• Choose a category
• All
• Classic-Fiction

FIGURE 7.24 A distributed key-generating system

Split-System Key Generation

Many systems, including the PKI system, require the use of a split system. In a split system, the central server generates encryption keys. Digital signature keys are created at the client or in a smart card.

Storing and Distributing Keys

Where and how keys are stored affects how they are distributed. Distributing keys is usually accomplished using a Key Distribution Center (KDC), as used in Kerberos, or by using a Key Exchange Algorithm (KEA), as in the case of PKI.

In order for Kerberos to function properly, time synchronization must be working correctly. If clocks drift from the correct time, problems can occur with trying to compare time stamps and authenticate.

A KDC is a single service or server that stores, distributes, and maintains cryptographic session keys. When a system wants to access a service that uses Kerberos, a request is made via the KDC. The KDC generates a session key and facilitates the process of connecting these two systems. The advantage of this process is that once it’s implemented, it’s automatic and requires no further intervention. The major disadvantage of this process is that the KDC is a single point of failure; if it’s attacked, the entire security system could be compromised. Figure 7.25 illustrates the KDC creating a session between two systems.

FIGURE 7.25 The KDC process in a Kerberos environment

The KEA process is slightly different from the KDC process. The KEA negotiates a secret key between the two parties; the secret key is a short-term, single-use key intended strictly for key distribution. The KEA process should not be used to transmit both the public and private keys. Figure 7.26 illustrates the KEA process. The KEA session terminates once the key has been successfully transmitted.

Protecting keys from unauthorized access while making them available for use by authorized personnel is important. The process can utilize physical security measures such as locked cabinets and safes, and it can involve software such as Kerberos and PKI.

FIGURE 7.26 The KEA process

Physical protection methods include physical storage devices that place a key under lock and key. Storage devices include, but aren’t limited to, filing cabinets and safes.

Keys can be either hardware devices or software devices. An example of a hardware device would be a smart card. Software keys may be generated by CA-oriented systems such as PKI. Whether they’re hardware or software, protecting keys is essential for a security system to operate effectively.

Protecting keys is a difficult process. Public keys don’t require full protection; they require only integrity protection. Private keys, on the other hand, require full protection. The unknowing disclosure of a private key in a symmetrical or public/private key system potentially compromises the system. Armed with a private key, an attacker could read all the communications in the system and also sign information and impersonate the real owner. This fraudulent signature could be difficult to repudiate. The following section briefly discusses private key protection and key server protection, which are both essential for good security.

Physically, private keys should be kept under close supervision. If possible, multiple keys should be required to open the storage facility, and the two keys should never be stored together. If two different people are responsible for storing the keys, both of them must consent and be present for the storage facility to be opened.

Key servers also pose potential security problems, both from an access control perspective and from a physical access perspective. If a fault is introduced into the system, a resulting core dump (also known as a memory dump) may leave the key information in a core dump file. A sophisticated attacker could use the core dump to get key information.

Most private-key security failures can be traced back to physical security or human errors. Make sure that