Abstract
Key management describes how cryptographic keys are created, securely stored, distributed to the respective key holders, and used in accordance with protocol specifications. It is thus a cornerstone of most cryptographic systems and must be handled with care. Advances in hardware security modules used in key storage and high-end and low-cost random number generator used in key generation show a promising future for secure and affordable key management. However, future challenges, such as quantum resilience, have to be overcome by new key management systems. For the military, existing experience in handling cryptographic keys could help develop a key management system, and the reputation of Switzerland could help promote key management systems developed in Switzerland.
You have full access to this open access chapter, Download chapter PDF
1 Introduction
Key management describes how cryptographic keys are created, securely stored, distributed to the respective key holders, and used in accordance with protocol specifications. It is thus a cornerstone of most cryptographic systems and must be handled with care. Advances in hardware security modules (HSM) used in key storage and high-end as well as low-cost random number generator used in key generation show a promising future for secure and affordable key management. However, future challenges, such as quantum resilience have to be overcome by new key management systems. For the military, existing experience in handling cryptographic keys could help in the development of a key management system, and the reputation of Switzerland could help promote key management systems developed in Switzerland.
2 Analysis
Key management comprises all steps in creating, storing, distributing, recovering, and using cryptographic keys. Key management is a vital part of any cryptographic system since the security guarantees often depend on correctly performed key management.
2.1 Definition
Key management can be split into four stages: creation, storage, distribution, and usage of keys.
2.1.1 Key Creation
Key creation typically consists of deriving a cryptographic key from a source of randomness. In the case of the public-key cryptosystem RSA, key generation creates large prime numbers by randomly choosing large numbers until the number is prime. For the elliptic curve cryptosystem Ed25519 and symmetric cipher AES see Chap. 2, the private keys are randomly drawn 256 or 128 bit numbers. Apart from common pitfalls, such as improper use of key derivation functions, the most crucial property of key creation is a good source of randomness (see Chap. 7) with sufficient entropy [1].
2.1.2 Key Storage
Once keys are generated, they must be stored securely. Hardware security modules (HSM) are commonly used to protect the confidentiality of keys (see Chap. 16). This is essential, especially in the case of key hierarchies, where one key can be used to generate or issue other keys, and a compromised key (especially the root key) would invalidate all security properties. While key creation and storage are difficult to implement correctly, there are widely accepted solutions, such as hardware random number generators (HRNG) and HSMs from well-established vendors.
2.1.3 Key Distribution
Key distribution is typically the most challenging part of key management, as multiple systems must correctly interact over potentially insecure channels. Key distribution works differently depending on the type of keys. Symmetric keys are typically pre-shared out-of-band, for example, by storing them in physical smart cards or distributing them via a trusted channel, such as a secure connection over the Internet. Asymmetric keys can be pre-shared or generated by the user and authorized through delegation via digital certificates, including the corresponding public key. This public key infrastructure (PKI) approach is widely used to authenticate web traffic through the web PKI, domain names through the DNS PKI (DNSSEC), and network resources through the resource PKI (RPKI). Delegation in a PKI typically involves proof of the ownership of a resource, such as domain names or IP prefix ranges. A challenge in key distribution is the revocation of keys that are no longer valid, for example, because the key was compromised or the resource owner changed.
2.1.4 Key Usage
Once keys are distributed to the respective users, keys must be used according to the protocol specifications. Depending on the protocol, keys can be reused without implications, or key reuse can potentially compromise the security properties of the protocol. Therefore, a protocol must define policies, for example, whether the key is stored in memory or on a trusted platform module (TPM), how often a key is replaced (key rollover), or for which operation a key can be used.
2.2 Trends
Regarding key creation, hardware components such as HRNGs are becoming more accessible. Specialized HRNG, for example, optical quantum random number generators, can generate randomness at high bandwidth [2], while low-cost HRNGs, for example, based on timing jitter in Field Programmable Gate Arrays (FPGAs), can generate randomness at reasonable rates while only consuming limited resources [3]. The cost of hardware security modules for storing keys varies significantly depending on their security guarantees and performance. However, with several competitors in this market (including Swiss HSM producers [4]), the cost may continue to decrease over time. In addition, recent advances in verifying the correct operation of HSMs show a promising trend for the security of HSMs [5].
Apart from HSMs, key management systems geared towards personal use, for example, based on smart cards distributed to citizens or on capabilities of ubiquitous devices, such as smartphones, can be envisioned in the future to provide digital identities for Swiss citizens.
There are several improvements in the field of public key infrastructures. Free certificates are issued by certificate authorities such as Let’s Encrypt through automatic certificate issuance, which increases the coverage of the web PKI [6]. After a relatively slow adoption in the first few years since its inception in 2012, the deployment of RPKI protecting IP address resources has been steadily increasing over the last three years, reaching 40% coverage today [7]. In addition to the increasing adoption of existing PKI systems, we observe advances in solving the problems of revocation [8], lack of flexibility of relying parties [9], and efficient distribution of symmetric keys [10].
3 Consequences for Switzerland
For the military, secure key management is essential to maintain autonomy and protect against foreign and domestic adversaries. Single entities that can impact the operation or security of the key management system are potential threats that must be assessed carefully. An example of such an entity is a kill switch that can shut down a large portion of the (Internet) communication [11]. In the commercial sector, depending on the sensitivity of data, separate key management systems are already in use today, as shown by the SCION-based secure swiss finance network (SSFN), which provides high availability and security for communication between Swiss banks.
3.1 Implementation Possibilities: Make or Buy
For the military, buying a key management system or developing a custom one represents a fundamental choice. The main reason for developing a system is that in the military, there is a large amount of knowledge and experience in key management on various aspects, such as key storage and distribution. On the other hand, purchasing a standard key management protocol from a trusted vendor might facilitate collaboration with foreign entities while not absorbing the limited development resources of the military.
Civil society and businesses need more incentives to develop their key management system due to the lack of know-how and high cost. The exception could be a security-affine IT company using the reputation of Switzerland as a “safe” country to market the developed product (see Securosys [4]). For both sectors, buying is the natural choice as it allows for easier interoperability with other organizations, typically at a lower cost (Table 4.1).
3.2 Variations and Recommendation
The adversary model is an important aspect to consider when investing in a key management system. For example, the system may need to provide quantum resilience to remain confidential for an extended period, or it may be sufficient to consider state-of-the-art adversaries. For the former, a hybrid approach combining symmetric and asymmetric keys, such as TLS hybrid key exchange [12], can be a good solution. Such an approach benefits from the quantum resilience of symmetric cryptosystems [13] and the valuable properties of public-key cryptosystems.
4 Conclusion
There are well-established standards for key management, e.g., FIPS 140-3 [14] for hardware security modules or random number generators which provide a measurable quality for key management systems. Furthermore, although many commercial key management systems exist from reputable vendors, Swiss IT security companies can potentially enter the key management market by leveraging the trust placed in Switzerland as a safe country. Finally, recent research on PKI explores ways to have more flexible notions of trust without the reliance on globally trusted entities, solves the revocation problem, and efficiently provides symmetric keys between users.
References
Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. pages 205–220, 2012.
Ziyong Zheng, Yichen Zhang, Weinan Huang, Song Yu, and Hong Guo. 6 Gbps real-time optical quantum random number generator based on vacuum fluctuation. Review of Scientific Instruments, 90(4):043105, April 2019. Publisher: American Institute of Physics.
Gaoliang Ma, Huaguo Liang, Liang Yao, Zhengfeng Huang, Maoxiang Yi, Xiumin Xu, and Kai Zhou. A Low-Cost High-Efficiency True Random Number Generator on FPGAs. In 2018 IEEE 27th Asian Test Symposium (ATS), pages 54–58, October 2018. ISSN: 2377-5386.
Securosys SA. Securosys | Hardware Security Ready For the Challenges of Tomorrow. https://www.securosys.com/en/.
Anish Athalye, M Frans Kaashoek, and Nickolai Zeldovich. Verifying Hardware Security Modules with Information-Preserving Refinement. page 18.
Internet Security Research Group (ISRG). Let’s Encrypt stats. https://letsencrypt.org/stats/, September 2022.
National Institute of Standards and Technology (NIST). NIST RPKI monitor. https://rpki-monitor.antd.nist.gov/, September 2022.
Trevor Smith, Luke Dickinson, and Kent Seamons. Let’s Revoke: Scalable Global Certificate Revocation. In Proceedings 2020 Network and Distributed System Security Symposium, San Diego, CA, 2020. Internet Society.
Laurent Chuat, Cyrill Krähenbühl, Prateek Mittal, and Adrian Perrig. F-PKI: Enabling Innovation and Trust Flexibility in the HTTPS Public-Key Infrastructure. In Proceedings 2022 Network and Distributed System Security Symposium, San Diego, CA, USA, 2022. Internet Society.
Benjamin Rothenberger, Dominik Roos, Markus Legner, and Adrian Perrig. PISKES: Pragmatic Internet-Scale Key-Establishment System. In Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS ’20, pages 73–86, New York, NY, USA, October 2020. Association for Computing Machinery.
Benjamin Rothenberger, Daniele E. Asoni, David Barrera, and Adrian Perrig. Internet Kill Switches Demystified. In Proceedings of the 10th European Workshop on Systems Security, EuroSec’17, pages 1–6, New York, NY, USA, April 2017. Association for Computing Machinery.
Douglas Stebila, Scott Fluhrer, and Shay Gueron. Hybrid key exchange in tls 1.3. Internet-Draft draft-ietf-tls-hybrid-design-05, IETF Secretariat, August 2022.
Vasileios Mavroeidis, Kamer Vishi, Mateusz D., and Audun Jøsang. The impact of quantum computing on present cryptography. International Journal of Advanced Computer Science and Applications, 9(3), 2018.
National Institute of Standards and Technology. Security requirements for cryptographic modules. Technical Report NIST FIPS 140-3, National Institute of Standards and Technology, Gaithersburg, MD, April 2019.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this chapter
Cite this chapter
Krähenbühl, C., Perrig, A. (2023). Key Management. In: Mulder, V., Mermoud, A., Lenders, V., Tellenbach, B. (eds) Trends in Data Protection and Encryption Technologies . Springer, Cham. https://doi.org/10.1007/978-3-031-33386-6_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-33386-6_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-33385-9
Online ISBN: 978-3-031-33386-6
eBook Packages: Computer ScienceComputer Science (R0)