Cryptography Reference
In-Depth Information
Key stored off the computer . Another option is that the key is stored on a
peripheral device. The key activation takes place when the user connects the
device to the computer. In this case the effective security is linked to the
security of the peripheral device. This process may also require a passphrase to
be used.
The above scenarios are just examples, but what they all illustrate is that, even
though a 2048-bit key is being used to secure the application, the key activation
process plays a vital role in determining the effective security that is in place.
In particular, the 2048-bit key might be activated by an attacker through:
• compromise of a security mechanism used to activate the key (such as a
passphrase);
• access to a device on which the key is stored.
10.6.4 Key destruction
When a key is no longer required for any purpose then it must be destroyed in a
secure manner. The point at which key destruction is required may either be:
1. when the key expires (the natural end of the key's lifetime);
2. when the key is withdrawn (before its expiry, in the event of unplanned events
such as those discussed in Section 10.6.2);
3. at the end of a required period of key archival.
Since keys are a special type of data, the mechanisms available for destroying keys
are precisely those for destroying general data. Since keys are sensitive data, secure
mechanisms must be used. Suitable techniques are sometimes referred to as data
erasure or data sanitisation mechanisms.
It goes without saying that simply deleting a key from a device is not sufficient
if the key is to be truly destroyed. Not only does this not destroy the key, but
operating systems may well have other (temporary) copies of the key in different
locations. Even if the key was stored on the device in encrypted form, this may
be useful to a determined attacker. Many secure data destruction mechanisms
involve repeatedly overwriting the memory containing the key with randomly
generated data. The number of overwrites is normally configurable. It should
also be noted that any other media storing information about keys, such as
paper, should also be destroyed. Relevant standards provide guidance on how
to do this.
10.7 Governing key management
We have repeatedly stressed in this chapter that key management is the main
interface between the technology of cryptography and the users and systems that
 
 
Previous Page
Next Page
Everyday Cryptography
Search WWH ::




Custom Search
Home