, but
this is likely to be a simpler problem than trying to load cryptographic keys onto
a device that is already in the hands of a customer.
• In environments suited to key predistribution, it can be challenging to conduct
post-deployment key management operations, such as key change (see
Section 10.6.2). In such cases it may be necessary to establish entirely new
devices.
