Cryptography Reference
In-Depth Information
true for the security professional who designs the security system as well as the
adversary who tries to break it.
Because the key management process is so comprehensive and complex, there
is usually no single standard to which one can refer. Instead, there are many stan-
dards that address specific questions and problems related to the key management
process. Some of the standards are overviewed, discussed, and put into perspective
in [2]; they are not repeated in this topic.
19.2
KEY LIFE CYCLE
Every cryptographic key has a life cycle. As mentioned earlier, in a simplified key
life cycle, one can distinguish between key generation, distribution, storage, and
destruction. These activities and tasks are overviewed and briefly discussed next.
19.2.1
Key Generation
Unless one is in the realm of unkeyed cryptosystems, the use of a cryptographic sys-
tem always requires the generation of cryptographic keys and related material (e.g.,
IVs) in one way or another. The generation of this material, in turn, requires the use
of a random bit generator as addressed in Chapter 9. Either the random bit generator
is used directly to generate the cryptographic keys or the random bit generator is
used indirectly to seed a PRBG (that then generates the cryptographic keys that are
needed for the cryptographic system in use). In either case, it is mandatory to know
and properly understand the possible realizations and implementations for hardware-
based or software-based random bit generators (see Section 9.2), as well as the ways
to test the statistical randomness properties of the output of these generators (see
Section 9.3).
19.2.2
Key Distribution
In an ideal world, the cryptographic keys are used where they are generated. In this
case, the distribution of the cryptographic keys is not a problem. In all other cases,
however, the distribution of the cryptographic keys must be considered carefully.
In fact, it must be ensured that cryptographic keys cannot be attacked passively or
actively during their distribution. This is an important and challenging engineering
task. In fact, many key distribution protocols and systems have been developed,
proposed, implemented, and deployed in the past (see, for example, [3]). There are
many subtle details that must be considered and addressed with care.
