Go to CIOLEADERS homepage

Safekeeping Encryption Key

By CTOF Team

Added 26 February 2010

Its getting easier to undertake encryption of data for security. But how easy is it to protect the key to the cipher?

The move from physical security of resources to virtual safety of data has been smooth for businesses. We have been collecting and disseminating data to connect with clients, suppliers and employees. The scenario has been productive and time has come when data has become primary for all business activity.

Businesses have always given importance to securing their commercial and physical assets, which is today easily translated into business information. Encryption has been a sure-fire solution to safeguarding all of this information. What has been arduous for companies though, is securing the safety key. The keys to all this encryption are difficult to store and manage.

There are two primary sets of information that we need to protecttransactions and stored data. As a result, device encryption along with data encryption has arisen to drive security for serious users across the board. In this entire process, the key becomes primary, along with its cipher. The cipher or the lock, along with the key, is able to protect data from being available to unauthorised users. Together, the cipher and the key are able to protect data from being stolen or misused. While it is so easy to lose a physical key, its easier to lose an all-encompassing encryption key. As we start to use more and more technologies to safeguard valuable data, it becomes mandatory to protect the key to all the information we cannot do without. An encryption key is the single most application that can be employed to decrypt data that has been coded. It then becomes important to safeguard the key from getting lost or from being copied.

According to NIST, a Key Management Lifecycle includes signing keys, transporting private keys, using public keys to verify, digital signatures and secret authentication keys. The cycle will also include information such as domain parameters, public authorization keys and initialization vectors. This lifecycle is of relevance because if the encryption key is lost, all the information this key protects is also lost. Therefore, encryption key management has taken priority for users.

So what does a good encryption key management plan comprise? Most importantly, it should archive the signature verification key, secret authentication key and the public authentication key. At the same time, the key should also include data encryption for a longer term along with domain parameters. It should incorporate key encrypting for the key used and a key for key wrapping. And what should an encryption key not archive? It should not archive the signing key, the private authentication key along with the short term data encryption key. The encryption key should also not archive the RNG key, key transport public key, ephemeral key agreement and private keys.

Some good strategies to safeguard an encryption key include backup of the keys along with backup of all changes that the key undergoes. This way the keys can be safely used at any time in the future to access data that has been archived in the past. The other safe stratagem is to make sure that the administrator has an effective disaster recovery plan.

It is also a good idea to ensure that the access control to an encryption keys is safeguarded at all times. This will ensure appropriate encryption of data. The safety of encryption keys in their physical environment is equally important, as is escrowing the keys with a third party.

To define the best way to undertake security of encryption key is difficult. What is required is to undertake processes to evolve a standard encryption key management. As encryption becomes commonly used to protect data, key management takes further relevance. With the many devices being deployed to protect data, key management needs to be constantly monitored and upgraded.

comments powered by Disqus
Reducing Data Center Energy Usage

Reducing Data Center Energy Usage

ManageEngine adds power management to DCIM portfolio with new plug-in based...

The New Hybrid Cloud

The New Hybrid Cloud

Rackspace offers its latest hybrid cloud solution RackConnect v3

Benefits for CIOs from Windows 10

Benefits for CIOs from Windows 10

Check out the benefits of Windows 10

related Whitepapers

OPINION POLL

Dear CIO/CISO, can you define an Advanced Evasion Technique (AET)?

no-image

CURRENT ISSUE

September 2014

CIO&Leader September Issue