Cryptography Reference
In-Depth Information
surround key recovery. Clearly it should not be possible to recover a key unless
the recovery is suitably authorised.
Note that the term 'key recovery' is also associated with initiatives to force a
'mandatory' backup, also referred to as
key escrow
. The idea behind key escrow
is that if any data is encrypted then a copy of the decryption key is stored
(escrowed) by a trusted third party in such a way that, should it be necessary
and the appropriate legal authority obtained, the decryption key can be obtained
and used to recover the data. Such a situation might arise if the encrypted data is
uncovered in the course of a criminal investigation. Many suggested key escrow
mechanisms employed component form storage of escrowed keys in an attempt
to reassure potential users of their security.
The idea of key escrow is fraught with problems, not the least being how to
'force' all users to use a cryptosystem that has an in-built key escrow facility.
When routine key escrow was proposed in the early 1990s by the governments
of a number of countries, including the UK and the US, business community
concerns were sufficiently high that it was not pursued. Nonetheless, the ensuing
debate about key escrow did help to raise the profile of the genuine need for key
backup and key recovery in many cryptographic applications.
Having considered the generation, establishment and storage of cryptographic
keys, we now continue our study of the key lifecycle by looking at issues relating
to key usage. The most important of these is key separation. We will also discuss
the mechanics of key change, key activation and key destruction.
10.6.1
Key separation
The
principle of key separation
is that
cryptographic keys must only be used for
their intended purpose
. In this section we consider why key separation is a good
idea and discuss options for enforcing it.
THE NEED FOR KEY SEPARATION
The problems that can arise if key separation is not enforced can be serious. In
many applications the need for key separationmay be quite obvious. For example,
it may be the case that encryption and entity authentication are conducted by
distinct processes, each with their own particular requirements regarding key
lengths. We will see an example of this in Section 12.2 when we look at WLAN
security, where the process for encryption is 'locked down' across all applications,
but the entity authentication process can be tailored to a specific application
environment.
