Printer-friendly version

Browse the glossary using this index

Special | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | ALL

K

Picture of Yee Wei Law

Key establishment and key management

by Yee Wei Law - Monday, 29 May 2023, 11:39 AM
 

Key establishment (see Definition 1) is part of key management (see Definition 2).

Definition 1: Key establishment [MvV96, Definition 1.63]

A process whereby a shared secret key becomes available to two or more parties, for subsequent cryptographic use.

Definition 2: Key management [BB19, p. 12]

Activities involved in the handling of cryptographic keys and other related parameters (e.g., IVs and domain parameters) during the entire life cycle of the keys, including their generation, storage, establishment, entry and output into cryptographic modules, use and destruction.

Simply speaking, key management is a set of processes and mechanisms which support key establishment and the maintenance of ongoing keying relationships between parties, including replacing older keys with new keys as necessary [MvV96, Definition 1.64]; see Fig. 1.

Fig. 1: Key lifecycle in key management [SC16, Figure 2.18]. The events are self-explanatory.
Example 1

Key management includes identification of the key types.

CCSDS [CCS11] has identified the following key types for securing space missions:

  • Long-term data encryption keys: These are symmetric keys for protecting the confidentiality of data over long time periods.

    These keys require confidentiality and integrity protection, and must remain available and associated with the encrypted data or services as long as the data encrypted under these keys is maintained in its encrypted form.

  • Short-term data encryption keys: These are symmetric keys for protecting the confidentiality of data over short time periods, e.g., over a communication session.

    These short-term keys are generated as needed.

    The confidentiality and integrity of these keys must be maintained until the entire session has been decrypted.

    Upon the conclusion of a session, these short-term keys must be securely destroyed.

  • Key transport public keys: These keys are used for transporting keying material (e.g., encryption keys, MAC keys, initialisation vectors) in the encrypted form.

    These keys must be validated prior to their use, and retained until no longer needed (e.g., the public/private key pair is replaced, or key transport is no longer required).

  • Key transport private keys: These keys are used for decrypting keying material encrypted with the corresponding public keys.

  • Other key types discussed in [CCS11, Sec. A2].

Key establishment can be broadly classified into key agreement (see Definition 3) and key transport (see Definition 4).

Definition 3: Key agreement [BB19, p. 11]

A pair-wise key-establishment procedure in which the resultant secret keying material is a function of information contributed by both participants, so that neither party can predetermine the value of the secret keying material independently from the contributions of the other party.

๐Ÿ‘ฉ โžก ๐Ÿ”‘ โฌ… ๐Ÿง”

Definition 4: Key transport [BB19, p. 14]

A key-establishment procedure whereby one entity (the sender) selects a value for secret keying material and then securely distributes that value to one or more other entities (the receivers).

๐Ÿ‘ฉ โžก ๐Ÿ”‘ โžก ๐Ÿ‘จโ€๐Ÿ‘ฉโ€๐Ÿ‘งโ€๐Ÿ‘ฆ

Key agreement is more popular than key transport, and the de facto standard key agreement protocol is Diffie-Hellman key agreement.

References

[BB19] E. Barker and W. C. Barker, Recommendation for Key Management: Part 2 - Best Practices for Key Management Organizations, Special Publication 800-57 Part 2 Revision 1, NIST, May 2019. https://doi.org/10.6028/NIST.SP.800-57pt2r1.
[CCS11] CCSDS, Space Missions Key Management Concept, Informational Report CCSDS 350.6-G-1, The Consultative Committee for Space Data Systems, November 2011. Available at https://public.ccsds.org/Pubs/350x6g1.pdf.
[MvV96] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996. Available at https://cacr.uwaterloo.ca/hac/.
[SC16] J. J. Stapleton and W. Clay Epstein, Security without Obscurity: A Guide to PKI Operations, CRC Press, 2016. https://doi.org/10.1201/b19725.