Cryptography Reference
In-Depth Information
KEY BACKUP
It can be surprisingly easy to 'lose' critical cryptographic keys. As we discussed
in Section 10.5.3, important keys are often stored on HSMs. An obvious attack
against a Zone 3 (see Figure 10.6) HSM would be to physically attack the HSM
to the point that one of its tamper-resistant triggers is activated and the device
wipes its memory. The attacker does not learn the keys stored on the device but,
without a backup, the potential impact on the organisation relying on the HSM is
high. Even Zone 4 HSMs are subject to risks such as a careless cleaner bumping
into a device and accidentally wiping its memory.
As noted at the start of this chapter, cryptographic keys are just pieces of data,
so the backup of keys is not technically any more difficult than the backup of
more general data. An obvious, but important, point is that the security of a key
backup process must be as strong as the security of the key itself. For example, it
would be unwise to back up an AES key by encrypting it using a DES key. The
backed-up key will need to be stored on media that is subject to at least the same
level of device and environmental security controls as the key itself. Indeed for the
highest levels of key, the use of component form might be the only appropriate
method for key backup.
KEY ARCHIVAL
Key archival is essentially a special type of backup, which is necessary in situations
where cryptographic keys may still be required in the period between their expiry
and their destruction. Such keys will no longer be 'live' and so cannot be used for
any new cryptographic computations, but they may still be required. For example:
• There may be a legal requirement to keep data for a certain period of time. If
that data is stored in encrypted form then there will be a legal requirement to
keep the keys so that the data can be recovered. As an illustration, the London
Stock Exchange requires keys to be archived for seven years.
• A document that has been digitally signed, such as a contract, may require
the capability for that digital signature to be verified well beyond the period
of expiry of the key that was used to sign it. Hence it may be necessary to
archive the corresponding verification key to accommodate future requests.
For example, Belgian legislation requires verification keys used for electronic
signatures in online banking applications to be archived for five years (see also
Section 12.6.5).
Managing the storage of archived keys is just as critical as for key backups. Once
a key no longer needs to be archived, it should be destroyed.
KEY RECOVERY
Key recovery is the key management process where a key is recovered from a
backup or an archive. Technically this is no harder than retrieving a key from any
other type of storage, so the challenges all relate to the management processes that
 
Search WWH ::




Custom Search