Key Management Functions

Like physical keys, encryption keys must be safeguarded. Most successful attacks against encryption exploit vulnerability in key management functions rather than some inherent weakness in the encryption algorithm. The following are the major functions associated with key management.

Key generation

Keys must be generated randomly on a secure system, and the generation sequence itself shouldn’t provide potential clues regarding the contents of the keyspace. Generated keys shouldn’t be displayed in the clear.

Key distribution

Keys must be securely distributed. This is a major vulnerability in symmetric key systems. Using an asymmetric system to securely distribute secret keys is one solution.

Key installation

Key installation is often a manual process. This process should ensure that the key isn’t compromised during installation, incorrectly entered, or too difficult to be used readily.

Key storage

Keys must be stored on protected or encrypted storage media, or the application using the keys should include safeguards that prevent extraction of the keys.

Key change

Keys, like passwords, should be changed regularly relative to the value of the information being protected and the frequency of use. Frequently used keys are more likely to be compromised through interception and statistical analysis. However, like a changing of the guard, vulnerabilities inherent to any change must be addressed.

Key control

Key control addresses the proper use of keys. Different keys have different functions and may only be approved for certain levels of classification.

Key disposal

Keys (and any distribution media) must be properly disposed of, erased, or destroyed so that the key’s contents are not disclosed, possibly providing an attacker insight into the key management system.

 Instant Answer   The seven key management issues are generation, distribution, installation, storage, change, control, and disposal.