Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Published byAdam Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management."— Presentation transcript:

1 Key Management Guidelines

2 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management Life Cycle 5. General Key Management Guidance 6. Key Management Guidance - Selected Infrastructures 7. Key Management Guidance - Selected Applications Appendix A: Cryptoperiods for Signing Key Pairs Appendix X: References

3 Introduction 1.1 Goal/Purpose 1.2 Audience 1.3 Scope 1.4 Security Services 1.5 Content/Organization

4 Goal/Purpose  Provide Key Management Background Information  Establish Frameworks to Support Selection and Use of Cryptographic Mechanisms

5 Audience  Cryptographic Module Developers  Protocol Developers  System or Application Owners

6 Scope  Cryptographic Algorithms, Infrastructures, Protocols and Applications  Management of Cryptographic Keys –Generation –Use –Destruction

7 Security Services  Confidentiality  Data Integrity  Authentication  Non-repudiation

8 Content Organization  Glossary of Terms and Acronyms  Cryptographic Algorithms, Keys and Other Keying Material  Key Management Life Cycle  General Key Management Guidance  Guidance for Selected Infrastructures  Guidance -for Selected Applications  Appendices As Required

9 Glossary 2.1 Glossary of Terms 2.2 Acronyms

10 Cryptographic Algorithms, Keys and Other keying Material 3.1 Classes of Cryptographic Algorithms 3.2 Cryptographic AlgoriFunctionality 3.3 Cryptographic Keys and Other Keying Material

11 Classes of Cryptographic Algorithms  Hash Algorithms  Symmetric Key Algorithms  Asymmetric Key Algorithms

12 Cryptographic Algorithm Functionality 3.2.1 Hash Function 3.2.2 Encryption/Decryption Algorithms 3.2.3 Message Authentication Codes 3.2.4 Digital Signature Algorithms 3.2.5 Key Establishment Algorithms 3.2.6 Random Number Generation

13 Cryptographic Keys and other Keying Material 3.3.1 Classes of Keys and Protection Requirements 3.3.2 Other Keying Material and Its Protection

14 Key Types Signing Keys Keys Derived From a Signature Verification Keys Master Key Secret Authentication Keys Key Transport Private Keys Private Authentication Keys Key Transport Public Keys Public Authentication Keys Static Key Agreement Long Term Data Encryption Private Keys Keys Static Key Agreement Short Term Data Encryption Public Keys Keys Ephemeral Key Agreement Random Number Generation Private Keys Keys Ephemeral Key Agreement Key Encrypting Keys Used Public Keys for Key Wrapping Secret Authorization Keys Master Keys used for Key Private Authorization Keys Derivation Public Authorization Keys

15 Cryptographic Keys and Other Keying material 3.3.1 Classes of Keys and Protect Requirements 3.3.2 Other Keying Material and Its Protection

16 Table 1: ProtectionRequirements for Key Classes

17 Table 1: ProtectionRequirements for Key Classes

18 Table 1: ProtectionRequirements for Key Classes

19 Key Management Lifecycle 4.1 User Registration 4.2 System and User Initialization 4.3 Keying Material Installation 4.4 Key Establishment 4.5 Key Registration 4.6 Operational Use 4.7 Storage of Keying Material 4.8 Key Update 4.9 Key Recovery 4.10 Key De-registration and Destruction 4.11 Key Revocation

20 Key Establishment 4.4.1 Generation and Distribution of Public/Private Key Pairs - Static Public Keys - Ephimeral Public Keys - Centrally Generated Private Keys 4.4.2 Generation and Distribution of Symmetric Keys - Key Generation - Key Distribution - Key Agreement 4.4.3 Generation and Distribution of Other Keying Material - Domain Parameters - Initialization Vectors - Shared Secrets - Seeds - Intermediate Results

21 Key Management Lifecycle 4.1 User Registration 4.2 System and User Initialization 4.3 Keying Material Installation 4.4 Key Establishment 4.5 Key Registration 4.6 Operational Use 4.7 Storage of Keying Material 4.8 Key Update 4.9 Key Recovery 4.10 Key De-registration and Destruction 4.11 Key Revocation

22 Storage of Keying Material 4.7.1 General Protection Methods - Confidentiality - Integrity - Association With Usage or Application - Association With the Other Entity - Long Term Availability - Association With Other Information 4.7.2 Operational Storage 4.7.3 Backup Storage 4.7.4 Key Archive Storage

23 Table 2: Backup of Keying Material by Material Type

24

25 Storage of Keying Material 4.7.1 General Protection Methods Confidentiality Integrity Association With Usage or Application Association With the Other Entity Long Term Availability Association With Other Information 4.7.2 Operational Storage 4.7.3 Backup Storage 4.7.4 Key Archive Storage

26 Key Management Lifecycle 4.1 User Registration 4.2 System and User Initialization 4.3 Keying Material Installation 4.4 Key Establishment 4.5 Key Registration 4.6 Operational Use 4.7 Storage of Keying Material 4.8 Key Update 4.9 Key Recovery 4.10 Key De-registration and Destruction 4.11 Key Revocation

27 General Key Management Guidance 5.1 Key Management Policy 5.2 Guidance for Cryptographic Algorithm and Key Size Selection 5.3 Key Establishment Schemes

28 Key Management Policy 5.1.1 Key Management Practices Statement 5.1.2 Key Usage 5.1.3 Cryptoperiods 5.1.4 Domain Parameter Validation and Public Key Validation 5.1.5 Compromise of Keys and Other Keying Material 5.1.6 Accountability 5.1.7 Audit 5.1.8 Key Recovery Considerations Policy

29 Guidance for Cryptographic Algorithm and Key Size Selection 5.2.1 Equivalent Algorithm Strength 5.2.2 Defining Appropriate Algorithm Strengths 5.2.3 Transitioning to New Algorithms and Key Sizes

30 Table 3: Equivalent Algorithm Strengths

31 Guidance for Cryptographic Algorithm and Key Size Selection 5.2.1 Equivalent Algorithm Strength 5.2.2 Defining Appropriate Algorithm Strengths 5.2.3 Transitioning to New Algorithms and Key Sizes

32 Table 4: Recommended Algorithms and Minimum Key Sizes

33 Guidance for Cryptographic Algorithm and Key Size Selection 5.2.1 Equivalent Algorithm Strength 5.2.2 Defining Appropriate Algorithm Strengths 5.2.3 Transitioning to New Algorithms and Key Sizes

34 General Key Management Guidance 5.1 Key Management Policy 5.2 Guidance for Cryptographic Algorithm and Key Size Selection 5.3 Key Establishment Schemes

35 Key Management Guidance Selected Infrastructures 6.1 Public Key Infrastructure 6.2 Kerberos

36 Key Management Guidance Selected Protocols 7.1 S/MIME 7.2 TLS/SSL 7.2.1 Version 7.2.2 Cipher Suite Selection 7.2.3 Public Key Certificates for TLS

37 Key Management Guidance Selected Applications 8.1 Encrypted File Storage 8.2 ???

38 Appendix A Cryptoperiods for Signing Key Pairs

39 Appendix X References

Download ppt "Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management."

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Key Management for Space Missions

Key Management for Space Missions
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.

Figure 1: SDR / MExE Download Framework SDR Framework Network Server Gateway MExE Download + Verification Using MExE Repository (Java sandbox) MExE Applet.
An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.

An In-Depth Examination of PKI Strengths, Weaknesses and Recommendations.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Web services security I

Web services security I
TrustPort Public Key Infrastructure. WWW.TRUSTPORT.COM Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
Key Management in Cryptography

Key Management in Cryptography

Similar presentations

Ads by Google