In cryptography, a key is a piece of information (a parameter) that determines the functional output of a cryptographic algorithm. For encryption algorithms, a key specifies the transformation of plaintext into ciphertext, and vice versa for decryption algorithms. Keys also specify transformations in other cryptographic algorithms, such as digital signature schemes and message authentication codes.^[1]

A Guide on How To Secure Cryptographic Keys Swati Goyal The rise of the cryptocurrency industry and the digitization of the banking industry have been crucial steps towards achieving an advanced.

Need for secrecy[edit]

In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This is known as Kerckhoffs' principle — 'only secrecy of the key provides security', or, reformulated as Shannon's maxim, 'the enemy knows the system'. Easeus data recovery wizard license key generator for mac. The history of cryptography provides evidence that it can be difficult to keep the details of a widely used algorithm secret (see security through obscurity). A key is often easier to protect (it's typically a small piece of information) than an encryption algorithm, and easier to change if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret.^[2]

Trying to keep keys secret is one of the most difficult problems in practical cryptography; see key management. An attacker who obtains the key (by, for example, theft, extortion, dumpster diving, assault, torture, or social engineering) can recover the original message from the encrypted data, and issue signatures.

This section discusses two options to get a trusted X.509 client certificate onto an IoT device for lab testing. Depending on the capabilities of the device, various provisioning-related operations may or may not be supported, including onboard ECDSA key generation, private key import, and X.509 certificate enrollment. There are multiple ways of generating an encryption key. Most implementations rely on a random object. All examples mentioned here use a secure cryptographic randomizer.

Key scope[edit]

Keys are generated to be used with a given suite of algorithms, called a cryptosystem. Encryption algorithms which use the same key for both encryption and decryption are known as symmetric key algorithms. A newer class of 'public key' cryptographic algorithms was invented in the 1970s. These asymmetric key algorithms use a pair of keys—or keypair—a public key and a private one. Public keys are used for encryption or signature verification; private ones decrypt and sign. The design is such that finding out the private key is extremely difficult, even if the corresponding public key is known. As that design involves lengthy computations, a keypair is often used to exchange an on-the-fly symmetric key, which will only be used for the current session. RSA and DSA are two popular public-key cryptosystems; DSA keys can only be used for signing and verifying, not for encryption.

Ownership and revocation[edit]

Part of the security brought about by cryptography concerns confidence about who signed a given document, or who replies at the other side of a connection. Assuming that keys are not compromised, that question consists of determining the owner of the relevant public key. To be able to tell a key's owner, public keys are often enriched with attributes such as names, addresses, and similar identifiers. The packed collection of a public key and its attributes can be digitally signed by one or more supporters. In the PKI model, the resulting object is called a certificate and is signed by a certificate authority (CA). In the PGP model, it is still called a 'key', and is signed by various people who personally verified that the attributes match the subject.^[3]

In both PKI and PGP models, compromised keys can be revoked. Revocation has the side effect of disrupting the relationship between a key's attributes and the subject, which may still be valid. In order to have a possibility to recover from such disruption, signers often use different keys for everyday tasks: Signing with an intermediate certificate (for PKI) or a subkey (for PGP) facilitates keeping the principal private key in an offline safe.

Deleting a key on purpose to make the data inaccessible is called crypto-shredding.

Key sizes[edit]

For the one-time pad system the key must be at least as long as the message. In encryption systems that use a cipher algorithm, messages can be much longer than the key. The key must, however, be long enough so that an attacker cannot try all possible combinations.

A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong. See the key size article for a more complete discussion.

The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security equivalent to a 128 bit symmetric cipher. Elliptic curve cryptography may allow smaller-size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of searching for their keys may not survive. As early as 2004, a message encrypted using a 109-bit key elliptic curve algorithm had been broken by brute force.^[4] The current rule of thumb is to use an ECC key twice as long as the symmetric key security level desired. Except for the random one-time pad, the security of these systems has not been proven mathematically as of 2018, so a theoretical breakthrough could make everything one has encrypted an open book (see P versus NP problem). This is another reason to err on the side of choosing longer keys.

Key choice[edit]

To prevent a key from being guessed, keys need to be generated truly randomly and contain sufficient entropy. The problem of how to safely generate truly random keys is difficult, and has been addressed in many ways by various cryptographic systems. There is a RFC on generating randomness (RFC 4086, Randomness Requirements for Security). Some operating systems include tools for 'collecting' entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high quality randomness.

Key vs password[edit]

For most computer security purposes and for most users, 'key' is not synonymous with 'password' (or 'passphrase'), although a password can in fact be used as a key. The primary practical difference between keys and passwords is that the latter are intended to be generated, read, remembered, and reproduced by a human user (though the user may delegate those tasks to password management software). A key, by contrast, is intended for use by the software that is implementing the cryptographic algorithm, and so human readability etc. is not required. In fact, most users will, in most cases, be unaware of even the existence of the keys being used on their behalf by the security components of their everyday software applications.

If a passwordis used as an encryption key, then in a well-designed crypto system it would not be used as such on its own. This is because passwords tend to be human-readable and, hence, may not be particularly strong. To compensate, a good crypto system will use the password-acting-as-key not to perform the primary encryption task itself, but rather to act as an input to a key derivation function (KDF). That KDF uses the password as a starting point from which it will then generate the actual secure encryption key itself. Various methods such as adding a salt and key stretching may be used in the generation.

See also[edit]

• Cryptographic key types classification according to their usage
• Diceware describes a method of generating fairly easy-to-remember, yet fairly secure, passphrases, using only dice and a pencil.
• glossary of concepts related to keys

References[edit]

1. ^'What is cryptography? - Definition from WhatIs.com'. SearchSecurity. Retrieved 2019-07-20.
2. ^'Quantum Key Generation from ID Quantique'. ID Quantique. Retrieved 2019-07-20.
3. ^Matthew Copeland; Joergen Grahn; David A. Wheeler (1999). Mike Ashley (ed.). 'The GNU Privacy Handbook'. GnuPG. Archived from the original on 12 April 2015. Retrieved 14 December 2013.
4. ^Bidgoli, Hossein (2004). The Internet Encyclopedia. John Wiley. p. 567. ISBN0-471-22201-1 – via Google Books.

Hardware security module

A hardware security module (HSM) is a physical computing device that safeguards and manages digital keys for strong authentication and provides cryptoprocessing. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server.

• Design1
• Security2
• Uses3
  • PKI environment (CA HSMs)3.1
  • Card payment system HSMs (bank HSMs)3.2
  • SSL connection establishment3.3
  • DNSSEC3.4
• See also4
• Notes and references5
• External links6

Design

HSMs may possess controls that provide tamper evidence such as logging and alerting and tamper resistance such as deleting keys upon tamper detection.^[1] Each module contains one or more secure cryptoprocessor chips to prevent tampering and bus probing.

Many HSM systems have means to securely backup the keys they handle either in a wrapped form via the computer's operating system or externally using a smartcard or some other security token.^[2]

Because HSMs are often part of a mission-critical infrastructure such as a public key infrastructure or online banking application, HSMs can typically be clustered for high availability. Some HSMs feature dual power supplies and field replaceable components such as cooling fans to conform to the high-availability requirements of data center environments and to enable business continuity.

A few of the HSMs available in the market have the ability to execute specially developed modules within the HSM's secure enclosure. Such an ability is useful, for example, in cases where special algorithms or business logic has to be executed in a secured and controlled environment. The modules can be developed in native C language, in .NET, Java, or other programming languages. While providing the benefit of securing application-specific code, these execution engines protect the status of an HSM's FIPS or Common Criteria validation.

Security

Due to the critical role they play in securing applications and infrastructure, HSMs and/or the cryptographic modules they employ are typically certified to internationally-recognized standards such as Common Criteria or FIPS 140 to provide users with independent assurance that the design and implementation of the product and cryptographic algorithms are sound. The highest level of FIPS 140 security certification attainable is Security Level 4 (Overall), to which very few HSMs have been successfully validated.

Uses

A hardware security module can be employed in any application that uses digital keys. Typically the keys must be of high-value - meaning there would be a significant, negative impact to the owner of the key if it were compromised.

The functions of an HSM are:

• onboard secure cryptographic key generation
• onboard secure cryptographic key storage and management
• use of cryptographic and sensitive data material
• offloading application servers for complete asymmetric and symmetric cryptography.

HSM are also deployed to manage Transparent Data Encryption keys for databases.

HSMs provide both logical and physical protection of these materials, including cryptographic keys, from non-authorized use and potential adversaries.^[3]

The cryptographic material handled by most HSMs are asymmetric key pairs (and certificates) used in public-key cryptography. Some HSMs can also handle symmetric keys and other arbitrary data.^[4]

Some HSM systems are also hardware cryptographic accelerators. They usually cannot beat the performance of hardware-only solutions for symmetric key operations. However, with performance ranges from 1 to 7,000 1024-bit RSA signs per second, HSMs can provide significant CPU offload for asymmetric key operations. Since NIST is recommending the use of 2,048 bit RSA keys from year 2010,^[5] performance at longer key sizes is becoming increasingly important. To address this issue, some HSMs now support elliptic curve cryptography (ECC), which delivers stronger encryption with shorter key lengths.

PKI environment (CA HSMs)

In PKI environments, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. In these cases, there are some fundamental features a device must have, namely:

• Logical and physical high level protection
• Multi-part user authorization schema (see Blakley-Shamir secret sharing)
• Full audit and log traces
• Secure key backup

On the other hand, device performance in a PKI environment is generally less important, in both online and offline operations, as Registration Authority procedures represent the performance bottleneck of the Infrastructure. Visio premium 2010 product key generator.

Card payment system HSMs (bank HSMs)

Limited-feature HSMs are used in card processing systems. These systems are usually less complex than CA HSMs and normally do not feature a standard API. These devices can be grouped in two main classes:

OEM or integrated modules for automated teller machines and point of sale terminals:

• to encrypt the personal identification number (PIN) entered when using the card
• to load keys into protected memory

Authorisation and personalisation modules may be used to:

• check an on-line PIN by comparing with an encrypted PIN block
• in conjunction with an ATM controller, verify credit/debit card transactions by checking card security codes or by performing host processing component of an EMV based transaction
• support a crypto-API with a smart card (such as an EMV)
• re-encrypt a PIN block to send it to another authorisation host
• support a protocol of POS ATM network management
• support de facto standards of host-host key data exchange API
• generate and print a 'PIN mailer'
• generate data for a magnetic stripe card (PVV, CVV)
• generate a card keyset and support the personalisation process for smart cards

The major organization that produces and maintains standards for HSMs on banking market is the Payment Card Industry Security Standards Council.

SSL connection establishment

Performance critical applications that have to use HTTPS (SSL/TLS), can benefit from the use of an SSL Acceleration HSM by moving the generation of the session key, which typically requires several large integer multiplications, from the host CPU to the HSM device. Typical HSM devices can perform about 50 to 1,000 1024-bit RSA operations/second.^[6] Some performance at longer key sizes is becoming increasingly important. To address this issue, some HSMs ^[7] now support elliptic curve cryptography. Specialized HSM devices can reach numbers as high as +7,000 operations per second.

DNSSEC

An increasing number of registries use HSMs to store the key material that is used to sign large zonefiles. An open source tool for managing signing of DNS zone files using HSM is OpenDNSSEC.

On January 27, 2007 deployment of DNSSEC for the root zone officially started; it was undertaken by ICANN and Verisign, with support from the U.S. Department of Commerce.^[8] Details of the root signature can be found on the Root DNSSEC's website.

See also

Onboard Secure Cryptographic Key Generation 2

Notes and references

1. ^'Electronic Tamper Detection Smart Meter Reference Design'. freescale. Retrieved 26 May 2015.
2. ^'Using Smartcard/Security Tokens'. mxc software. Retrieved 26 May 2015.
3. ^'Support for Hardware Security Modules'. paloalto. Retrieved 26 May 2015.
4. ^'Application and Transaction Security / HSM'. Provision. Retrieved 26 May 2015.
5. ^'Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths' (PDF). NIST. January 2011. Retrieved March 29, 2011.
6. ^F. Demaertelaere. 'Hardware Security Modules' (PDF). Atos Worldline. Retrieved 26 May 2015.
7. ^'Barco Silex FPGA Design Speeds Transactions In Atos Worldline Hardware Security Module'. Barco-Silex. January 2013. Retrieved April 8, 2013.
8. ^'ICANN Begins Public DNSSEC Test Plan for the Root Zone'. www.circleid.com. Retrieved 2015-08-17.

External links

• Current NIST FIPS-140 certificates

Onboard Secure Cryptographic Key Generation 1

Onboard Secure Cryptographic Key Generation System