Introduction To Key Management

Cryptography is used to secure data at rest, stored in servers, and in motion, transmitted over the network. Cryptography involves mathematical operations that convert the original plaintext into an unintelligible ciphertext (encryption) and the reverse process, converting ciphertext to plaintext (decryption). Cryptographic algorithms apply these algorithms in combination of keys, which serve as a secret knowledge to complete the algorithmic operations correctly.

And these keys require management as part of ongoing cyber hygiene — which is what I’ll cover in this article.

How cryptographic keys works

Cryptographic keys are analogous to the number combinations used to secure a physical safe. Only the authorized user(s) of the safe have knowledge of the safe combination keys.

The safe may employ a complex mechanism for keeping the door locked, but even the strongest of safe may provide no security against penetration — if the key combination is known to an unauthorized adversary attempting to break the lock.

In the digital world, communication takes place over the network, between different entities at different geographic locations, who may or may not be able to share key knowledge between each other. So how do you share the secret key knowledge that enables secure communications over the network, where an adversary may be present as a man in the middle eavesdropper?

What is key management?

Effective use of cryptography requires key management, which refers to the all-encompassing activities in handling cryptography keys during the entire lifecycle. It is designed to defend against two attacks, which refer to the key exchange problem:

Forward secrecy

Leakage of the key material can compromise previous session keys. The lack of historical secrecy would allow an adversary to bypass the cryptography operations applied to a different session key. Knowledge of a future session key can help map the cryptographic processes used in the past sessions.

Known key attack

If the keying material is compromised, future session keys are no longer secure. An adversary can impersonate the legitimate entity using this knowledge, but the past communication sessions are not compromised by this attack.

Key management lifecycle

Let’s review the the key management lifecycle: 

1. Key generation

First step: generating a cryptography key using an approved set of rules, including the use of a pseudo-random generator.

2. Key installation

Next, we move into the process of setting up, configuring and testing keying material, including hardware, software and cryptomodules.

3. Key establishment

The distribution of keys between two or more entities involved in the communication. The process may involve Key Generation or Key Agreement, where a new key is produced as a function of the secret (key) information possessed by the individual communicating parties.

We will explore this process in detail later, as it differentiates between symmetric private key cryptography and asymmetric public key cryptography.

4. Key certification

Now the key must be certified — an authentication using digital signatures (issued by third party certification authority) that unambiguously associate the key with the appropriate sources. Users are registered as the authorized members of the security domain to which these digital signatures may apply.

5. Key usage

Key usage is the process of ensuring operational availability of keying material during the applicable cryptoperiod of the keys. Depending on the type of key establishment protocols, the key may be temporary (session key) and need revocation at the expiration end of the digital certificate.

6. Key storage

Cryptography keys must be stored with a high degree of Confidentiality, Integrity and Availability (CIA). The storage location may not be an active memory but only acquired from an operational memory available to cryptographic algorithms.

7. Key update & recovery

Mechanisms that allow authorized entities to update and retrieve the keys stored in the operational memory. This follows the principle of securing data at rest and is useful for reconstructing a key from archived keying information.

8. Key revocation

The key is destroyed or deregistered when no further key management operations are applicable to the associated source entities. These entities may have completed the communication process or may no longer be eligible for the key certification process.

Key establishment process for private & public key cryptography

Now, let’s revisit #3 from above — key establishment — and see how this key management lifecycle applies to the two types of cryptography schemes: 

Private key establishment

In symmetric key cryptography, the same secret key is used for encryption and decryption. This is also called Private Key Cryptography. It looks like this:

1. Alice initiates a request to access encrypted information; a Data Encryption Key (DEK) retrieval request is sent to Bob.
2. Alice also sends a certificate for verification to Bob, who verifies this signature with a Certification Authority (CA) for authentication.
3. Bob then responds by sending his certificate to Alice for authentication and acceptance by the CA and initiates a secure TLS connection. Alice may now encrypt the data using the DEK provided by Bob. Encryption schemes used in this key exchange protocol include AES and Triple-DES.
4. Upon receiving this encrypted ciphertext, Bob uses the Key Encryption Key (KEK) to decrypt the data.
5. The DEK may be stored by Alice until the end of the session.

Public key establishment

Asymmetric Key Cryptography is a combination of a public key and secret private key is used for encryption and decryption. This is also called Public-Key Cryptography. It works like this:

1. Alice and Bob verify each other’s certificate against a CA for authentication and mutual acceptance.
2. Bob then responds to Alice’s request to send his public key. 
3. Alice then creates an ephemeral session key using a key exchange mechanism that may follow an asymmetric algorithmic scheme such as Elliptic Curve Cryptography, Diffie-Hellman Key Exchange or RSA protocol.
4. Alice then encrypted this secret key with Bob’s public key. The resultant key is used to encrypt data, to be sent to Bob.
5. Bob recipes this data and decrypts it with his own private key.

Purpose & goal of cryptography

Now that we looked at two processes, we can see that the goal of the cryptography schemes is to ensure:

• Entity authentication: The entities are alive and active as corroborating with both parties.
• Data origin authentication: Each party is corroborated of the information source.
• Implicit key authentication: Only the intended recipient can determine the private key and use it to complete the encryption/decryption process.
• Key confirmation: Confirm that the recipient is in possession of their particular secret key.
• Explicit key authentication: Ensure that the given secret key is in possession of the intended recipient.