Key Management – The Achilles Heal
All things being equal, directly attacking modern encryption schemes is one of the most difficult tasks that can be undertaken without tremendous amounts of computing power. A common mantra among attackers is to take the path of least resistance. This mantra usually means that attacks against encryption systems rarely take the form of direct attacks on cyphertext or encryption algorithms. Keys and algorithms provide tremendous security, but only if the keys are adequately protected. Why break down a steel door when the windows are open? Why attempt to reverse engineer or guess the key, when it could be easily stolen? Key management is the process of generating, storing, exchanging, and protecting secret keys.
In order for key generation to be considered secure it must exhibit two basic characteristics. First of all, the space of possible keys must be equal to the entire keyspace. This was the weakness discovered in Netscape’s SSL key generation system. Secondly the key must be completely random. A random number generator must never produce the same number, even if all conditions are identical.
Keys must be stored in a location, physical or logical, which provides protection to the key. In many common cryptography implementations there are multiple sets of keys where key A might be used to protect key B. In situations such as this, it is important that the keys be of equal strength, otherwise it becomes easier for the attacker to attack the weaker of the two keys. It does not matter which key is compromised as in either case the data is compromised. In more secure implementations keys are often stored on Hardware Storage Modules (HSM) or on smart cards. This adds a layer of physical protection, in additional to logical/cryptographic protection.
Key exchange is perhaps the most venerable of key management functions. Key exchange is a large topic and is outside this discussion of cryptography. See a future article for more information. The principals discussed in this article apply mainly to a type of cryptography known as symmetric cryptography. Symmetric key cryptography accounts for the majority of all encryption operations performed because it is both efficient and secure. It does exhibit one significant weakness – both parties must use the same key, and must exchange that key. This key exchange is often solved by introducing either asymmetric or public key cryptography, or in some cases, such as the Diffie-Helman key exchange protocol used in many IPSec implementations.