Key management life cycle
Except in simple systems where secret keys remain fixed for all time, cryptoperiods associated with keys require that keys be updated periodically. Key update necessitates additional procedures and protocols, often including communications with thud parties in public-key systems. The sequence of states which keying material progresses through over its lifetime is called the key management life cycle. Life cycle stages, as illustrated in Figure 13.10, may include:
1. user registration - an entity becomes an authorized member of a security domain. This involves acquisition, or creation and exchange, of initial keying material such as shared passwords or PINs by a secure, one-time technique (e.g., personal exchange, registered mail, trusted courier).
Figure 13.10: Key management life cycle.
- 2. user initialization - an entity initializes its cryptographic application (e.g., installs and initializes software or hardware), involving use or installation (see below) of initial keying material obtained during user registration.
- 3. key generation - generation of cryptographic keys should include measures to ensure appropriate properties for the intended application or algorithm and randomness in the sense of being predictable (to adversaries) with negligible probability (see Chapter 5). An entity may generate its own keys, or acquire keys from a trusted system component.
- 4. key installation - keying material is installed for operational use within an entity’s software or hardware, by a variety of techniques including one or more of the following : manual entry of a password or PIN, transfer of a disk, read-only-memory device, chipcard or other hardware token or device (e.g., key-loader). The initial keying material may serve to establish a secure on-line session through which working keys are established. During subsequent updates, new keying material is installed to replace that in use, ideally through a secure on-line update technique.
- 5. key registration - in association with key installation, keying material may be officially recorded (by a registration authority) as associated with a unique name which distinguishes an entity. For public keys, public-key certificates may be created by a certification authority (which serves as guarantor of this association), and made available to others through a public directory or other means (see §13.4).
- 6. normal use - the objective of the life cycle is to facilitate operational availability of keying material for standard cryptographic purposes (cf. §13.5 regarding control of keys during usage). Under normal circumstances, this state continues until cryptoperiod expiiy; it may also be subdivided - e.g., for encryption public-key pairs, a point may exist at which the public key is no longer deemed valid for encryption, but the private key remains in (normal) use for decryption.
- 7. key backup - backup of keying material in independent, secirre storage media provides a data source for key recovery (point 11 below). Backup refers to short-term storage during operational use.
- 8. key update - prior to cryptoperiod expiry, operational keyhrg material is replaced by new material. This may involve some combination of key generation, key derivation (§13.5.2), execution of two-party key establishment protocols (Chapter 12), or communications with a trusted third party. For public keys, update and registration of new keys typically involves secure communications protocols with certification authorities.
- 9. archival - keyhrg material no longer in normal use may be archived to provide a source for key retrieval under special circumstances (e.g., settling disputes involving repudiation). Archival refers to off-line long-term storage of post-operational keys.
- 10. key de-registration and destruction - once there are no further requirements for the value of a key or maintaining its association with an entity, the key is de-registered (removed from all official records of existing keys), and all copies of the key are destroyed. In the case of secret keys, all traces are securely erased.
- 11. key recovery - if keying material is lost in a manner free of compromise (e.g., due to equipment failure or forgotten passwords), it may be possible to restore the material from a secure backup cop)'.
- 12. key revocation - it may be necessary to remove keys from operational use prior to their originally scheduled exphy, for reasons including key compromise. For public keys distributed by certificates, this involves revoking certificates (see §13.6.3).
Of the above stages, all are regularly scheduled, except key recovery and key revocation which arise under special situations.
13.45 Remark (public-key vs. symmetric-key life cycle) The life cycle depicted in Figure 13.10 applies mainly to public-key pahs, and involves keying material of only a single party. The life cycle of symmetric keys (including key-encrypting and session keys) is generally less complex; for example, session keys are typically not registered, backed up, revoked, or archived.
Key states within life cycle
The typical events involving keying material over the lifetime of the key define stages of the life cycle. These may be grouped to define a smaller set of states for cryptographic keys, related to their availability for use. One classification of key states is as follows (cf. Figure 13.10):
- 1. pre-operational. The key is not yet available for normal cryptographic operations.
- 2. operational. The key is available, and in normal use.
- 3. post-operational. The key is no longer in normal use, but off-line access to it is possible for special purposes.
- 4. obsolete. The key is no longer available. All records of the key value are deleted.
System initialization and key installation
Key management systems require an initial keying relationship to provide an initial secure channel and optionally support the establishment of subsequent working keys (long-term and short-term) by automated techniques. The initialization process typically involves non- cryptograpliic one-tune procedures such as transfer of keying material in person, by trusted courier, or over other trusted channels.
The security of a properly architected system is reduced to the security of keying material, and ultimately to the security of initial key installation. For this reason, initial key installation may involve dual or split control, requiring co-operation of two or more independent trustworthy parties (cf. Note §13.8).