7.7. Understanding Key Management and the Key Life Cycle

Key management refers to the process of working with keys from the time they are created until the time they are retired or destroyed. Key management includes the following stages/areas:

• Centralized versus decentralized key generation

• Key storage and distribution

• Key escrow

• Key expiration

• Key revocation

• Key suspension

• Key recovery and archival

• Key renewal

• Key destruction

• Key usage

The term key life cycle describes the stages a key goes through during its entire life. You can think of this as a cradle-to-grave situation. By expressing these relationships in the terms of a life cycle, evaluating each phase of a key's use from its creation to its destruction becomes easier. If any aspect of a key's life isn't handled properly, the entire security system may become nonfunctional or compromised.

Key management is one of the key aspects of an effective cryptographic system. Keys, as you may remember, are the unique passwords or passcodes used to encrypt or decrypt messages. You can think of a key as one of the primary components of certificates; this is why these terms are used together. Certificates are used to transport keys between systems.

The following sections compare and contrast centralized and decentralized key generation as well as key storage and distribution. The other aspects of key management are also covered.

7.7.1. Comparing Centralized and Decentralized Key Generation

Key generation (the creation of the key) is an important first step in the process of working with keys and certificates. Using certificates is one of the primary methods for delivering keys to end entities. Key length and the method used to create the key also affect the security of the system in use. The security of a key is measured by how difficult it is to break the key. The longer it takes to break the key, the more secure the key is considered to be.

According to RSA, it would take 3 million years and a $10 million budget to break a key with a key length of 1,024 bits. The amount of time it would take to break a 2,048-bit key is virtually incalculable. Of course, these numbers are based on the assumption that the algorithm is secure and no other methods of attack would work to break the algorithm or the key.

One main thing to consider is where to create the keys. Should they be generated on a central machine or in a decentralized environment? A third method used to generate keys is called the split generation system, which is a combination of a centralized and decentralized process.

7.7.1.1. Centralized Key Generation

Centralized key generation allows the key-generating process to take advantage of large-scale system resources. Key-generating algorithms tend to be extremely processor intensive. Using a centralized server, this process can be managed with a large single system. However, problems arise when the key is distributed. How can it be transported to end users without compromising security?

Figure 7.23 shows a centralized generation process. In this example, all the physical resources are in a single location, under centralized management control.

Centralized generation has the advantage of allowing additional management functions to be centralized. A major disadvantage is that the key archival and storage process may be vulnerable to an attack against a single point instead of a network. Reliability, security, and archiving can be addressed if the proper systems, procedures, and policies are put into place and followed.

7.7.1.2. Decentralized Key Generation

Decentralized key generation allows the key-generating process to be pushed out into the organization or environment. The advantage of this method is that it allows work to be decentralized and any risks to be spread. This system isn't vulnerable to a single-point failure or attack. Decentralized generation addresses the distribution issue, but it creates a storage and management issue.

Figure 7.24 demonstrates a decentralized system. In this situation, the loss of any single key-generating system doesn't disrupt the entire network. The RA in the figure refers to a registration authority, and the CA refers to a certificate authority.

7.7.1.3. Split-System Key Generation

Many systems, including the PKI system, require the use of a split system. In a split system, the central server generates encryption keys. Digital signature keys are created at the client or in a smart card.

7.7.2. Storing and Distributing Keys

Where and how keys are stored affects how they are distributed. Distributing keys is usually accomplished using a Key Distribution Center (KDC), as used in Kerberos, or by using a Key Exchange Algorithm (KEA), as in the case of PKI.

In order for Kerberos to function properly, time synchronization must be working correctly. If clocks drift from the correct time, problems can occur with trying to compare time stamps and authenticate.

A KDC is a single service or server that stores, distributes, and maintains cryptographic session keys. When a system wants to access a service that uses Kerberos, a request is made via the KDC. The KDC generates a session key and facilitates the process of connecting these two systems. The advantage of this process is that once it's implemented, it's automatic and requires no further intervention. The major disadvantage of this process is that the KDC is a single point of failure; if it's attacked, the entire security system could be compromised. Figure 7.25 illustrates the KDC creating a session between two systems.

The KEA process is slightly different from the KDC process. The KEA negotiates a secret key between the two parties; the secret key is a short-term, single-use key intended strictly for key distribution. The KEA process should not be used to transmit both the public and private keys. Figure 7.26 illustrates the KEA process. The KEA session terminates once the key has been successfully transmitted.

Protecting keys from unauthorized access while making them available for use by authorized personnel is important. The process can utilize physical security measures such as locked cabinets and safes, and it can involve software such as Kerberos and PKI.

Keys can be either hardware devices or software devices. An example of a hardware device would be a smart card. Software keys may be generated by CA-oriented systems such as PKI. Whether they're hardware or software, protecting keys is essential for a security system to operate effectively.

Protecting keys is a difficult process. Public keys don't require full protection; they require only integrity protection. Private keys, on the other hand, require full protection. The unknowing disclosure of a private key in a symmetrical or public/private key system potentially compromises the system. Armed with a private key, an attacker could read all the communications in the system and also sign information and impersonate the real owner. This fraudulent signature could be difficult to repudiate. The following section briefly discusses private key protection and key server protection, which are both essential for good security.

Physically, private keys should be kept under close supervision. If possible, multiple keys should be required to open the storage facility, and the two keys should never be stored together. If two different people are responsible for storing the keys, both of them must consent and be present for the storage facility to be opened.

Key servers also pose potential security problems, both from an access control perspective and from a physical access perspective. If a fault is introduced into the system, a resulting core dump (also known as a memory dump) may leave the key information in a core dump file. A sophisticated attacker could use the core dump to get key information.

Most private-key security failures can be traced back to physical security or human errors. Make sure that private keys are well guarded and secure.

Under no circumstances should you ever divulge or send your private key. Doing so jeopardizes your guarantee that only you are able to work with the data and may irreparably damage your security.

7.7.3. Using Key Escrow

A key escrow system stores keys for the purpose of law enforcement access. If a criminal investigation is under way, law enforcement agents with a search warrant have the right to access and search records within the scope of the warrant. In general, the key archival system will provide the access needed. Key escrow is listed separately because the usage is important to a law enforcement investigation.

One of the proposed methods of dealing with key escrow involves the storage of key information with a third party, referred to as a key escrow agency. This agency would provide key information only when ordered by a court. In general, key escrow is handled by the key archival system.

Key escrow systems can also be a part of the key recovery process. Several government agencies are attempting to implement regulations requiring mandated key escrow. Mandated key escrow would allow law enforcement agencies to investigate a key escrow user without their knowledge. Many individuals and organizations view this as an invasion of their privacy, and they're fighting the use of mandated key escrow on the basis that it violates personal freedom. The key escrow process is covered in more detail in the section "Recovering and Archiving Keys" later in this chapter.

7.7.4. Identifying Key Expiration

A key expiration date identifies when a key is no longer valid. Normally, a key is date stamped; this means that it becomes unusable after a specified date. A new key or certificate is normally issued before the expiration date.

Keys with expiration dates work similarly to credit cards that expire. Usually, the card issuer sends another card to the cardholder before the expiration date.

Most applications that are key enabled or certificate enabled check the expiration date on a key and report to the user if the key has expired. PKI gives the user the opportunity to accept and use the key.

7.7.5. Revoking Keys

Keys are revoked when they are compromised, the authentication process has malfunctioned, people are transferred, or other security risks occur. Revoking a key keeps it from being misused. A revoked key must be assumed to be invalid or possibly compromised.

The credit card analogy is applicable here too. Consider a credit card that was stolen from a customer. This card, for all intents and purposes, is a certificate. A retailer could take its chances and accept the card, or it could verify that the card is accurate by running the card through a card verification machine to check its status. If the card has been reported stolen, the credit card authorization process will decline the charge.

Systems such as PKI use a CRL to perform a check on the status of revoked keys. Revocations are permanent. Once a certificate is revoked, it can't be used again; a new key must be generated and issued.

7.7.6. Suspending Keys

A key suspension is a temporary situation. If an employee were to take a leave of absence, the employee's key could be suspended until they came back to work. This temporary suspension would ensure that the key wouldn't be usable during their absence. A suspension might also occur if a high number of failed authentications or other unusual activities were occurring. The temporary suspension would give administrators or managers time to sort out what is happening.

Checking the status of suspended keys is accomplished by checking with the certificate server or by using other mechanisms. In a PKI system, a CRL would be checked to determine the status of a certificate. This process can occur automatically or manually. Most key or certificate management systems provide a mechanism to report the status of a key or certificate.

7.7.7. Recovering and Archiving Keys

One of the problems with a key-based system is that older information, unless processed with a new key, may become inaccessible. For example, if you have a two-year-old file on your system and it's still encrypted, will you remember which key was used to encrypt it two years ago? If you're like most people, you won't. If you can't decrypt the data, it's useless.

To deal with this problem, archiving old keys is essential: Any time a user or key generator creates and issues a key, the key must also be sent to the key archive system. This is most easily done on a server that offers secure storage. Older keys can be stored and retrieved when necessary. Figure 7.27 illustrates this relationship with a CA. This server requires strong physical security and at least the same security as the key-generating system.

Key recovery is an important part of an encryption system. Information that is stored using older keys will be inaccessible using a new key. Key recovery allows you to access information that is encrypted with older keys. For example, key recovery could be used to retrieve information from an ex-employee. Three different factors must be considered when implementing a key archival system:

Current keys

Current keys are the keys in use at the present time. They haven't been revoked. In the event that a current key becomes lost, destroyed, or damaged, you need a way to recover the key so that data loss doesn't occur. A smart card can also become damaged, and a method must be established to reload the card with key information.

If the current key isn't recoverable, all information that was encrypted using it will be unavailable. This type of data loss could be expensive. Some newer systems allow the creation of "virtual" smart cards that can be used temporarily to initialize a new card. This card would generally be good only for a short period of time, such as during a work shift.

This process should be relatively easy for administrators to manage because people do forget to bring their authentication devices to work from time to time.

Previous Keys

Previous keys have recently expired and are no longer current. An employee who comes to work today may not know that a key rollover has occurred until they try to open yesterday's e-mail. Depending on what's in the e-mail, this could be a disaster. Many newer systems keep copies of recent keys in a key store on the system; this key store may contain the last two or three keys. If a local key store isn't provided, a key restoration process will be required from the archive system. Again, this may involve manual intervention by administrators.

Archived keys

Archived keys were discussed earlier. You should expect that older messages will be needed from time to time. This is especially true in a situation where litigation is involved; during the discovery phase of litigation, all records, correspondence, and memoranda must be presented to attorneys when subpoenaed. Failure to comply will result in sanctions from the court. Imagine that you had to access all the e-mails and files from a particular department for the last five years; it would be a very labor-intensive undertaking if you didn't have an archive system.

Many recovery and archive systems use the M of N Control method of access. This method, simply stated, says that in order to access the key server if n number of administrators have the ability to perform a process, m number of those administrators must authenticate for access to occur. This may require the administrators' physical presence.

A typical M of N Control method may stipulate that six people have access to the archive server and at least three of them must be present to accomplish access. In this situation, m = 3 and n = 6. This would ensure that no one person could compromise the security system.

7.7.8. Renewing Keys

Key renewal defines the process of enabling a key for use after its scheduled expiration date. A key would be reissued for a certain time in this situation. This process is called a key rollover. In most cases, the rollover of keys occurs for a given time frame. What would happen, however, if an organization found itself in a situation where a key rollover must not occur? Many systems include means to prevent rolling keys over.

In general, key rollovers are a bad practice and should not be performed except in the direst of situations. The longer a key is used, the more likely it is to be compromised. It is always better to renew keys than to do a key rollover.

If an earthquake occurred in your area and your building was inaccessible for two weeks, you would want to allow the existing keys to be used until higher-priority matters could be resolved when you went back to your building. In a natural disaster, a key rollover could add an inordinate amount of stress to an already very stressful situation.

Real World Scenario: What Do You Do About Forgetful Programmers? You work as a network administrator for a software development company. The president of the company has been reading the newspapers, and he has recently become concerned about industrial espionage. Specifically, he wants to implement a system that will require the use of smart cards for access and authentication by all employees. Your company has used employee badges for a number of years, and now you'll be upgrading to a newer technology. You've noticed that your software developers work very long hours and sometimes forget to bring their badges to work. This hasn't been much of a problem because you've been able to issue temporary badges when you needed them. How could you deal with an employee who leaves his smart card at home? You could implement a system that allows a virtual smart card to be created for short periods of time. The employee's supervisor or a security staff member could call your smart desk to authorize the release of a virtual smart card. You would need to make sure that only trusted individuals could authorize or initiate this process.

7.7.9. Destroying Keys

Key destruction is the process of destroying keys that have become invalid. For example, an electronic key can be erased from a smart card. In older mechanical key systems, keys were physically destroyed using hammers.

Many symmetrically based encryption systems use a dedicated device to carry the key for the encryption. This key would be physically delivered to the site using the encryption system. Old keys would be recovered and destroyed.

Whether you're using physical keys or software-oriented key systems, old keys must be destroyed in a manner that ensures they don't fall into unauthorized hands.

7.7.10. Identifying Key Usage

During the time when the key is not being revoked, suspended, renewed, or destroyed, it is being used. Key usage is simply the use (and management) of public and private keys for encryption. While the topic appears as an objective on the exam, there is nothing additional to know here that is not addressed elsewhere in this chapter.

Real World Scenario: Selling the Company's Old Computers You've been asked to verify that the computers your company has liquidated are ready to be sold. What steps should you take to verify that unauthorized access to information doesn't occur? You need to be concerned about two issues in this case. First, you need to make sure all corporate records, software, and other sensitive information are removed from the system. Second, you need to make sure any special access devices or encryption systems have been removed. Encryption systems that use key-based models may store keys in hidden areas of the disks. As a general practice, the disks on systems that are sold as surplus should be completely zeroed out; doing so prevents any sensitive information from being released inadvertently.