Techniques for controlling key usage

This section considers techniques for restricting keys to pre-authorized uses.

Key separation and constraints on key usage

Information that may be associated with cryptographic keys includes both attributes which restrict then use, and other information of operational use. These include:

  • 1. owner of key
  • 2. validity period (intended cryptoperiod)
  • 3. key identifier (aliowhig non-cryptographic reference to the key)
  • 4. intended use (see Table 13.2 for a coarse selection)
  • 5. specific algorithm
  • 6. system or environment of intended use, or authorized users of key
  • 7. names of entities associated with key generation, registration, and certification
  • 8. integrity checksum on key (usually part of authenticity requirement)

Key separation and the threat of key misuse

In simple key management systems, information associated with keys, including authorized uses, are inferred by context. For additional clarity or control, information explicitly specifying allowed uses may accompany distributed keys and be enforced by verification, at the tune of use, that the attempted uses are authorized. If control information is subject to manipulation, it should be bound to the key by a method which guarantees integrity and authenticity, e.g., through signatures (cf. public-key certificates) or an encryption technique providing data integrity.

The principle of key separation is that keys for different purposes should be cryptographically separated (see Remark 13.32). The threat of key misuse may be addressed by techniques which ensure that keys are used only for those purposes pre-authorized at the time of key creation. Restrictions on key usage may be enforced by procedural techniques, physical protection (tamper-resistant hardware), or cryptographic techniques as discussed below.

Discussion of other methods in §13.5.2 includes key tags, which allow key separation with explicitly-defined uses; key variants, which separate keys without exphcitly defining authorized uses; and key notarization and control vectors, which bind control information into the process by which keys are derived.

13.32 Remark (cryptographic reasons for key separation) A principle of sound cryptographic design is to avoid use of the same cryptographic key for multiple purposes. A key-encrypting key should not be used interchangeably as a data encryption key, since decrypted keys are not generally made available to application programs, whereas decrypted data is. Distinct asymmetric encryption and signature keys are also generally used, due to both differing life cycle requirements and cryptographic prudence. Flaws also potentially arise if: asymmetric keys are used for both signatures and challenge-response entity authentication (Remark 10.40); keys are used for both encryption and challenge-response entity authentication (chosen-text attacks); symmetric keys are used for both encryption and message authentication (Example 9.88). See also Remark 13.24.

< Prev   CONTENTS   Source   Next >