Cryptography Reference
In-Depth Information
Specialised
3
4
Dedicated
1
2
General
purpose
Uncontrolled
Partially
Controlled
Controlled
Environments
Figure 10.6.
Key storage risk zones
The two dimensions depicted in Figure 10.6 represent:
Environments
, which range from
Uncontrolled
: public environments such as shops and restaurants, where it is
not possible to implement strict access control mechanisms;
Partially controlled
: environments such as general offices and homes, where
it is possible to implement basic access control mechanisms (for example,
a physical door key);
Controlled
: environments such as high-security offices and military installa-
tions, where it is possible to implement strong access control mechanisms
(for example, biometric swipe cards).
Devices
, which range from
General purpose
: general devices running conventional operating systems with
their default in-built security controls (for example, a laptop);
Dedicated
: dedicated devices that offer some specialist security controls, such as
limited tamper resistance (for example, a point-of-sale terminal or a mobile
phone);
Specialised
: specialised devices whose main functionality is to provide security
(for example, an HSM).
The four zones identified in Figure 10.6 are mainly conceptual, but illustrate the
importance of both dimensions.
Zone 1
. This is the lowest security zone and thus offers the highest risk. However,
for many applications this may provide sufficient security. For example, a key
stored in encrypted form on the hard disk of a home PC may well be good
