Cryptography Reference
In-Depth Information
In the definition given earlier, the life cycle for cryptographic keys comprises
many activities and tasks. For the purpose of this topic, we use a slightly simplified
key life cycle that is illustrated in Figure 19.1. In this cycle, we distinguish between
key generation, key distribution, key storage, and key destruction. Key generation,
key distribution, and key destruction refer to discrete points in time, whereas key
storage refers to an entire period of time (between the key generation and key
destruction). The four activities and tasks are further addressed in the following
section.
G
G
G
G
Figure 19.1
A simplified key life cycle.
In almost every security system that employs cryptography and cryptographic
techniques, the key management process represents the Achilles' heel (we already
made this point in Section 2.3.3). There are at least two conclusions one may draw
from this fact:
•
First, if one is in charge of designing a security system, then one is well
advised to start with the key management process first. A properly designed
key management process must be at the core of every security system.
•
Second, if one is in charge of breaking a security system, then one is also
well advised to start with the key management process first. Most attacks
against cryptographic security systems that have been published in the past are
basically attacks that exploit vulnerabilities or weaknesses in the underlying
key management processes.
Consequently, the key management process is the most important part of a
security system that employs cryptography and cryptographic techniques. This is
