kpmg_wp
TRANSCRIPT
-
7/28/2019 KPMG_wp
1/25
R I S K A N D A D V I S O R Y S E R V I C E S
J A N U A R Y 2 0 0 2
A BS T RA CT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
INT RO DUCT ION . . . . . . . . . . . . . . . . . . . . . . . . . . 2
BACKGROUND. . . . . . . . . . . . . . . . . . . . . . . . . . . 3
K EY M A N A G E M E N T . . . . . . . . . . . . . . . . . . . . . . 4
Key M anagem ent Con tro ls . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . . .. . .5
Key M anagem ent R isk Factors . . . . . . . . . . .. . . . . . .. . . . . .. . . . . . .. .6
Key M anagem ent Trends ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
P O L IC Y, P R A C T I C ES , A N D P R O C E D U R E S . . . . . 1 0
Bus iness Pract i ce D isc los ures . . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . .10
Env i ron m enta l Con tro ls . . . . . . . . .. . . . . .. . . . . . .. . . . . . .. . . . . .. . . . . . .11
Key M anagem ent L i fe Cyc le Con tro ls . . . . . . . .. . . . . .. . . . . . .14
Cert i f i ca t e M anagem ent L i fe Cyc le Con tro ls . . . . . . .. . .16
Exam p le Key Gen era t ion Cerem on y . . . . . . . . . . . .. . . . . .. . . . .17
S U M M A R Y . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 8
Ap pen d ixes. . . . . . . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . .. . . .19
Ap pen d ix A : S t and ards A ct i v i t i es . . . . . . .. . . . . . .. . . . . .. . . . . . .19Ap pen d ix B : Key Genera t ion Cerem on y. . . . . . . . . . .. . . . . . .20
Ap pen d ix C : Glos sary . .. . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . .. . . .22
LIST OF F IGU RES
Figure 1 : Key Li fe Cyc le .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
F igure 2 : Sof tw are- versus Hardw are-Based
Cryp to graph y. . . . . . . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . . .. . . . . .. . . . . . .. .6
F igu re 3 : Key M anagem ent R isk Facto rs . . . . . . . .. . . . . . .. . .7
K EY M A N A G EM EN T P O L I C Y
A N D P R AC T I C E FR A M EW O R K
-
7/28/2019 KPMG_wp
2/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1
A B S T R A C T
The secure administration and distribution of cryptographic keys,
called key management, is a necessary and critical aspect of business
risk mitigation. This white paper describes the significance of sound
key management applicable to any application employing cryptogra-
phy. R eaders of this paper should have some fam iliarity with cryptog-
raphy and its ability to protect information via data confidentiality,
entity and data authentication, data integrity, and even non-repudiation.
We have provided a historical perspective of cryptography along with
a discussion of security controls, risk factors, and current trends that
wi ll affect key management processes. A framework of relevant poli-
cies, practices, and procedures is presented regarding business prac-
tice disclosures, key life cycle management, certificate life cycle
management, and environmental controls. A n overview of standards
activities is given, along with an example key generation ceremony.
This paper takes the position that business risk drives the need for
cryptographic solutions, which in turn necessitates establishing and
maintaining sound key management policies and practices.
Cryptographic hardware, although preferred over software-based
solutions due to key management risk factors, can enable good key
management schemes, but documented and sensibly enforced key
management procedures are still necessary. Furthermore, these key
management policies, practices, and procedures should be periodi-
cally reviewed by an independent third party using industry-estab-
lished criteria.
A C K N O W L E D G E M E N T
The support provided by nCipher Incorporated in the development of
this white paper is greatly appreciated.
2 0 0 2 K P M G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
-
7/28/2019 KPMG_wp
3/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 2
I N T R O D U C T I O N
Key management is the secure administration of cryptographic keys.
A cryptographic key is merely data, a string of binary zeroes and ones
that enable a cryptographic algorithm to m anufacture ciphertext
output from cleartext input. C ryptographic algorithms can provide
encryption and decryption of information for data confidentiality, mes-
sage authentication codes (M AC s) for data integrity and entity authen-
tication, as well as digital signatures for data integrity, entity
authentication, and non-repudiation. Cryptography is also used in key
management to achieve the confidentiality, integrity, authenticity, and
non-repudiation of cryptographic keys, which is an integral part of
sound key management practices.
There are several ways to securely handle keys and other relevant key-
ing material, and there are even more ways to mishandle and mis-
manage cryptographic keys. Improper key management is a constant
threat to any application employing any form of cryptography, which
dramatically and unnecessarily increases business risk. W ith the advent
of public key cryptography, effective management of keys has become
even more important, particularly in the case of management of pri-
vate keys when integrity and authenticity must be provable to a third
party (i. e., non-repudiation). A new comm unity of users and integra-
tors is relearning the im portance of hardware-based cryptography and
the importance of formal security evaluation and compliance testing. 1
This paper discusses some of the historical aspects of cryptography,
provides an overview of k ey management, and presents some current
trends that will affect the policy and practices for key management. A
synopsis of standards activities is presented, along with an example
key generation ceremony that embodies the secure administration of
cryptographic keys described in this paper.
2 0 0 2 K P M G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
1FIP S PU B 140-2 Security R equirem ents for Cryptographic M odules and ISO 13491
Banking Secure Cryptographic D evices (Retail).
-
7/28/2019 KPMG_wp
4/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 3
B A C K G R O U N D
H istorically, symmetric cryptography (dating from Egyptian hiero-
glyphics circa 1900 B.C . to m ore recent use in World Wars I and I I circa
1900 A. D. ) required that the same cryptographic key, which must be
shared between two communicating parties (i.e., the sender and the
receiver), be securely exchanged using manual procedures. Today,
symmetric keys are distributed electronically from the key-generation
point to the operational sites by enciphering these keys with other
symmetric keys called key enciphering keys (KEKs).
The primary issue with symmetric key management schemes is
establishing the first KEK , commonly called the initial key.2 The initial
key, in order to maintain its confidentiality, is typically generated and
securely exchanged as multiple key components. A n organization
must designate trusted individuals as key agents, with each key agent
assigned a single key component. W hen all the components are
securely combined under the supervision of a security officer, the
symmetric key is recreated securely, so that no one individual has
ever viewed or had access to the symmetric key. This labor-intensive
process is still used in todays financial systems.
The advent of asymmetric or public key cryptography provided a par-
tial solution to the init ial symmetric key problem. A symmetric key can
be randomly generated by the sender and encrypted using the public
key of the receiver. The receiver can then decrypt the enciphered sym-
metric key using his or her own private key. Clearly, this simplifies the
process for exchanging the initial symmetric key, however it introduces
to the sender issues regarding the integrity and authenticity of the
receivers public key. Previously, the symmetric key manual procedures
im plicitly provided integrity and authentication between both parties.
Assurance concerning the integrity and authenticity of a receivers
public key can be enhanced by using public key certificates, whereby
the receivers identity is cryptographically bonded to his or her public
key. In this key management practice, the sender relies on the receivers
public key certificate, which has been issued by a trusted third party
called a certification authority(C A ). H owever, life is not so simple as
to have one global CA for everyone and everything on the planet.
O ther issues also affect key management practices. The sheer number
of asymmetric key pairs, public key certificates, and symmetric keys is
dramatically increasing as cryptography proliferates in network infra-
structures, remote devices, and business applications. Furthermore,
cryptographic keys do not last forever; they must be periodically and
securely replaced. The scalability and extensibility issues regarding key
management are creating new challenges that could very well result in
new and interesting problems and innovative solutions.
2 0 0 2 K P M G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
2Some systems use multiple KEK s, but only the very first KEK is the initial key.
-
7/28/2019 KPMG_wp
5/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 4
K E Y M A N A G E M E N T
Remem ber that key management is the secure administration and
distribution of cryptographic keys throughout the entire key life cycle.
Keys are generated, distributed, stored, used, recovered, and eventu-
ally terminated or possibly archived. Figure 1: Key Life Cycle depicts
eight stages for a symmetric key or a private asymmetric key (the life
cycles are the same) and seven stages for the asymm etric public key.
The first stage for any key is always Key G eneration, where the sym-
metric key or asymmetric key pair is created. From there, public and
private keys take very different paths.
For an asymmetric private key (and a symmetric key) the next stage
is typically Key Distribution, w here the cryptographic key is securely
transported to one or more operational devices and, potentially,
backup systems. Key D istributi on is possibly the most critical opera-
tion of the key life cycle, and carries the highest risk. The next two
stages, Key Installation and Key Backup, may occur in parallel. Key
Installation is the stage where the key is successfully installed in each
device (e.g., a typical Web farm may employ dozens of servers) at
each operational site. Key Backup is the stage where the key is
securely stored for the unlikely event of key loss due to unexpected
power interruption or hardware failure. Thus, key recovery occurs
when a k ey is securely retrieved from K ey Backup and re-installed in
the Key Installation stage. The next stage is the Key U sage stage,
where the correct key is used for its intended purpose in an opera-
tional environment and where copies of keys used with multiple
devices should be verif iably synchronized. A ll cryptographic keys have
a limited life expectancy; therefore the next stage is Key Termination,
where all instances (including backup) of a key are erased, except for
the possibility of transferring it to the Key Archival stage. A rchived
keys are not kept forever, so eventually an archived key transfers to
the K ey Termination stage. Whenever an archived key is retrieved to
2 0 0 2 K P M G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
F ig u r e 1 : K e y L i f e C y c l e
-
7/28/2019 KPMG_wp
6/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 5
verify its previous use, the key moves temporarily to the Restricted
Key Usage stage, and im mediately thereafter is erased, thus migrat-
ing to the K ey Termination stage. A rchived keys should never be used
in an operational environment.
For an asymmetric public key, once the public key has been created in
the Key Pair Generation stage, it should transfer to the Certification
Registration stage. O nce a certificate has been issued by a certif ica-
tion authority, the public key certificate transfers to the Certificate
Repository stage. This stage simply denotes that the certificate is
publicly available. Some protocols specify that the certificate be trans-
mitted along with the transaction when a Certificate Repository is not
used. The certificate then enters the Certif icate U sage stage in paral-
lel with the K ey Usage stage for the asymmetric private key. A ll asym-
metric key pairs have a limited life expectancy; therefore public key
certificates eventually enter the Certificate Expiration stage. However,
unlike K ey Termination, certificates merely expire and there is no secu-
rity or operational necessity to erase any copies of the certificate.
A lternatively, if an asymmetric private key is known or suspected to
be compromised, the private key must be terminated and the certifi-
cate should be automatically revoked, temporarily entering the
Certificate R evocation stage. Eventually, even revoked certificates
expire according to their validity date; therefore even revoked certifi-
cates migrate to the Certification Expiration stage. N ote that there are
other reasons in addition to an asymm etric key compromise for revok-
ing certificates.3
K E Y M A N A G E M E N T C O N T R O L S
There are several universal key management controls that must be
enforced throughout the key life cycle.
1. Private asym m etric keys and sym m etric keys shall only exist in
the following secure forms:4
As cleartext inside the protected mem ory of a tamper-resistant
security module
As ciphertext outside the protected memory of a tamper-resis-
tant security module
As two or more key fragments (e.g., key components, k-of-n
key shares), either in cleartext or ciphertext, managed using
dual control with split knowledge
These three forms ensure that the confidentiality of private asym-
metric and symmetric keys is absolute; no one must ever know
these keys.
2. Public asym m etric keys are unrestricted by definition, therefore
their confidentiality is not necessary; however, the integrity and
authenticity of public asymmetric keys must be established,maintained, and verifiable. Public key certificates bind the users
identity to the public key via the C As signature on the certificate,
and therefore ensure the integrity and authenticity of the certifi-
cate contents, including the public key it contains.
3. Key generation should use only approved algorithms (e.g., X9
standards) for random or pseudo-random number generation and
random prime number generation.
4. Key separation is a security method whereby each key (or key
pair) is generated for a particular purpose and is used for the sole
purpose for which it was intended.
5. Key synchronization is the ability to verify that the same key (e.g.,symmetric or asymmetric private key) is securely stored in one or
more locations without compromising the security of the keys or
the systems.
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
3AN S X9.57 Certificate M anagement, and ISO 15782 Banking Certificate
M anagem ent.
4ANS X9.24 Financial Services Key M anagem ent U sing Sym m etric Cryptography, and
ISO 11568 Banking Key M anagem ent (Retail).
-
7/28/2019 KPMG_wp
7/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 6
K E Y M A N A G E M E N T R I S K F A C T O R S
A single, generic set of key management policies and practices that
satisfies these basic controls and can apply to all scenarios is sim ply
not feasible. R ather, a comprehensive set of specific key manage-
ment policies and, especially, practices must be chosen and imple-
mented to effectively and appropriately mitigate the business risks ina given environment.5
Cryptography is based on mathematical algorithms (i .e. , a software
process) and cryptographic keys (i.e., data) running in either special-
ized hardware or as software on a dedicated or general-purpose com-
puter. The more dedicated or specialized the hardware, the higher the
degree of inherent security controls.
Software-based cryptography is where the cryptographic algorithms,
keys, cleartext data, and ciphertext data all reside in the unprotected
memory of a general-purpose computer. Figure 2: Softw are- versus
H ardw are-Based Cryptographydepicts the various components and
highlights the security issues intrinsic in performing software-based
cryptography. In this example, a symmetric encryption key is repre-
sented by the door key icon, the cryptographic algorithm is repre-
sented by the padlock icon, and the input data (cleartext) and output
data (ciphertext) are shown as document icons.
In the software-based cryptography on the left, all the components
(i.e., algorithm, key, cleartext, ciphertext) reside in unprotected mem-
ory and are susceptible to duplication, modification, or substitution.
The m ost susceptible element is the cryptographic key. A duplicated
symmetric key allows an adversary to recover all encrypted data. A
duplicated asymmetric private key allows an adversary to falsely gen-
erate digital signatures that would be attributed to the computer
owner. A substituted or modified public key would allow a man in the
middle attack, such that the adversary could intercept and change
e-mails or transaction data undetected by the sender or receiver.
In the hardware-based cryptography on the right, the brick wall repre-
sents physical and logical barriers where data is allowed to pass while
the algorithm and key are kept secure in the protected memory of a
tamper-resistant security device. Thus, hardware-based cryptography
ensures the confidentiality, integrity, and authenticity of cryptographic
keys and, further, provides assurance regarding the integrity and
authenticity of the cryptographic algorithm, which reinforces the over-
all level of security.
Irrespective of whether a particular application is using hardware- or
software-based cryptography, the computer on which the application
runs operates in both physical and logical environm ents that possess
their own security characteristics ranging from uncontrolled to highly
controlled. H ence, key management policy and practices must
address the balance among operational requirements, the use of spe-
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
F ig u r e 2 : S of t w a r e - v e r s us H a r d w a r e - B a s e d C r y p t o g r a p h y
5ANS X9.49 Secure Rem ote Access to Financial Services.
Software-Based Cryptography
U nprotected M emory
Clear-
text
Cipher
-text
Clear-
text
Cipher
-text
U nprotected
Hardware-Based Cryptography
Protected M emory
Clear-
text
Cipher
-text
-
7/28/2019 KPMG_wp
8/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 7
cialized devices, and the environmental security controls. Figure 3:
Key M anagem ent Risk Factors depicts the interdependency between
environmental and device controls.6
The xaxis represents the environmental controls, ranging from
uncontrolled (no security) to a controlled environment (highest secu-
rity). U ncontrolled environments are public places (e.g., restaurants)
where access control is not practical. Partially controlled environ-
ments are those where limited access can be assumed (e.g., a per-
sons home) or restricted (e.g., office) via a sim ple physical token (e.g.,
house key, employee badge). Controlled environments are those
where restricted access is actively enforced (e.g., data center) via
stronger authentication methods (e.g., key pads, biometrics, smart
cards) and monitoring either directly with human guards or indirectly
with surveillance cameras.
The yaxis represents device-level controls ranging from a general-pur-
pose device (low security) to a specialized device (highest security).
G eneral-purpose devices are desktop and laptop computers running
open platform operating systems (e.g., M icrosoft W indows 2000)
and numerous applications, including software-based cryptography.
D edicated devices are typically general-purpose devices with compu-
tational capability to run some restricted applications and software
cryptography (often, co-processors are used), often take advantage of
removable media (e.g., smart card) to enable strong authentication of
administrative staff, and may provide tamper-evident packaging (e.g.,
point of sale terminal). Specialized devices are restricted to perform-
ing cryptographic functions within a tamper-resistant housing (e.g.,
hardware security module) to enforce key management policy and
practice schemes, such as key separation. These devices are often
certified using established criteria in an accredited laboratory environ-
ment (e.g., the N ational Institute of Standards and Technologys
N IST /NVL AP validation program using FIPS P UB 140-2 Security
Requirem ents for Cryptographic M odules,7 the joint NIST/NSA NIAP
program using IS O /IEC 15408 Com m on Criteria for Inform ation
Technology Security Evaluation).8
Figure 3: Key M anagem ent Risk Factors shows four zones where the
environments (uncontrolled, partially controlled, and controlled) inter-
sect with the device types (general-purpose, dedicated, and special-
ized). The zones are described as follows:
Zone 1 represents the lowest security with the highest risk sce-
nario where a general-purpose (or dedicated) device is operated
in an uncontrolled (or partially controlled) environment, such as a
personal computer in a persons home. For low-value (and typi-
cally low-volume) transactions this may be sufficient depending
on the business risk assessment.
Zone 2 represents a scenario where a general-purpose (or dedi-
cated) device is operated in a controlled environment. The con-
trolled environment offers higher security and therefore lower risk
than Zone 1; however due to the nature of the device, manual
key management procedures must be relied on, and these man-
ual key management procedures should therefore be integrated
with operational and environmental controls. For low-value trans-
actions this should be sufficient depending on the business risk
assessment.
Zone 3 represents a scenario where a specialized device is oper-
ated in an uncontrolled (or partially controlled) environment, such
as an ATM . For higher-value transactions (e.g. , deposit, with-
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
F ig u r e 3 : Ke y M a n a g e m e n t R is k F a c t o rs
6ISO 13491 Banking Secure Cryptographic Devices (Retail).
7 For m ore inform ation, see w w w .nvlap.nist.gov. N ote that FIPS P U B 140-1 w ill be
phased out and it is expected that all certifications w ill be transitioned to FIPS PUB
140-2 w ithin 12 m onths of its approval date of M ay 25, 2001.
8 For m ore inform ation, see w w w .niap.nist.gov.
Specialized
D evice 3 4
1 2
D edicated
D evice
G eneral
Purpose
D eviceUncontrolled Partial Controlled
Y=DeviceControls
X =Environmental Controls
-
7/28/2019 KPMG_wp
9/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 8
drawal, funds transfer), this may be sufficient depending on the
business risk assessment. Note that in addition to the higher
security, the specialized device will typically increase the applica-
tions transaction throughput as the computationally intense
cryptography is off-loaded from the m ain processor to the
specialized device.
Zone 4 represents the highest security with the lowest risk
where a specialized device is operated in a controlled environ-
ment, a combination often employed at a certification authority.
Environmental controls may include multi-factor authentication
(e.g., smart cards and biometrics) for administrative personnel,
enforced dual control where one person is never allowed unsu-
pervised access to the device, and sign in/out log sheets with
monitored surveillance cameras. Device controls would include a
tamper-resistant security module enforcing key confidentiality and
separation, dual control, and, potentially, tamper detection and
active countermeasures (e.g., automatic key erasure). Such
devices and environmental security controls exist at most finan-
cial institutions and network processing centers, and at many mil-
itary installations.
Tomorrows key management challenges are in Zone 2 and Zone 3.
The increasing focus on overall system security lies behind the gen-
eral trend of moving away from general-purpose devices operating in
uncontrolled environments (Zone 1) to the use of specialized devices
operating in controlled environments (Zone 4). However, it is impor-
tant to realize that as security controls increase on the x axis or the y
axis, so does the cost of implementation. Hence, depending on a
business risk assessment, alternatives in either Zone 2 or Zone 3
may provide an acceptable alternative. There are already dedicated
devices (e.g., Web servers) operating in partially controlled environ-
ments, but as the demand for higher security increases, there will be
an increase in use of specialized devices. The challenges of using spe-
cialized devices operating in uncontrolled or partially controlled envi-
ronments include the capability and capacity to securely deploy and
operate large numbers of these devices at remote or mobile locations
while maintaining proper key management controls.
K E Y M A N A G E M E N T T R E N D S
The ability to determine that adequate key management controls are
in place requires periodic review of key management policies, prac-
tices, and procedures against some established criteria. In many
cases, an examination of the key management policies, practices, and
procedures by an independent third party is also necessary. For exam-
ple, most financial networks and associations require that financial
institutions and processors undergo a periodic examination of their
key management policies, practices, and procedures by a professionalsecurity consultant or audit practitioner, similar to financial audits. In
the past several years, these security exams have become common-
place and are now being performed more frequently by professional
practitioners licensed by organizations such as the Am erican Institute
of C ertified Public Accountants (A IC PA ) and the C anadian Institute of
Chartered Accountants (CI CA ).9
The advent of commercially available cryptography and the wide-
spread acceptance of the Internet as the primary electronic com-
merce vehicle have sparked numerous initiatives embodying various
cryptographic protocols and other technologies (e.g., smart cards, bio-
metrics). Cryptography is becoming more and more integrated into
network architectures, such as through the deployment of SSL,IPSec, and VPN protocols. Cryptography is also being widely adopted
as a component of mainstream business applications such as secur-
ing e-mail using encryption and digital signatures, encrypting data
stored on laptops, and protecting databases, and as part of emerging
applications such as digital rights management and bank card pay-
ment systems (e.g., smart cards).
As the use of cryptography continues to increase, several trends are
emerging:
Hardware-based cryptography for added security. Currently,
many initiatives in the proof-of-concept (PoC) stage use software-
based cryptography that is intended to be a temporary solution
and does not promote sound key management policies, prac-
tices, and procedures. A s these PoC projects transform into pilots
or permanent production systems, these software-based solu-
tions will m igrate to cryptographic hardware or otherw ise require
extensive manual key management procedures to compensate
for the inherent weaknesses of software-based cryptography. In
either case, current key management controls will undergo
restructuring and redesign, and controls will be created where
none exist.
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
9 For m ore inform ation, visit w w w .aicpa.org or w w w .cica.ca.
-
7/28/2019 KPMG_wp
10/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 9
High scalability for diverse applications.The sheer proliferation
of cryptography will dramatically increase the number of crypto-
graphic keys generated, distributed, installed, used, and eventu-
ally terminated. This proliferation will stress the scalability of key
management software and the key storage mechanisms that will
be forced to manage more and more cryptographic keys.
Application-specific security policies to reflect business risk.
The increasing diversity of business applications using crypto-
graphic functionality (e.g. , data encryption, message authentica-
tion, digital signatures, secure time stamping, and transaction
authorization) will likewise require distinct security policies and
key management practices that are tailored to each unique busi-
ness application. As security applications are introduced and new
online services launched, it will be important to assess the
sources of risk and cost of compromise on a case-by-case basis
in order to define the appropriate security policies.
New algorithms and policies to suit new applications.The
multiplicity of application and host environments including wire-
less, and handheld devices, such as laptops, cellular phones, and
personal digital assistants may ultimately drive the use of various
new cryptographic algorithms and communication protocols,
many of which are not interoperable. Numerous algorithms (e.g.,
EC C, A ES) are specified in recent standards and wi ll drive a
requirement for flexible key management practices that can, if
necessary, be algorithm independent. Furthermore, bandwidth
limitations and storage capabilities will affect where, when, and
how keys are generated and distributed.
Remote key management to reduce administrative burden.
The widespread distribution of cryptographic keys will require
remote key management methods and techniques to enforce key
separation and provide automatic key synchronization between
geographically dispersed systems. Remote key management wi ll
be problematic, as keys must be managed from a centralized site
in some cases and multiple sites in other cases as evolving busi-
ness requirements and globalization issues dictate. The ability
to securely administer cryptographic keys and devices from
a remote location will become an important feature of any
security architecture.
Delegation of authority and automated systems.This same
propagation of cryptography illustrates that key management will
migrate from security officers with specialized skills and experi-
ence to operational staff with more general knowledge and less
appreciation for sound key management practices. Therefore,
more automated key management tools coupled with remote key
management capability will emerge. Such automation will pro-
mote the use of software "trusted agent" tools that may be devel-
oped by one company, installed at a second company, and
operated by yet another "trusted" third party.
Regulatory and statutory criteria. M ore and m ore industries
and governments are adopting requirements, guidelines, or speci-
fications for securing electronic data. Examples include the
European Union 1995 D ata Protection Directive, the U.S. 1996
Federal Healthcare Insurance Portability and Accountability Act
(H IPAA ), the M asterCard International and Visa International 1997
Secure Electronic Transaction ( SET ), the 1998 Identrus LLC secu-
rity authentication framework specification, and the U.S. 2000
Federal Electronic Signature Act (E-Sign). These and many other
initiatives wi ll lead to a broad awareness of security issues and
will help to establish a common understanding of countermea-
sures that can be taken.
Real-time audit functionality. As more and more reliance is
placed on automated key management tools used by less-trained
operators in m ore complicated and distributed environments, the
need for independent examination of how those tools are being
used will need to increase. These examinations will move away
from traditional latent audits and migrate toward real-time audit-
ing with online information feeds that will enable specialized pro-
fessionals to assess the relevant controls and ensure compliance
to the stated security policies.
The increased use of cryptography will affect how and where key man-
agement is performed, and will require new tools and methods that
are still emerging. A t the same time, the ability to assess the security
features and verify the effectiveness of the security practices of these
new methods is still a necessary ingredient for reducing business risk.
There is always a need to balance among operational effectiveness,
tim eliness, and adequacy of security. K ey management is an essen-
tial ingredient of maintaining sufficient security. This m eans that those
individuals involved in daily operations have to be prepared and prac-
ticed for planned events (e.g., key generation) and unexpected
events (e.g., disaster recovery). Therefore, key management policy,
practices, and procedures are needed to ensure operational and
security continuity.
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
-
7/28/2019 KPMG_wp
11/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 0
P O L I C Y , P R A C T I C E S ,
A N D P R O C E D U R E S
A ll organizations must disclose their business practices to some
degree. Publicly held companies are required to disclose certain busi-
ness practices, while privately held organizations primarily share their
business practices with board members, employees, and customers.
O ften, key managem ent and security policy and practices are not
publicly disclosed unless it is in the organizations best interest to do
so, such as in the case of a certification authority. R egardless of busi-
ness disclosure practices, key management policies, practices, and
procedures are at the heart of achieving and maintaining sound
key management.
Key management policies define the organizations overriding require-
ments and strategy for the secure administration of cryptographic
keys throughout a keys life cycle. Similarly, key management prac-
tices describe the organizations tactics to achieve those strategic pol-
icy goals. Key management procedures are the documented
step-by-step tasks necessary for the secure daily cryptographic oper-
ations within an organization. C learly it is in the best interest of any
organization to establish and promote sound key management poli-
cies, practices, and procedures. The challenge in fulfilling these goals
is to remain flexible enough to respond to the inevitable key manage-
ment diversity, scalability, and extensibility issues that have been
identified as trends in this paper. The following sections begin by
describing the approach to policy setting at the business level fol-
lowed by an overview of how this translates into a series of environ-
mental controls. The section concludes with a review of specific key
management practice statements, and introduces the key generation
ceremony10 as an example of an operational procedure that em bodies
these various policies and practices.
B U S I N E S S P R A C T I C E
D I S C L O S U R E S
This topic deals with an organizations policies regarding the disclo-
sure of its key management and information privacy practices. A n
example of such a policy is a certification authoritys Certificate
Practice Statement (CPS), which defines its business practices. Any
service organization whose offerings or business applications employ
any form of cryptography should have available business practice dis-
closures addressing their key management policy and practices.
The benefits of having such disclosures are that a company can:
Provide a level of assurance to its business partners and cus-
tomers that its key management practices are sound, and as
such im ply that the organization has undertaken reasonable
efforts to secure its systems and business applications.
Provide documentation whereby its key management practices
can be evaluated or tested to establish compliance with external
standards, such as those defined to establish industrywide inter-
operability (e.g., the Identrus LLC framework specification for the
international banking community).
Satisfy legislative or regulatory requirements regarding due dili-
gence and subsequent business disclosure for key managem ent
practices (e.g., EU D ata Protection Directive, H IPA A ).
The appropriate level of detail for an organizations disclosures must
be individually determined by each organization, taking into account
federal, state, and local legislative requirements; industry regulations;
potential legal liability; and business risk in the marketplace.
Business practice disclosures should do the following:
Define the various comm unities of interest that rely on or interact
with the organization wherever cryptography and, hence, key
management is used. For each community of interest, the typeof interaction (e.g., Web site) available, the type of cryptography
(e.g., SSL, PKI) used, and the corresponding key management
schemes em ployed (e.g. , certificates) should be described. This
may include descriptions of the relevant industries, business part-
ners, or customer markets.
2 0 0 2 K P M G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
10ANS X9.79 PKI Practices and Policy Fram ew ork, and AICPA/CICA W ebTrustSM /TM
Program for Certification Authorities.
-
7/28/2019 KPMG_wp
12/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 1
Provide the appropriate contact information (e.g., name, depart-
ment, mailing address, phone number, e-mail address) for the
individual(s) responsible for key management practices for each
community of interest. This should include notif ication and escala-
tion procedures for lost or stolen equipment. W here crypto-
graphic devices or keys have been widely deployed and local or
regional operational staff has been assigned to emergency
response team s, this information is essential.
Define the obligations of all participating parties and any applica-
ble provisions regarding apportionment of liability or financial
responsibility resulting from security breaches due to known or
suspected key compromise. For example, a service provider
might process transactions using equipment outsourced to a sec-
ond entity, which includes a cryptographic device that contains
keys belonging to the service provider, while its key management
is outsourced to a third entity.
Define the environmental control policies relative to all partici-
pants. This should describe or entail an approval process for
acceptable physical security (e.g., locked doors and restricted
access), facility and system access controls (e.g., employee
badges, passwords, and biometrics), and business continuity
controls (e.g., site locations, power requirements, media storage,
and off-site backup).
Define the key and certificate (where appropriate) life cycle man-
agement control policies relative to all participants for any crypto-
graphic key generated, stored, or used by the organization. This
should describe or entail an approval process for the acceptable
cryptographic algorithms, key strengths and crypto-periods, key
management protocols, and cryptographic hardware. For exam-
ple, there will be long-term digital signature keys for legal docu-
ments as well as short-term digital signature keys for access
control. The relevant standards (e.g., ANSI, ISO , I ETF) should
also be identified.
Define the organizations policies regarding the publication, revi-
sion, and distribution of the business practice disclosures, includ-
ing intellectual property protection mechanisms (e.g., copyrights).
E N V I R O N M E N T A L C O N T R O L S
This topic deals with an organizations policies and practices regarding
environmental controls, including information security, asset classifi-
cation and management, personnel security, physical access controls,
operations management, system access controls, system develop-
ment and maintenance, business continuity management, monitoring
and compliance, and event handling. Environmental control informa-
tion should be disclosed to allow relying parties to assess whether the
organization maintains sufficient controls to meet their businessrequirements outlined on the following pages.
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
-
7/28/2019 KPMG_wp
13/25
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 2
E n v ir o n m e n t a l C o n t r o ls
Environmental Activity Control Objective for Environment Activities
Policy authority and practices O rganization has established and operates a policy authority to create and revise key
management policy and practices, including:
Roles and responsibilities (e.g. , comm ittee chair, vice chair, secretary)
Titles and departments (e.g., vice president of internal audit)
Revision and publication practices
Information security practices O rganization has documented and distributed its security practices and maintains controls to
provide reasonable assurance that information security is properly managed according to its security
practices, including:
Registration and enrollment methods
Authentication and authorization methods
Distribution and affidavit m ethods
References to asset classification practices
Asset classification practices O rganization has established an asset classification scheme and all assets (e.g., equipment, data,
facilities, personnel) have been properly identified and labeled, including:
Security requirements for protecting each discrete category
Security mechanisms for protecting each discrete category
Personnel security practices O rganization maintains controls over personnel and hiring practices to support the trustworthinessof the organization, including:
Credentials validation
Nondisclosure agreements
O ther verification methods for sensitive positions (e.g., security officer)
Physical security practices O rganization maintains controls for physical access to sensitive areas and equipment is limited to
properly authorized individuals, and the facilities are protected from environmental hazards, natural
or otherwise, including:
Passive physical barriers
Active intruder detection systems
Physical access controls
References to relevant documentation (e.g. , business continuity plan)
O perations management practices O rganization maintains controls to ensure the correct and secure operation of IT systems, including:
Systems failures prevention or detection mechanisms
Viruses and m alicious software protection
Incident reporting and response escalation practices
Theft or inadvertent damage of m edia or other hardware
References to relevant documentation (e.g. , business continuity plan)
-
7/28/2019 KPMG_wp
14/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 3
Key management trends will challenge current environmental prac-
tices as the use of portable devices in untrustworthy environments
continues to increase. A trustworthy and controlled environment oper-
ated by one entity does not necessarily translate to an environment
trusted by another entity.
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
E n v ir o n m e n t a l C o n t r o ls
Environmental Activity Control Objective for Environment Activities
System access practices O rganization maintains controls to limit system access to properly authorized individuals, including:
U ser access controls
Network access controls
O perating system access controls
A pplication access controls Authentication mechanisms (e.g., passwords, tokens, biometrics)
References to relevant documentation (e.g., A NSI, systems m anuals)
Systems development and O rganization maintains controls to properly authorize systems development and maintenance
maintenance practices activities, including:
Software development life cycle (SD LC )
U se of cryptography
Separation between cryptographic test keys and production keys
Business continuity practices O rganization maintains controls to provide reasonable assurance of continuity of operations in the
event of a disaster, including:
Key management controls during the execution of a recovery plan
References to relevant documentation (e.g., business continuity plan)
M onitoring and compliance practices O rganization maintains controls to ensure that its m onitoring and compliance methods satisfy
legislative or regulatory requirements, including:
Event journals
Backup and recovery of event journals
Security controls to protect the journals from unauthorized destruction, tampering, or replacement
References to relevant documentation (e.g. , information security, asset classification, system
access)
-
7/28/2019 KPMG_wp
15/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 4
K E Y M A N A G E M E N T
L I F E C Y C L E C O N T R O L S
This topic deals with an organizations policies and practices regarding
the management of private asymmetric keys, symmetric keys, and
other types of keying material (e.g., pseudo-random number generator
seed values), including cryptographic hardware management. Key
management li fe cycle control information should be disclosed to allow
relying parties to assess whether the organization maintains sufficient
controls to meet its business requirements in the following areas:
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
K e y M a n a g e m e n t L if e C y c l e C o n t r o ls
Key Management Activity Control Objective for Key Management Activities
Key generation practices Cryptographic keys are generated in accordance with industry standards, including:
Random or pseudo-random number generation
Prime number generation
Key generation algorithms
Hardware and software components
Adherence to all relevant standards
References to the key generation procedural documentation
Key storage, backup, and Asymmetric private keys and symmetric keys remain secret and their integrity and authenticity is
recovery practices retained, including
Key separation mechanisms
Hardware and software components
Adherence to all relevant standards
References to key storage, backup, and recovery procedures
Business continuity management documentation
Key distribution practices Secrecy of asymmetric private keys, symmetric keys, and keying material, and the integrity and
authenticity of all keys and keying material are maintained during key distribution, including:
Initial key distribution processes Subsequent key replacement processes
Key synchronization mechanisms
Adherence to all relevant standards
References to the key distribution procedural documentation
-
7/28/2019 KPMG_wp
16/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 5
Key management trends will affect all aspects of the key manage-
ment life cycle as the origination, usage, and location of keys become
more diverse. Remote and automated key management mechanisms
will proliferate in the near term and eventually be standardized.
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
K e y M a n a g e m e n t L if e C y c l e C o n t r o ls
Key Management Activity Control Objective for Key Management Activities
Key use practices Cryptographic keys are used only for thei r intended purpose, including:
Business applications
Key separation mechanisms
Related crypto-periods
Adherence to all relevant standards References to the business and system description documentation
Key destruction and archival practices A ll active instances of the cryptographic key are properly erased (destroyed) at the end of their
designated crypto-periods and archived keys are handled appropriately, including:
Controls to m aintain confidentiality, integrity, and authenticity
M echanisms to prevent an archived key from being reinstalled
Adherence to all relevant standards
Inclusion of references to the business and system documentation
Cryptographic hardware Access to cryptographic hardware is lim ited to properly authorized indiv iduals, and the hardware is
life cycle practi ces functioning properly. T he descripti on should include:
Controls for the device life cycle (e.g., shipping, inventory controls, installation, init ialization, repair,
and de-installation)
Adherence to all relevant standards
References to device documentation (e.g. , product specifications, users m anual) and certification
(e.g., FIPS 140)
-
7/28/2019 KPMG_wp
17/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 6
C E R T I F I C A T E M A N A G E M E N T L I F E
C Y C L E C O N T R O L S
This topic deals with an organizations policies and practices regarding
secure management of public asymmetric keys, public key certifi-
cates, and attribute certificates, including the use of portable storage
devices such as smart cards. Certificate management life cycle con-
trol information should be disclosed to allow relying parties to assess
whether the organization maintains sufficient controls to meet their
business requirements in the following areas:
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
C e r t i f ic a t e M a n a g e m e n t L if e C y c le C o n t r o ls
Certificate Management Activity Control Objective for Certificate Management Activities
Subscriber registration practices Subscribers are properly identified and authenticated, and certificate request information is accurate
and complete, including:
Internal registration practices
External registration services
Registration authority interfaces
Adherence to all relevant standards
References to registration proceduresCertificate issuance practices Certificates are generated and issued securely and accurately, including:
U se of outsourced services (if appropriate)
Naming conventions and extension fields
Public key validation processes
Adherence to all relevant standards
References to external certificate service documentation (e.g. , letters of agreement, contracts,
other CP S)
Certificate distribution practices Upon issuance, complete and accurate certificates are available to subscribers and relying parties,
including:
O ut-of-band notification processes
D atabases and repositories
Adherence to all relevant standards
References to external distribution or storage services documentation
Certificate revocation practices Certificates are revoked based on authorized and validated certificate revocations requests, including:
O ut-of-band notifications
Certificate revocations list distribution
D atabases and repositories
Adherence to all relevant standards
References to external distribution or repository services documentation
-
7/28/2019 KPMG_wp
18/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 7
Key management trends will significantly impact certificate manage-
ment, particularly the ability to revoke widely distributed certificates.Shorter-term certificates reduce risk exposure but increase the fre-
quency of k ey generation and certificate registration. C ertificate vali-
dation services can reduce the revocation problem but require an
online environment and are somewhat contrary to the original con-
cept of a certificate that can be verified offline.
E X A M P L E K E Y G E N E R A T I O N
C E R E M O N Y
As an illustration for this framework, a description of a key generation
ceremony is included; however it is recomm ended that a detailed key
generation script be developed and followed. Recognizing that the
specific steps for key generation vary significantly across different
applications and organizations, a C A has been chosen as a procedural
example because it is typical of a high-end security application and
has been wi dely tested in the field. G iven the ceremony should take
into account the application software and version number that is to be
implemented, the cryptographic devices that are used, and the orga-
nizations requirements for private key protection and disaster recov-
ery, only a general description is feasible. Each organization must
develop its own customized key management procedures that are
specific to that organizations needs. Appendix B : Key G eneration
Cerem onyprovides an overview of a rudimentary script for the gen-
eration of a CA asymmetric key pair, with additional notes regarding
special consideration for the generation of a root CA key pair.
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
C e r t i f ic a t e M a n a g e m e n t L if e C y c le C o n t r o ls
Certificate Management Activity Control Objective for Certificate Management Activities
Certificate verification practices Certificates and certificate chains are properly verified, including:
Verification mechanisms
Databases and repositories
Adherence to all relevant standards
References to external distribution or repository services documentationToken life cycle practices Initialization, distribution, usage, and termination of portable tokens (e.g., smart cards) are properly
managed, including:
Controls for the token life cycle (e.g. , shipping, inventory controls, installation, initialization,
personalization, and termination)
Adherence to all relevant standards
References to device documentation (e.g. , product specifications, users m anual) and certification
(e.g., FIPS 140)
-
7/28/2019 KPMG_wp
19/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 8
S U M M A R Y
Key management risk factors should be evaluated for every application
that em ploys cryptography. A proper business risk assessment w ill
identify the security requirements needed to protect application data
regarding its confidentiality, integrity, message and entity authenticity,
and even non-repudiation. In circumstances where cryptography is
determined to be a viable security measure, the environmental con-
trols available regarding the protection of the cryptographic hardware,
software, and keys should likewise be evaluated. In applications that
require more than basic security levels for example those that gen-
erate high volumes of transactions or where corruption of individual
transactions represents a tangible financial loss or breach of privacy
specialized cryptographic hardware should be considered as a neces-
sary security control to protect cryptographic keys and keying material.
The use of special-purpose cryptographic hardware can compensate
for environmental control weaknesses, in the context of both internal
and external attacks, and can enhance the security of key management
practices and procedures to achieve desired security levels.
The decision to use cryptographic hardware will, in and of itself, not
guarantee the secure administration of keys throughout their life
cycles. Rather, sound key managem ent policies, practices, and proce-
dures are necessary to ensure the constant supervision of crypto-
graphic keys. The trends discussed in this paper describe some of the
areas that wi ll affect key management. O rganizations that are now or
will be employing cryptography should review their key and certificate
management life cycle practices and environmental practices to
determine that business risks have been sufficiently considered.
The versatility of cryptography as the basis for secure applications will
naturally lead to numerous key management schemes. Therefore
there cannot be a generic set of key management practices and pro-
cedures for all applications or organizations. Thus, every organization
must develop and maintain its own suite of key management policies,
practices, and procedures. Periodic examinations by an independent
third party using industry-recognized standards, such as the A NS
X9.79 PKI Practices and Policy Fram ew orkand the AICPA/CICA
W ebTrustSM /TMProgram for Certification A uthorities, should become an
im portant aspect of risk m anagement, enhancing the trust of employ-
ees, customers, business partners, and other relying parties.
2 0 0 2 K P M G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
All inform ation provided is of a general nature and is not intended to address the
circum stances of any particular individual or entity. Although w e endeavor to pro-
vide accurate and tim ely inform ation, there can be no guarantee that such infor-
m ation is accurate as of the date it is received or that it w ill continue to be
accurate in the future. N o one should act upon such inform ation w ithout appro-
priate professional advice after a thorough exam ination of the particular situation.
-
7/28/2019 KPMG_wp
20/25
-
7/28/2019 KPMG_wp
21/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 2 0
A P P E N D I X B :
K EY G E N ER A T I O N C ER EM O N Y
2 0 0 2 K P M G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
The following is a rudimentary script for the generation of a CA asym-
metric key pair.
L is t o f P a r t ic ip a n t s a n d P r e p a r a t i o n
The participants for a key generation ceremony will vary depending
upon the type of key management scheme employed. Each partici-
pant has a specific role and responsibility, such as:
O peration M anager.This individual is responsible for the equip-
ment and the facility in which the equipment resides, including
computer hardware and software, host security modules (H SM s),
and physical safes to store cryptographic keying m aterial.
Key M anager.This individual is responsible for orchestrating the
key generation ceremony according to the organizations policies
and procedures. This includes scheduling, organizing, and super-
vising the participants before, during, and after the execution of
the key ceremony script per the organizations procedures.
Key A dm inistrators.These individuals are responsible for handling
cryptographic keying material and following the key generation
ceremony script. The actual number of administrators and their
exact duties will vary widely depending on the PK I vendor prod-uct, the cryptographic devices, the key management schema,
and the organizations procedures. For example, if key compo-
nents are used to securely store symmetric keys, at least two
administrators are necessary to maintain split knowledge.
Another schema m ight be the Shamir k -of-n Secret Sharing
Scheme, which requires a subset (k) of all administrators (n) to
perform key management tasks.13 For a 3-of-5 scheme, five
administrators would be necessary.
W itnesses.These individuals are present to observe the key gen-
eration ceremony, but typically do not actively participate in the
actual key management practices. The purpose of witnesses is to
provide a level of assurance that the key generation ceremony
took place under proper controls.
For certain high-assurance applications, such as a root CA, the
Equipment Installation and Initializationprocess may be observed
by an auditor and/or other witnesses and/or videotaped.
Another important aspect of proper preparation is that all participants
practice the key management procedures prior to actual execution.
Performing a key generation walkthrough allows each participant to
gain an understanding of his or her role and responsibilities. A walk-
through is also a good method to identify potential problems so that
procedures can be adjusted accordingly.
E q u ip m e n t I n s t a l la t i o n a n d I n i t i a liz a t i o n
Prior to the start of the key generation ceremony, the CA hardwareand software is properly configured within a controlled environment
that is physically secure. This configuration process should include
installation of the host operating system, smart card, or storage
devices, and CA software from original shrink-wrapped packaging.
O ften, procedures for configuring the C A hardware and software are
provided by the vendor in separate documentation packages.
W it n e s s in g a n d R e c o r d Ke e p in g
All participants observe the key generation ceremony events and one
or more witnesses (potentially including an external auditor) should
make a notation on their copies of the script to indicate whether each
step was successfully performed in accordance with the script, or if
deviations occurred. A t the conclusion of the ceremony, an "official
copy" of the script should be updated by the Key M anager to reflect
any deviations from the planned script prior to having it signed by all
participants and witnesses indicating that the steps were followed as
documented.
H a r d w a r e S e c u r i t y M o d u le I n it i a liz a t io n
Typically, a newly installed HSM is pristine, meaning it does not con-
tain any keying material. Sim ilar to the CA hardware and software, the
HSM must be properly configured within a controlled environment that
is physically secure. Typically, procedures for installing and configuring
the HSM are provided by the vendor in separate documentation.
K e y G e n e r a t io n P r o ce d u r e s
The precise step-by-step procedures wi ll vary greatly depending upon
the P K I vendor product, the cryptographic devices, and the key man-
agement schema. Procedural steps are often grouped into tasks,
causing the K ey M anager to pause the k ey generation ceremony to
ensure that each task (or step) has been completed successfully. This
is part of the witness and record-keeping processes.
13A. Shamir, H ow to share a secret, C omm unications of the AC M 22 (1979), 612-613.
-
7/28/2019 KPMG_wp
22/25
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 2 1
C e r e m o n y E x a m in a t io n a n d V a l id a t io n
W ith regard to the examination of a k ey generation ceremony, the pro-
cedures themselves provide evidence that proper key management
practices were followed. The examination can be concurrent w ith the
key generation ceremony so that a professional practitioner is present
as an observer (witness) during the key generation ceremony.
O therwise, the examination can occur after the fact if sufficient evi-
dence is maintained to demonstrate that appropriate key generation
policies and procedures were followed. For example, if the key gen-eration ceremony were to be videotaped, the professional practitioner
could review the videotape. In addition, a checklist (script) dated and
signed by the key generation ceremony participants should be used
to provide additional evidence that proper key management proce-
dures were followed.
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
-
7/28/2019 KPMG_wp
23/25
2 0 0 2 K P M G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 2 2
A P P E N D I X C :
G L O S SA R Y
Term Description Reference
AES Advanced Encryption Standard www.nist.gov/aes
AICPA American Institute of Certified Public Accountants is the United States
professional practice organization for accountants. www.aicpa.org
ANS American National Standard is an industry standard developed by an
ANSI-accredited standards body, such as the X9 Committee. www.x9.org
ANSI American National Standards Institute is the United States national
standards body registered with ISO as a country member. www.ansi.org
ATM Automated teller machine is an unmanned terminal providing online
access to financial transactions.
CICA Canadian Institute of Chartered Accountants is the Canadian professional www.cica.ca
practice organization for accountants.
Ciphertext Data in its enciphered form. ANS X9.24
ISO 11568
Cleartext Data in its original, unencrypted form. ANS X9.24
ISO 11568
DES Data Encryption Standard is the Federal Information Processing Standard www.nist.gov
(FIPS) Publication 46-1 that defines the data encryption algorithm (DEA).
The DEA is also described in ANS X3.92.
Dual Control A process of using two or more separate entities (usually persons) operating ANS X9.8
in concert to protect sensitive functions or information whereby no single ANS X9.24entity is able to access or use the materials (e.g., cryptographic key). ISO 11568
ECC Elliptic curve cryptography ANS X9.63
ISO ISO is not an acronym, although it is a common belief that it means the www.iso.ch
International Standards Organization. Rather, ISO is a word, derived from
the Greek isos, meaning equal, which is the root of the prefix iso-, such as
isometric and isonomy.
KEK Key enciphering key is a symmetric key generated and used for the sole ANS X9.24
purpose of protecting other symmetric keys (e.g., master key, session key). ISO 11568
MAC Message authentication code is an integrity value that is cryptographically ANS X9.9
derived from a message so that the modification or substitution of either ANS X9.19
can be detected. ISO 16609
NIAP National Information Assurance Partnership www.niap.nist.gov
NIST National Institute of Standards and Technology www.nist.gov
NSA National Security Agency www.nsa.gov
NVLAP National Voluntary Laboratory Accreditation Program www.nvlap.nist.gov
PIN Personal identification number is a 4- to 12-digit number used by financial ANS X9.8
institutions to authenticate their customers at an ATM for cash withdrawal ISO 9564
and at POS devices for debit transactions.
-
7/28/2019 KPMG_wp
24/25
2 0 0 2 K P M
G
L L P
h
U
S
b
f i
f K P M G
I
i
l
S
i
i i
A l l i h
d
P i
d i
h
U
S A
K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 2 3
Term Description Reference
PKI Public key infrastructure is a framework of hardware, software, people, ANS X9.79
processes, and policies that employs digital signature technology to facilitate
a verifiable association between the public component of an asymmetric
public key with a specific subscriber that possesses the corresponding
private key. The public key may be provided for digital signature verification,
authentication of the subject in communication dialogues, and for message
encryption key exchange or negotiation.
POS Point of sale terminal is a merchant device typically consisting of a magnetic
stripe reader, a keypad, a display window, and a telephone dialer for obtaining
credit or debit card authorization.
RC5 Rivest Cipher; symmetric cryptographic algorithm so named for its inventor,
Ron Rivest.
Root CA The CA at the top of the CA hierarchy. ANS X9.79
RSA Asymmetric cryptographic algorithm named for the original paper, R. Rivest,
A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and
Public Key Cryptosystems," Communications of the ACM, 21(2): 120-126,
February 1978.
Split Knowledge A condition under which two or more parties separately and confidentially ANS X9.8
have custody of components of a single key that, individually, convey no ANS X9.24
knowledge of the resultant cryptographic key. ISO 11568
Tamper Evident A characteristic that provides visual evidence that an attack has been ANS X979attempted.
Tamper Resistant A characteristic that provides passive physical protection against an attack. ANS X9.79
-
7/28/2019 KPMG_wp
25/25