7.8. Summary
This chapter focused on the basic elements of cryptography and the PKI implementation. There are three primary methods of encryption:
Symmetric
Asymmetric
Hashing
Symmetric systems require that each end of the connection have the same key. Asymmetric systems use a two-key system. In public key cryptography, the receiver has a private key known only to them; a public key corresponds to it, which they make known to others. The public key can be sent to all other parties; the private key is never divulged. Hashing refers to performing a calculation on a message and converting it into a numeric hash value.
There are five main considerations in implementing a cryptography system:
Confidentiality
Integrity
Authentication
Nonrepudiation
Access control
Confidentiality means that the message retains its privacy. Integrity means the message can't be altered without detection. Authentication is used to verify that the person who sent the message is actually who they say they are. Nonrepudiation prevents either the sender or receiver from denying that the message was sent or received. Access control is the methods, processes, and mechanisms of preventing unauthorized access to the systems that do the cryptography.
PKI is a system that has been widely implemented to provide encryption and data security in computer networks. It's being implemented globally by both governmental agencies and businesses. The major components of a PKI system include the certificate authority, the registration authority (which could be local), and certificates. The most common certificate implemented in PKI is X.509 v3.
CA systems can establish trusting relationships based on a hierarchical, bridge, mesh, or hybrid structure. This relationship can be defined based upon the needs of the organization.
The three cryptographic attacks covered in this chapter were mathematical, weak key, and birthday attacks. In mathematical attacks, mathematical methods are used to find ways to break an algorithm and decrypt a message. The birthday attack is based on the probability that patterns and common events become more likely as collections get larger. The weak key attack exploits either poorly chosen passwords or flaws in the password encryption algorithm.
In this chapter, you also learned about the standards, agencies, and associations that are interested in cryptography. You learned about the standards associated with cryptographic systems and the key-management life cycle.
Several government agencies have been specifically charged with overseeing security and encryption. The NSA and NIST are both concerned with government encryption standards. NIST is primarily concerned with nonmilitary standards; NSA/CSS is concerned with military applications.
The IETF, ISOC, ITU, and the IEEE are industrial associations concerned with different aspects of security. They aren't required to coordinate their activities, but as a general rule, they do. The IEEE publishes many standards and guidelines that are adhered to by most manufacturers.
The series of stages during the process of managing a key or a certificate is called a key/certificate life cycle. A life cycle encompasses all the major aspects of the life of a key or a certificate from the time it's generated until the time it's retired. There are 10 areas/stages of a key's life cycle:
Key generation
Key storage and distribution
Key escrow
Key expiration
Key revocation
Key suspension
Key recovery and archival
Key renewal
Key destruction
Key usage
You need to consider each of these stages when you implement a key or certificate within your organization. If you fail to properly address these issues, you can compromise the process or make more work for yourself. If the process isn't followed, the entire system is vulnerable.
You must decide whether to use a centralized or a decentralized process to generate keys. Centralized key generation can potentially create a bottleneck or a single point of failure. Decentralized key generation can create administrative and security problems. Most modern implementations support both centralized and decentralized key generation.
Appropriate key storage is critical to maintaining a secure environment. Keys should be stored on hardened systems under close physical control. Keys can be stored in physical cabinets or on servers. Security storage failures are usually the result of human error. Distributing keys and transporting keys can present security challenges. Private keys should never be sent through the communications network; out-of-band transmission should be used to transport or distribute them. If an existing key has been compromised, the new key will be just as compromised. Public keys are intended for circulation; however, steps must be taken to protect their integrity.
Key escrow is the process where keys are made available to law enforcement or other authorized agencies to utilize them to conduct an investigation. Key escrow agents store these keys, and they release them to authorized authorities.
A key expires when it reaches the end of its life cycle. Typically, this is a date-driven event. An expired key may be reissued using a rollover process, but generally this is considered a bad practice. The longer a key is used, the more likely it is to be broken.
When a key or certificate has been identified as corrupt, compromised, or lost, it can be revoked. A CRL informs all of the end users and CAs that the certificate has been revoked. Once a key is revoked, it can no longer be used.
Keys are suspended to disable them for a period of time. Suspension may occur because the key holder has become ill or has taken time off. A key can be unsuspended and reused.
Key recovery is the ability to recover a lost key or to use a previously active key. Three types of keys must be considered in this process: current keys, previous keys, and archived keys. An organization can use a key archival system to recover information that has been encrypted using older keys. Key archival systems usually utilize some type of access control such as the M of N Control method, which stipulates that a certain number of people must be present to access key archives. A key archival system usually works in conjunction with a key-generating system to provide complete archiving.
Key destruction is the process of rendering a key unusable. Physical keys must be physically destroyed. Software keys and smart card keys should have their key files erased to prevent them from being used.