kpmg_wp

7/28/2019 KPMG_wp

1/25

R I S K A N D A D V I S O R Y S E R V I C E S

J A N U A R Y 2 0 0 2

A BS T RA CT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

INT RO DUCT ION . . . . . . . . . . . . . . . . . . . . . . . . . . 2

BACKGROUND. . . . . . . . . . . . . . . . . . . . . . . . . . . 3

K EY M A N A G E M E N T . . . . . . . . . . . . . . . . . . . . . . 4

Key M anagem ent Con tro ls . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . . .. . .5

Key M anagem ent R isk Factors . . . . . . . . . . .. . . . . . .. . . . . .. . . . . . .. .6

Key M anagem ent Trends ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

P O L IC Y, P R A C T I C ES , A N D P R O C E D U R E S . . . . . 1 0

Bus iness Pract i ce D isc los ures . . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . .10

Env i ron m enta l Con tro ls . . . . . . . . .. . . . . .. . . . . . .. . . . . . .. . . . . .. . . . . . .11

Key M anagem ent L i fe Cyc le Con tro ls . . . . . . . .. . . . . .. . . . . . .14

Cert i f i ca t e M anagem ent L i fe Cyc le Con tro ls . . . . . . .. . .16

Exam p le Key Gen era t ion Cerem on y . . . . . . . . . . . .. . . . . .. . . . .17

S U M M A R Y . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 8

Ap pen d ixes. . . . . . . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . .. . . .19

Ap pen d ix A : S t and ards A ct i v i t i es . . . . . . .. . . . . . .. . . . . .. . . . . . .19Ap pen d ix B : Key Genera t ion Cerem on y. . . . . . . . . . .. . . . . . .20

Ap pen d ix C : Glos sary . .. . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . .. . . .22

LIST OF F IGU RES

Figure 1 : Key Li fe Cyc le .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

F igure 2 : Sof tw are- versus Hardw are-Based

Cryp to graph y. . . . . . . . . . . .. . . . . .. . . . . . .. . . . . .. . . . . . .. . . . . . .. . . . . .. . . . . . .. .6

F igu re 3 : Key M anagem ent R isk Facto rs . . . . . . . .. . . . . . .. . .7

K EY M A N A G EM EN T P O L I C Y

A N D P R AC T I C E FR A M EW O R K

7/28/2019 KPMG_wp

2/25

K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1

A B S T R A C T

The secure administration and distribution of cryptographic keys,

called key management, is a necessary and critical aspect of business

risk mitigation. This white paper describes the significance of sound

key management applicable to any application employing cryptogra-

phy. R eaders of this paper should have some fam iliarity with cryptog-

raphy and its ability to protect information via data confidentiality,

entity and data authentication, data integrity, and even non-repudiation.

We have provided a historical perspective of cryptography along with

a discussion of security controls, risk factors, and current trends that

wi ll affect key management processes. A framework of relevant poli-

cies, practices, and procedures is presented regarding business prac-

tice disclosures, key life cycle management, certificate life cycle

management, and environmental controls. A n overview of standards

activities is given, along with an example key generation ceremony.

This paper takes the position that business risk drives the need for

cryptographic solutions, which in turn necessitates establishing and

maintaining sound key management policies and practices.

Cryptographic hardware, although preferred over software-based

solutions due to key management risk factors, can enable good key

management schemes, but documented and sensibly enforced key

management procedures are still necessary. Furthermore, these key

management policies, practices, and procedures should be periodi-

cally reviewed by an independent third party using industry-estab-

lished criteria.

A C K N O W L E D G E M E N T

The support provided by nCipher Incorporated in the development of

this white paper is greatly appreciated.

2 0 0 2 K P M G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

7/28/2019 KPMG_wp

3/25


I N T R O D U C T I O N

Key management is the secure administration of cryptographic keys.

A cryptographic key is merely data, a string of binary zeroes and ones

that enable a cryptographic algorithm to m anufacture ciphertext

output from cleartext input. C ryptographic algorithms can provide

encryption and decryption of information for data confidentiality, mes-

sage authentication codes (M AC s) for data integrity and entity authen-

tication, as well as digital signatures for data integrity, entity

authentication, and non-repudiation. Cryptography is also used in key

management to achieve the confidentiality, integrity, authenticity, and

non-repudiation of cryptographic keys, which is an integral part of

sound key management practices.

There are several ways to securely handle keys and other relevant key-

ing material, and there are even more ways to mishandle and mis-

manage cryptographic keys. Improper key management is a constant

threat to any application employing any form of cryptography, which

dramatically and unnecessarily increases business risk. W ith the advent

of public key cryptography, effective management of keys has become

even more important, particularly in the case of management of pri-

vate keys when integrity and authenticity must be provable to a third

party (i. e., non-repudiation). A new comm unity of users and integra-

tors is relearning the im portance of hardware-based cryptography and

the importance of formal security evaluation and compliance testing. 1

This paper discusses some of the historical aspects of cryptography,

provides an overview of k ey management, and presents some current

trends that will affect the policy and practices for key management. A

synopsis of standards activities is presented, along with an example

key generation ceremony that embodies the secure administration of

cryptographic keys described in this paper.

2 0 0 2 K P M G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

1FIP S PU B 140-2 Security R equirem ents for Cryptographic M odules and ISO 13491

Banking Secure Cryptographic D evices (Retail).

7/28/2019 KPMG_wp

4/25


B A C K G R O U N D

H istorically, symmetric cryptography (dating from Egyptian hiero-

glyphics circa 1900 B.C . to m ore recent use in World Wars I and I I circa

1900 A. D. ) required that the same cryptographic key, which must be

shared between two communicating parties (i.e., the sender and the

receiver), be securely exchanged using manual procedures. Today,

symmetric keys are distributed electronically from the key-generation

point to the operational sites by enciphering these keys with other

symmetric keys called key enciphering keys (KEKs).

The primary issue with symmetric key management schemes is

establishing the first KEK , commonly called the initial key.2 The initial

key, in order to maintain its confidentiality, is typically generated and

securely exchanged as multiple key components. A n organization

must designate trusted individuals as key agents, with each key agent

assigned a single key component. W hen all the components are

securely combined under the supervision of a security officer, the

symmetric key is recreated securely, so that no one individual has

ever viewed or had access to the symmetric key. This labor-intensive

process is still used in todays financial systems.

The advent of asymmetric or public key cryptography provided a par-

tial solution to the init ial symmetric key problem. A symmetric key can

be randomly generated by the sender and encrypted using the public

key of the receiver. The receiver can then decrypt the enciphered sym-

metric key using his or her own private key. Clearly, this simplifies the

process for exchanging the initial symmetric key, however it introduces

to the sender issues regarding the integrity and authenticity of the

receivers public key. Previously, the symmetric key manual procedures

im plicitly provided integrity and authentication between both parties.

Assurance concerning the integrity and authenticity of a receivers

public key can be enhanced by using public key certificates, whereby

the receivers identity is cryptographically bonded to his or her public

key. In this key management practice, the sender relies on the receivers

public key certificate, which has been issued by a trusted third party

called a certification authority(C A ). H owever, life is not so simple as

to have one global CA for everyone and everything on the planet.

O ther issues also affect key management practices. The sheer number

of asymmetric key pairs, public key certificates, and symmetric keys is

dramatically increasing as cryptography proliferates in network infra-

structures, remote devices, and business applications. Furthermore,

cryptographic keys do not last forever; they must be periodically and

securely replaced. The scalability and extensibility issues regarding key

management are creating new challenges that could very well result in

new and interesting problems and innovative solutions.

2 0 0 2 K P M G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

2Some systems use multiple KEK s, but only the very first KEK is the initial key.

7/28/2019 KPMG_wp

5/25


K E Y M A N A G E M E N T

Remem ber that key management is the secure administration and

distribution of cryptographic keys throughout the entire key life cycle.

Keys are generated, distributed, stored, used, recovered, and eventu-

ally terminated or possibly archived. Figure 1: Key Life Cycle depicts

eight stages for a symmetric key or a private asymmetric key (the life

cycles are the same) and seven stages for the asymm etric public key.

The first stage for any key is always Key G eneration, where the sym-

metric key or asymmetric key pair is created. From there, public and

private keys take very different paths.

For an asymmetric private key (and a symmetric key) the next stage

is typically Key Distribution, w here the cryptographic key is securely

transported to one or more operational devices and, potentially,

backup systems. Key D istributi on is possibly the most critical opera-

tion of the key life cycle, and carries the highest risk. The next two

stages, Key Installation and Key Backup, may occur in parallel. Key

Installation is the stage where the key is successfully installed in each

device (e.g., a typical Web farm may employ dozens of servers) at

each operational site. Key Backup is the stage where the key is

securely stored for the unlikely event of key loss due to unexpected

power interruption or hardware failure. Thus, key recovery occurs

when a k ey is securely retrieved from K ey Backup and re-installed in

the Key Installation stage. The next stage is the Key U sage stage,

where the correct key is used for its intended purpose in an opera-

tional environment and where copies of keys used with multiple

devices should be verif iably synchronized. A ll cryptographic keys have

a limited life expectancy; therefore the next stage is Key Termination,

where all instances (including backup) of a key are erased, except for

the possibility of transferring it to the Key Archival stage. A rchived

keys are not kept forever, so eventually an archived key transfers to

the K ey Termination stage. Whenever an archived key is retrieved to

2 0 0 2 K P M G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

F ig u r e 1 : K e y L i f e C y c l e

7/28/2019 KPMG_wp

6/25


verify its previous use, the key moves temporarily to the Restricted

Key Usage stage, and im mediately thereafter is erased, thus migrat-

ing to the K ey Termination stage. A rchived keys should never be used

in an operational environment.

For an asymmetric public key, once the public key has been created in

the Key Pair Generation stage, it should transfer to the Certification

Registration stage. O nce a certificate has been issued by a certif ica-

tion authority, the public key certificate transfers to the Certificate

Repository stage. This stage simply denotes that the certificate is

publicly available. Some protocols specify that the certificate be trans-

mitted along with the transaction when a Certificate Repository is not

used. The certificate then enters the Certif icate U sage stage in paral-

lel with the K ey Usage stage for the asymmetric private key. A ll asym-

metric key pairs have a limited life expectancy; therefore public key

certificates eventually enter the Certificate Expiration stage. However,

unlike K ey Termination, certificates merely expire and there is no secu-

rity or operational necessity to erase any copies of the certificate.

A lternatively, if an asymmetric private key is known or suspected to

be compromised, the private key must be terminated and the certifi-

cate should be automatically revoked, temporarily entering the

Certificate R evocation stage. Eventually, even revoked certificates

expire according to their validity date; therefore even revoked certifi-

cates migrate to the Certification Expiration stage. N ote that there are

other reasons in addition to an asymm etric key compromise for revok-

ing certificates.3

K E Y M A N A G E M E N T C O N T R O L S

There are several universal key management controls that must be

enforced throughout the key life cycle.

1. Private asym m etric keys and sym m etric keys shall only exist in

the following secure forms:4

As cleartext inside the protected mem ory of a tamper-resistant

security module

As ciphertext outside the protected memory of a tamper-resis-

tant security module

As two or more key fragments (e.g., key components, k-of-n

key shares), either in cleartext or ciphertext, managed using

dual control with split knowledge

These three forms ensure that the confidentiality of private asym-

metric and symmetric keys is absolute; no one must ever know

these keys.

2. Public asym m etric keys are unrestricted by definition, therefore

their confidentiality is not necessary; however, the integrity and

authenticity of public asymmetric keys must be established,maintained, and verifiable. Public key certificates bind the users

identity to the public key via the C As signature on the certificate,

and therefore ensure the integrity and authenticity of the certifi-

cate contents, including the public key it contains.

3. Key generation should use only approved algorithms (e.g., X9

standards) for random or pseudo-random number generation and

random prime number generation.

4. Key separation is a security method whereby each key (or key

pair) is generated for a particular purpose and is used for the sole

purpose for which it was intended.

5. Key synchronization is the ability to verify that the same key (e.g.,symmetric or asymmetric private key) is securely stored in one or

more locations without compromising the security of the keys or

the systems.

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

3AN S X9.57 Certificate M anagement, and ISO 15782 Banking Certificate

M anagem ent.

4ANS X9.24 Financial Services Key M anagem ent U sing Sym m etric Cryptography, and

ISO 11568 Banking Key M anagem ent (Retail).

7/28/2019 KPMG_wp

7/25


K E Y M A N A G E M E N T R I S K F A C T O R S

A single, generic set of key management policies and practices that

satisfies these basic controls and can apply to all scenarios is sim ply

not feasible. R ather, a comprehensive set of specific key manage-

ment policies and, especially, practices must be chosen and imple-

mented to effectively and appropriately mitigate the business risks ina given environment.5

Cryptography is based on mathematical algorithms (i .e. , a software

process) and cryptographic keys (i.e., data) running in either special-

ized hardware or as software on a dedicated or general-purpose com-

puter. The more dedicated or specialized the hardware, the higher the

degree of inherent security controls.

Software-based cryptography is where the cryptographic algorithms,

keys, cleartext data, and ciphertext data all reside in the unprotected

memory of a general-purpose computer. Figure 2: Softw are- versus

H ardw are-Based Cryptographydepicts the various components and

highlights the security issues intrinsic in performing software-based

cryptography. In this example, a symmetric encryption key is repre-

sented by the door key icon, the cryptographic algorithm is repre-

sented by the padlock icon, and the input data (cleartext) and output

data (ciphertext) are shown as document icons.

In the software-based cryptography on the left, all the components

(i.e., algorithm, key, cleartext, ciphertext) reside in unprotected mem-

ory and are susceptible to duplication, modification, or substitution.

The m ost susceptible element is the cryptographic key. A duplicated

symmetric key allows an adversary to recover all encrypted data. A

duplicated asymmetric private key allows an adversary to falsely gen-

erate digital signatures that would be attributed to the computer

owner. A substituted or modified public key would allow a man in the

middle attack, such that the adversary could intercept and change

e-mails or transaction data undetected by the sender or receiver.

In the hardware-based cryptography on the right, the brick wall repre-

sents physical and logical barriers where data is allowed to pass while

the algorithm and key are kept secure in the protected memory of a

tamper-resistant security device. Thus, hardware-based cryptography

ensures the confidentiality, integrity, and authenticity of cryptographic

keys and, further, provides assurance regarding the integrity and

authenticity of the cryptographic algorithm, which reinforces the over-

all level of security.

Irrespective of whether a particular application is using hardware- or

software-based cryptography, the computer on which the application

runs operates in both physical and logical environm ents that possess

their own security characteristics ranging from uncontrolled to highly

controlled. H ence, key management policy and practices must

address the balance among operational requirements, the use of spe-

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

F ig u r e 2 : S of t w a r e - v e r s us H a r d w a r e - B a s e d C r y p t o g r a p h y

5ANS X9.49 Secure Rem ote Access to Financial Services.

Software-Based Cryptography

U nprotected M emory

Clear-

text

Cipher

-text

Clear-

text

Cipher

-text

U nprotected

Hardware-Based Cryptography

Protected M emory

Clear-

text

Cipher

-text

7/28/2019 KPMG_wp

8/25


cialized devices, and the environmental security controls. Figure 3:

Key M anagem ent Risk Factors depicts the interdependency between

environmental and device controls.6

The xaxis represents the environmental controls, ranging from

uncontrolled (no security) to a controlled environment (highest secu-

rity). U ncontrolled environments are public places (e.g., restaurants)

where access control is not practical. Partially controlled environ-

ments are those where limited access can be assumed (e.g., a per-

sons home) or restricted (e.g., office) via a sim ple physical token (e.g.,

house key, employee badge). Controlled environments are those

where restricted access is actively enforced (e.g., data center) via

stronger authentication methods (e.g., key pads, biometrics, smart

cards) and monitoring either directly with human guards or indirectly

with surveillance cameras.

The yaxis represents device-level controls ranging from a general-pur-

pose device (low security) to a specialized device (highest security).

G eneral-purpose devices are desktop and laptop computers running

open platform operating systems (e.g., M icrosoft W indows 2000)

and numerous applications, including software-based cryptography.

D edicated devices are typically general-purpose devices with compu-

tational capability to run some restricted applications and software

cryptography (often, co-processors are used), often take advantage of

removable media (e.g., smart card) to enable strong authentication of

administrative staff, and may provide tamper-evident packaging (e.g.,

point of sale terminal). Specialized devices are restricted to perform-

ing cryptographic functions within a tamper-resistant housing (e.g.,

hardware security module) to enforce key management policy and

practice schemes, such as key separation. These devices are often

certified using established criteria in an accredited laboratory environ-

ment (e.g., the N ational Institute of Standards and Technologys

N IST /NVL AP validation program using FIPS P UB 140-2 Security

Requirem ents for Cryptographic M odules,7 the joint NIST/NSA NIAP

program using IS O /IEC 15408 Com m on Criteria for Inform ation

Technology Security Evaluation).8

Figure 3: Key M anagem ent Risk Factors shows four zones where the

environments (uncontrolled, partially controlled, and controlled) inter-

sect with the device types (general-purpose, dedicated, and special-

ized). The zones are described as follows:

Zone 1 represents the lowest security with the highest risk sce-

nario where a general-purpose (or dedicated) device is operated

in an uncontrolled (or partially controlled) environment, such as a

personal computer in a persons home. For low-value (and typi-

cally low-volume) transactions this may be sufficient depending

on the business risk assessment.

Zone 2 represents a scenario where a general-purpose (or dedi-

cated) device is operated in a controlled environment. The con-

trolled environment offers higher security and therefore lower risk

than Zone 1; however due to the nature of the device, manual

key management procedures must be relied on, and these man-

ual key management procedures should therefore be integrated

with operational and environmental controls. For low-value trans-

actions this should be sufficient depending on the business risk

assessment.

Zone 3 represents a scenario where a specialized device is oper-

ated in an uncontrolled (or partially controlled) environment, such

as an ATM . For higher-value transactions (e.g. , deposit, with-

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

F ig u r e 3 : Ke y M a n a g e m e n t R is k F a c t o rs

6ISO 13491 Banking Secure Cryptographic Devices (Retail).

7 For m ore inform ation, see w w w .nvlap.nist.gov. N ote that FIPS P U B 140-1 w ill be

phased out and it is expected that all certifications w ill be transitioned to FIPS PUB

140-2 w ithin 12 m onths of its approval date of M ay 25, 2001.

8 For m ore inform ation, see w w w .niap.nist.gov.

Specialized

D evice 3 4

1 2

D edicated

D evice

G eneral

Purpose

D eviceUncontrolled Partial Controlled

Y=DeviceControls

X =Environmental Controls

7/28/2019 KPMG_wp

9/25


drawal, funds transfer), this may be sufficient depending on the

business risk assessment. Note that in addition to the higher

security, the specialized device will typically increase the applica-

tions transaction throughput as the computationally intense

cryptography is off-loaded from the m ain processor to the

specialized device.

Zone 4 represents the highest security with the lowest risk

where a specialized device is operated in a controlled environ-

ment, a combination often employed at a certification authority.

Environmental controls may include multi-factor authentication

(e.g., smart cards and biometrics) for administrative personnel,

enforced dual control where one person is never allowed unsu-

pervised access to the device, and sign in/out log sheets with

monitored surveillance cameras. Device controls would include a

tamper-resistant security module enforcing key confidentiality and

separation, dual control, and, potentially, tamper detection and

active countermeasures (e.g., automatic key erasure). Such

devices and environmental security controls exist at most finan-

cial institutions and network processing centers, and at many mil-

itary installations.

Tomorrows key management challenges are in Zone 2 and Zone 3.

The increasing focus on overall system security lies behind the gen-

eral trend of moving away from general-purpose devices operating in

uncontrolled environments (Zone 1) to the use of specialized devices

operating in controlled environments (Zone 4). However, it is impor-

tant to realize that as security controls increase on the x axis or the y

axis, so does the cost of implementation. Hence, depending on a

business risk assessment, alternatives in either Zone 2 or Zone 3

may provide an acceptable alternative. There are already dedicated

devices (e.g., Web servers) operating in partially controlled environ-

ments, but as the demand for higher security increases, there will be

an increase in use of specialized devices. The challenges of using spe-

cialized devices operating in uncontrolled or partially controlled envi-

ronments include the capability and capacity to securely deploy and

operate large numbers of these devices at remote or mobile locations

while maintaining proper key management controls.

K E Y M A N A G E M E N T T R E N D S

The ability to determine that adequate key management controls are

in place requires periodic review of key management policies, prac-

tices, and procedures against some established criteria. In many

cases, an examination of the key management policies, practices, and

procedures by an independent third party is also necessary. For exam-

ple, most financial networks and associations require that financial

institutions and processors undergo a periodic examination of their

key management policies, practices, and procedures by a professionalsecurity consultant or audit practitioner, similar to financial audits. In

the past several years, these security exams have become common-

place and are now being performed more frequently by professional

practitioners licensed by organizations such as the Am erican Institute

of C ertified Public Accountants (A IC PA ) and the C anadian Institute of

Chartered Accountants (CI CA ).9

The advent of commercially available cryptography and the wide-

spread acceptance of the Internet as the primary electronic com-

merce vehicle have sparked numerous initiatives embodying various

cryptographic protocols and other technologies (e.g., smart cards, bio-

metrics). Cryptography is becoming more and more integrated into

network architectures, such as through the deployment of SSL,IPSec, and VPN protocols. Cryptography is also being widely adopted

as a component of mainstream business applications such as secur-

ing e-mail using encryption and digital signatures, encrypting data

stored on laptops, and protecting databases, and as part of emerging

applications such as digital rights management and bank card pay-

ment systems (e.g., smart cards).

As the use of cryptography continues to increase, several trends are

emerging:

Hardware-based cryptography for added security. Currently,

many initiatives in the proof-of-concept (PoC) stage use software-

based cryptography that is intended to be a temporary solution

and does not promote sound key management policies, prac-

tices, and procedures. A s these PoC projects transform into pilots

or permanent production systems, these software-based solu-

tions will m igrate to cryptographic hardware or otherw ise require

extensive manual key management procedures to compensate

for the inherent weaknesses of software-based cryptography. In

either case, current key management controls will undergo

restructuring and redesign, and controls will be created where

none exist.

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

9 For m ore inform ation, visit w w w .aicpa.org or w w w .cica.ca.

7/28/2019 KPMG_wp

10/25


High scalability for diverse applications.The sheer proliferation

of cryptography will dramatically increase the number of crypto-

graphic keys generated, distributed, installed, used, and eventu-

ally terminated. This proliferation will stress the scalability of key

management software and the key storage mechanisms that will

be forced to manage more and more cryptographic keys.

Application-specific security policies to reflect business risk.

The increasing diversity of business applications using crypto-

graphic functionality (e.g. , data encryption, message authentica-

tion, digital signatures, secure time stamping, and transaction

authorization) will likewise require distinct security policies and

key management practices that are tailored to each unique busi-

ness application. As security applications are introduced and new

online services launched, it will be important to assess the

sources of risk and cost of compromise on a case-by-case basis

in order to define the appropriate security policies.

New algorithms and policies to suit new applications.The

multiplicity of application and host environments including wire-

less, and handheld devices, such as laptops, cellular phones, and

personal digital assistants may ultimately drive the use of various

new cryptographic algorithms and communication protocols,

many of which are not interoperable. Numerous algorithms (e.g.,

EC C, A ES) are specified in recent standards and wi ll drive a

requirement for flexible key management practices that can, if

necessary, be algorithm independent. Furthermore, bandwidth

limitations and storage capabilities will affect where, when, and

how keys are generated and distributed.

Remote key management to reduce administrative burden.

The widespread distribution of cryptographic keys will require

remote key management methods and techniques to enforce key

separation and provide automatic key synchronization between

geographically dispersed systems. Remote key management wi ll

be problematic, as keys must be managed from a centralized site

in some cases and multiple sites in other cases as evolving busi-

ness requirements and globalization issues dictate. The ability

to securely administer cryptographic keys and devices from

a remote location will become an important feature of any

security architecture.

Delegation of authority and automated systems.This same

propagation of cryptography illustrates that key management will

migrate from security officers with specialized skills and experi-

ence to operational staff with more general knowledge and less

appreciation for sound key management practices. Therefore,

more automated key management tools coupled with remote key

management capability will emerge. Such automation will pro-

mote the use of software "trusted agent" tools that may be devel-

oped by one company, installed at a second company, and

operated by yet another "trusted" third party.

Regulatory and statutory criteria. M ore and m ore industries

and governments are adopting requirements, guidelines, or speci-

fications for securing electronic data. Examples include the

European Union 1995 D ata Protection Directive, the U.S. 1996

Federal Healthcare Insurance Portability and Accountability Act

(H IPAA ), the M asterCard International and Visa International 1997

Secure Electronic Transaction ( SET ), the 1998 Identrus LLC secu-

rity authentication framework specification, and the U.S. 2000

Federal Electronic Signature Act (E-Sign). These and many other

initiatives wi ll lead to a broad awareness of security issues and

will help to establish a common understanding of countermea-

sures that can be taken.

Real-time audit functionality. As more and more reliance is

placed on automated key management tools used by less-trained

operators in m ore complicated and distributed environments, the

need for independent examination of how those tools are being

used will need to increase. These examinations will move away

from traditional latent audits and migrate toward real-time audit-

ing with online information feeds that will enable specialized pro-

fessionals to assess the relevant controls and ensure compliance

to the stated security policies.

The increased use of cryptography will affect how and where key man-

agement is performed, and will require new tools and methods that

are still emerging. A t the same time, the ability to assess the security

features and verify the effectiveness of the security practices of these

new methods is still a necessary ingredient for reducing business risk.

There is always a need to balance among operational effectiveness,

tim eliness, and adequacy of security. K ey management is an essen-

tial ingredient of maintaining sufficient security. This m eans that those

individuals involved in daily operations have to be prepared and prac-

ticed for planned events (e.g., key generation) and unexpected

events (e.g., disaster recovery). Therefore, key management policy,

practices, and procedures are needed to ensure operational and

security continuity.

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

7/28/2019 KPMG_wp

11/25

K E Y M A N A G E M E N T P O L I C Y A N D P R A C T I C E S F R A M E W O R K 1 0

P O L I C Y , P R A C T I C E S ,

A N D P R O C E D U R E S

A ll organizations must disclose their business practices to some

degree. Publicly held companies are required to disclose certain busi-

ness practices, while privately held organizations primarily share their

business practices with board members, employees, and customers.

O ften, key managem ent and security policy and practices are not

publicly disclosed unless it is in the organizations best interest to do

so, such as in the case of a certification authority. R egardless of busi-

ness disclosure practices, key management policies, practices, and

procedures are at the heart of achieving and maintaining sound

key management.

Key management policies define the organizations overriding require-

ments and strategy for the secure administration of cryptographic

keys throughout a keys life cycle. Similarly, key management prac-

tices describe the organizations tactics to achieve those strategic pol-

icy goals. Key management procedures are the documented

step-by-step tasks necessary for the secure daily cryptographic oper-

ations within an organization. C learly it is in the best interest of any

organization to establish and promote sound key management poli-

cies, practices, and procedures. The challenge in fulfilling these goals

is to remain flexible enough to respond to the inevitable key manage-

ment diversity, scalability, and extensibility issues that have been

identified as trends in this paper. The following sections begin by

describing the approach to policy setting at the business level fol-

lowed by an overview of how this translates into a series of environ-

mental controls. The section concludes with a review of specific key

management practice statements, and introduces the key generation

ceremony10 as an example of an operational procedure that em bodies

these various policies and practices.

B U S I N E S S P R A C T I C E

D I S C L O S U R E S

This topic deals with an organizations policies regarding the disclo-

sure of its key management and information privacy practices. A n

example of such a policy is a certification authoritys Certificate

Practice Statement (CPS), which defines its business practices. Any

service organization whose offerings or business applications employ

any form of cryptography should have available business practice dis-

closures addressing their key management policy and practices.

The benefits of having such disclosures are that a company can:

Provide a level of assurance to its business partners and cus-

tomers that its key management practices are sound, and as

such im ply that the organization has undertaken reasonable

efforts to secure its systems and business applications.

Provide documentation whereby its key management practices

can be evaluated or tested to establish compliance with external

standards, such as those defined to establish industrywide inter-

operability (e.g., the Identrus LLC framework specification for the

international banking community).

Satisfy legislative or regulatory requirements regarding due dili-

gence and subsequent business disclosure for key managem ent

practices (e.g., EU D ata Protection Directive, H IPA A ).

The appropriate level of detail for an organizations disclosures must

be individually determined by each organization, taking into account

federal, state, and local legislative requirements; industry regulations;

potential legal liability; and business risk in the marketplace.

Business practice disclosures should do the following:

Define the various comm unities of interest that rely on or interact

with the organization wherever cryptography and, hence, key

management is used. For each community of interest, the typeof interaction (e.g., Web site) available, the type of cryptography

(e.g., SSL, PKI) used, and the corresponding key management

schemes em ployed (e.g. , certificates) should be described. This

may include descriptions of the relevant industries, business part-

ners, or customer markets.

2 0 0 2 K P M G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

10ANS X9.79 PKI Practices and Policy Fram ew ork, and AICPA/CICA W ebTrustSM /TM

Program for Certification Authorities.

7/28/2019 KPMG_wp

12/25


Provide the appropriate contact information (e.g., name, depart-

ment, mailing address, phone number, e-mail address) for the

individual(s) responsible for key management practices for each

community of interest. This should include notif ication and escala-

tion procedures for lost or stolen equipment. W here crypto-

graphic devices or keys have been widely deployed and local or

regional operational staff has been assigned to emergency

response team s, this information is essential.

Define the obligations of all participating parties and any applica-

ble provisions regarding apportionment of liability or financial

responsibility resulting from security breaches due to known or

suspected key compromise. For example, a service provider

might process transactions using equipment outsourced to a sec-

ond entity, which includes a cryptographic device that contains

keys belonging to the service provider, while its key management

is outsourced to a third entity.

Define the environmental control policies relative to all partici-

pants. This should describe or entail an approval process for

acceptable physical security (e.g., locked doors and restricted

access), facility and system access controls (e.g., employee

badges, passwords, and biometrics), and business continuity

controls (e.g., site locations, power requirements, media storage,

and off-site backup).

Define the key and certificate (where appropriate) life cycle man-

agement control policies relative to all participants for any crypto-

graphic key generated, stored, or used by the organization. This

should describe or entail an approval process for the acceptable

cryptographic algorithms, key strengths and crypto-periods, key

management protocols, and cryptographic hardware. For exam-

ple, there will be long-term digital signature keys for legal docu-

ments as well as short-term digital signature keys for access

control. The relevant standards (e.g., ANSI, ISO , I ETF) should

also be identified.

Define the organizations policies regarding the publication, revi-

sion, and distribution of the business practice disclosures, includ-

ing intellectual property protection mechanisms (e.g., copyrights).

E N V I R O N M E N T A L C O N T R O L S

This topic deals with an organizations policies and practices regarding

environmental controls, including information security, asset classifi-

cation and management, personnel security, physical access controls,

operations management, system access controls, system develop-

ment and maintenance, business continuity management, monitoring

and compliance, and event handling. Environmental control informa-

tion should be disclosed to allow relying parties to assess whether the

organization maintains sufficient controls to meet their businessrequirements outlined on the following pages.

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

7/28/2019 KPMG_wp

13/25

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A


E n v ir o n m e n t a l C o n t r o ls

Environmental Activity Control Objective for Environment Activities

Policy authority and practices O rganization has established and operates a policy authority to create and revise key

management policy and practices, including:

Roles and responsibilities (e.g. , comm ittee chair, vice chair, secretary)

Titles and departments (e.g., vice president of internal audit)

Revision and publication practices

Information security practices O rganization has documented and distributed its security practices and maintains controls to

provide reasonable assurance that information security is properly managed according to its security

practices, including:

Registration and enrollment methods

Authentication and authorization methods

Distribution and affidavit m ethods

References to asset classification practices

Asset classification practices O rganization has established an asset classification scheme and all assets (e.g., equipment, data,

facilities, personnel) have been properly identified and labeled, including:

Security requirements for protecting each discrete category

Security mechanisms for protecting each discrete category

Personnel security practices O rganization maintains controls over personnel and hiring practices to support the trustworthinessof the organization, including:

Credentials validation

Nondisclosure agreements

O ther verification methods for sensitive positions (e.g., security officer)

Physical security practices O rganization maintains controls for physical access to sensitive areas and equipment is limited to

properly authorized individuals, and the facilities are protected from environmental hazards, natural

or otherwise, including:

Passive physical barriers

Active intruder detection systems

Physical access controls

References to relevant documentation (e.g. , business continuity plan)

O perations management practices O rganization maintains controls to ensure the correct and secure operation of IT systems, including:

Systems failures prevention or detection mechanisms

Viruses and m alicious software protection

Incident reporting and response escalation practices

Theft or inadvertent damage of m edia or other hardware

References to relevant documentation (e.g. , business continuity plan)

7/28/2019 KPMG_wp

14/25


Key management trends will challenge current environmental prac-

tices as the use of portable devices in untrustworthy environments

continues to increase. A trustworthy and controlled environment oper-

ated by one entity does not necessarily translate to an environment

trusted by another entity.

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

E n v ir o n m e n t a l C o n t r o ls

Environmental Activity Control Objective for Environment Activities

System access practices O rganization maintains controls to limit system access to properly authorized individuals, including:

U ser access controls

Network access controls

O perating system access controls

A pplication access controls Authentication mechanisms (e.g., passwords, tokens, biometrics)

References to relevant documentation (e.g., A NSI, systems m anuals)

Systems development and O rganization maintains controls to properly authorize systems development and maintenance

maintenance practices activities, including:

Software development life cycle (SD LC )

U se of cryptography

Separation between cryptographic test keys and production keys

Business continuity practices O rganization maintains controls to provide reasonable assurance of continuity of operations in the

event of a disaster, including:

Key management controls during the execution of a recovery plan

References to relevant documentation (e.g., business continuity plan)

M onitoring and compliance practices O rganization maintains controls to ensure that its m onitoring and compliance methods satisfy

legislative or regulatory requirements, including:

Event journals

Backup and recovery of event journals

Security controls to protect the journals from unauthorized destruction, tampering, or replacement

References to relevant documentation (e.g. , information security, asset classification, system

access)

7/28/2019 KPMG_wp

15/25


K E Y M A N A G E M E N T

L I F E C Y C L E C O N T R O L S


the management of private asymmetric keys, symmetric keys, and

other types of keying material (e.g., pseudo-random number generator

seed values), including cryptographic hardware management. Key

management li fe cycle control information should be disclosed to allow

relying parties to assess whether the organization maintains sufficient

controls to meet its business requirements in the following areas:

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

K e y M a n a g e m e n t L if e C y c l e C o n t r o ls

Key Management Activity Control Objective for Key Management Activities

Key generation practices Cryptographic keys are generated in accordance with industry standards, including:

Random or pseudo-random number generation

Prime number generation

Key generation algorithms

Hardware and software components

Adherence to all relevant standards

References to the key generation procedural documentation

Key storage, backup, and Asymmetric private keys and symmetric keys remain secret and their integrity and authenticity is

recovery practices retained, including

Key separation mechanisms

Hardware and software components


References to key storage, backup, and recovery procedures

Business continuity management documentation

Key distribution practices Secrecy of asymmetric private keys, symmetric keys, and keying material, and the integrity and

authenticity of all keys and keying material are maintained during key distribution, including:

Initial key distribution processes Subsequent key replacement processes

Key synchronization mechanisms


References to the key distribution procedural documentation

7/28/2019 KPMG_wp

16/25


Key management trends will affect all aspects of the key manage-

ment life cycle as the origination, usage, and location of keys become

more diverse. Remote and automated key management mechanisms

will proliferate in the near term and eventually be standardized.

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

K e y M a n a g e m e n t L if e C y c l e C o n t r o ls

Key Management Activity Control Objective for Key Management Activities

Key use practices Cryptographic keys are used only for thei r intended purpose, including:

Business applications

Key separation mechanisms

Related crypto-periods

Adherence to all relevant standards References to the business and system description documentation

Key destruction and archival practices A ll active instances of the cryptographic key are properly erased (destroyed) at the end of their

designated crypto-periods and archived keys are handled appropriately, including:

Controls to m aintain confidentiality, integrity, and authenticity

M echanisms to prevent an archived key from being reinstalled


Inclusion of references to the business and system documentation

Cryptographic hardware Access to cryptographic hardware is lim ited to properly authorized indiv iduals, and the hardware is

life cycle practi ces functioning properly. T he descripti on should include:

Controls for the device life cycle (e.g., shipping, inventory controls, installation, init ialization, repair,

and de-installation)


References to device documentation (e.g. , product specifications, users m anual) and certification

(e.g., FIPS 140)

7/28/2019 KPMG_wp

17/25


C E R T I F I C A T E M A N A G E M E N T L I F E

C Y C L E C O N T R O L S


secure management of public asymmetric keys, public key certifi-

cates, and attribute certificates, including the use of portable storage

devices such as smart cards. Certificate management life cycle con-

trol information should be disclosed to allow relying parties to assess

whether the organization maintains sufficient controls to meet their

business requirements in the following areas:

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

C e r t i f ic a t e M a n a g e m e n t L if e C y c le C o n t r o ls

Certificate Management Activity Control Objective for Certificate Management Activities

Subscriber registration practices Subscribers are properly identified and authenticated, and certificate request information is accurate

and complete, including:

Internal registration practices

External registration services

Registration authority interfaces


References to registration proceduresCertificate issuance practices Certificates are generated and issued securely and accurately, including:

U se of outsourced services (if appropriate)

Naming conventions and extension fields

Public key validation processes


References to external certificate service documentation (e.g. , letters of agreement, contracts,

other CP S)

Certificate distribution practices Upon issuance, complete and accurate certificates are available to subscribers and relying parties,

including:

O ut-of-band notification processes

D atabases and repositories


References to external distribution or storage services documentation

Certificate revocation practices Certificates are revoked based on authorized and validated certificate revocations requests, including:

O ut-of-band notifications

Certificate revocations list distribution

D atabases and repositories


References to external distribution or repository services documentation

7/28/2019 KPMG_wp

18/25


Key management trends will significantly impact certificate manage-

ment, particularly the ability to revoke widely distributed certificates.Shorter-term certificates reduce risk exposure but increase the fre-

quency of k ey generation and certificate registration. C ertificate vali-

dation services can reduce the revocation problem but require an

online environment and are somewhat contrary to the original con-

cept of a certificate that can be verified offline.

E X A M P L E K E Y G E N E R A T I O N

C E R E M O N Y

As an illustration for this framework, a description of a key generation

ceremony is included; however it is recomm ended that a detailed key

generation script be developed and followed. Recognizing that the

specific steps for key generation vary significantly across different

applications and organizations, a C A has been chosen as a procedural

example because it is typical of a high-end security application and

has been wi dely tested in the field. G iven the ceremony should take

into account the application software and version number that is to be

implemented, the cryptographic devices that are used, and the orga-

nizations requirements for private key protection and disaster recov-

ery, only a general description is feasible. Each organization must

develop its own customized key management procedures that are

specific to that organizations needs. Appendix B : Key G eneration

Cerem onyprovides an overview of a rudimentary script for the gen-

eration of a CA asymmetric key pair, with additional notes regarding

special consideration for the generation of a root CA key pair.

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

C e r t i f ic a t e M a n a g e m e n t L if e C y c le C o n t r o ls

Certificate Management Activity Control Objective for Certificate Management Activities

Certificate verification practices Certificates and certificate chains are properly verified, including:

Verification mechanisms

Databases and repositories


References to external distribution or repository services documentationToken life cycle practices Initialization, distribution, usage, and termination of portable tokens (e.g., smart cards) are properly

managed, including:

Controls for the token life cycle (e.g. , shipping, inventory controls, installation, initialization,

personalization, and termination)


References to device documentation (e.g. , product specifications, users m anual) and certification

(e.g., FIPS 140)

7/28/2019 KPMG_wp

19/25


S U M M A R Y

Key management risk factors should be evaluated for every application

that em ploys cryptography. A proper business risk assessment w ill

identify the security requirements needed to protect application data

regarding its confidentiality, integrity, message and entity authenticity,

and even non-repudiation. In circumstances where cryptography is

determined to be a viable security measure, the environmental con-

trols available regarding the protection of the cryptographic hardware,

software, and keys should likewise be evaluated. In applications that

require more than basic security levels for example those that gen-

erate high volumes of transactions or where corruption of individual

transactions represents a tangible financial loss or breach of privacy

specialized cryptographic hardware should be considered as a neces-

sary security control to protect cryptographic keys and keying material.

The use of special-purpose cryptographic hardware can compensate

for environmental control weaknesses, in the context of both internal

and external attacks, and can enhance the security of key management

practices and procedures to achieve desired security levels.

The decision to use cryptographic hardware will, in and of itself, not

guarantee the secure administration of keys throughout their life

cycles. Rather, sound key managem ent policies, practices, and proce-

dures are necessary to ensure the constant supervision of crypto-

graphic keys. The trends discussed in this paper describe some of the

areas that wi ll affect key management. O rganizations that are now or

will be employing cryptography should review their key and certificate

management life cycle practices and environmental practices to

determine that business risks have been sufficiently considered.

The versatility of cryptography as the basis for secure applications will

naturally lead to numerous key management schemes. Therefore

there cannot be a generic set of key management practices and pro-

cedures for all applications or organizations. Thus, every organization

must develop and maintain its own suite of key management policies,

practices, and procedures. Periodic examinations by an independent

third party using industry-recognized standards, such as the A NS

X9.79 PKI Practices and Policy Fram ew orkand the AICPA/CICA

W ebTrustSM /TMProgram for Certification A uthorities, should become an

im portant aspect of risk m anagement, enhancing the trust of employ-

ees, customers, business partners, and other relying parties.

2 0 0 2 K P M G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

All inform ation provided is of a general nature and is not intended to address the

circum stances of any particular individual or entity. Although w e endeavor to pro-

vide accurate and tim ely inform ation, there can be no guarantee that such infor-

m ation is accurate as of the date it is received or that it w ill continue to be

accurate in the future. N o one should act upon such inform ation w ithout appro-

priate professional advice after a thorough exam ination of the particular situation.

7/28/2019 KPMG_wp

20/25

7/28/2019 KPMG_wp

21/25


A P P E N D I X B :

K EY G E N ER A T I O N C ER EM O N Y

2 0 0 2 K P M G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

The following is a rudimentary script for the generation of a CA asym-

metric key pair.

L is t o f P a r t ic ip a n t s a n d P r e p a r a t i o n

The participants for a key generation ceremony will vary depending

upon the type of key management scheme employed. Each partici-

pant has a specific role and responsibility, such as:

O peration M anager.This individual is responsible for the equip-

ment and the facility in which the equipment resides, including

computer hardware and software, host security modules (H SM s),

and physical safes to store cryptographic keying m aterial.

Key M anager.This individual is responsible for orchestrating the

key generation ceremony according to the organizations policies

and procedures. This includes scheduling, organizing, and super-

vising the participants before, during, and after the execution of

the key ceremony script per the organizations procedures.

Key A dm inistrators.These individuals are responsible for handling

cryptographic keying material and following the key generation

ceremony script. The actual number of administrators and their

exact duties will vary widely depending on the PK I vendor prod-uct, the cryptographic devices, the key management schema,

and the organizations procedures. For example, if key compo-

nents are used to securely store symmetric keys, at least two

administrators are necessary to maintain split knowledge.

Another schema m ight be the Shamir k -of-n Secret Sharing

Scheme, which requires a subset (k) of all administrators (n) to

perform key management tasks.13 For a 3-of-5 scheme, five

administrators would be necessary.

W itnesses.These individuals are present to observe the key gen-

eration ceremony, but typically do not actively participate in the

actual key management practices. The purpose of witnesses is to

provide a level of assurance that the key generation ceremony

took place under proper controls.

For certain high-assurance applications, such as a root CA, the

Equipment Installation and Initializationprocess may be observed

by an auditor and/or other witnesses and/or videotaped.

Another important aspect of proper preparation is that all participants

practice the key management procedures prior to actual execution.

Performing a key generation walkthrough allows each participant to

gain an understanding of his or her role and responsibilities. A walk-

through is also a good method to identify potential problems so that

procedures can be adjusted accordingly.

E q u ip m e n t I n s t a l la t i o n a n d I n i t i a liz a t i o n

Prior to the start of the key generation ceremony, the CA hardwareand software is properly configured within a controlled environment

that is physically secure. This configuration process should include

installation of the host operating system, smart card, or storage

devices, and CA software from original shrink-wrapped packaging.

O ften, procedures for configuring the C A hardware and software are

provided by the vendor in separate documentation packages.

W it n e s s in g a n d R e c o r d Ke e p in g

All participants observe the key generation ceremony events and one

or more witnesses (potentially including an external auditor) should

make a notation on their copies of the script to indicate whether each

step was successfully performed in accordance with the script, or if

deviations occurred. A t the conclusion of the ceremony, an "official

copy" of the script should be updated by the Key M anager to reflect

any deviations from the planned script prior to having it signed by all

participants and witnesses indicating that the steps were followed as

documented.

H a r d w a r e S e c u r i t y M o d u le I n it i a liz a t io n

Typically, a newly installed HSM is pristine, meaning it does not con-

tain any keying material. Sim ilar to the CA hardware and software, the

HSM must be properly configured within a controlled environment that

is physically secure. Typically, procedures for installing and configuring

the HSM are provided by the vendor in separate documentation.

K e y G e n e r a t io n P r o ce d u r e s

The precise step-by-step procedures wi ll vary greatly depending upon

the P K I vendor product, the cryptographic devices, and the key man-

agement schema. Procedural steps are often grouped into tasks,

causing the K ey M anager to pause the k ey generation ceremony to

ensure that each task (or step) has been completed successfully. This

is part of the witness and record-keeping processes.

13A. Shamir, H ow to share a secret, C omm unications of the AC M 22 (1979), 612-613.

7/28/2019 KPMG_wp

22/25


C e r e m o n y E x a m in a t io n a n d V a l id a t io n

W ith regard to the examination of a k ey generation ceremony, the pro-

cedures themselves provide evidence that proper key management

practices were followed. The examination can be concurrent w ith the

key generation ceremony so that a professional practitioner is present

as an observer (witness) during the key generation ceremony.

O therwise, the examination can occur after the fact if sufficient evi-

dence is maintained to demonstrate that appropriate key generation

policies and procedures were followed. For example, if the key gen-eration ceremony were to be videotaped, the professional practitioner

could review the videotape. In addition, a checklist (script) dated and

signed by the key generation ceremony participants should be used

to provide additional evidence that proper key management proce-

dures were followed.

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A

7/28/2019 KPMG_wp

23/25

2 0 0 2 K P M G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A


A P P E N D I X C :

G L O S SA R Y

Term Description Reference

AES Advanced Encryption Standard www.nist.gov/aes

AICPA American Institute of Certified Public Accountants is the United States

professional practice organization for accountants. www.aicpa.org

ANS American National Standard is an industry standard developed by an

ANSI-accredited standards body, such as the X9 Committee. www.x9.org

ANSI American National Standards Institute is the United States national

standards body registered with ISO as a country member. www.ansi.org

ATM Automated teller machine is an unmanned terminal providing online

access to financial transactions.

CICA Canadian Institute of Chartered Accountants is the Canadian professional www.cica.ca

practice organization for accountants.

Ciphertext Data in its enciphered form. ANS X9.24

ISO 11568

Cleartext Data in its original, unencrypted form. ANS X9.24

ISO 11568

DES Data Encryption Standard is the Federal Information Processing Standard www.nist.gov

(FIPS) Publication 46-1 that defines the data encryption algorithm (DEA).

The DEA is also described in ANS X3.92.

Dual Control A process of using two or more separate entities (usually persons) operating ANS X9.8

in concert to protect sensitive functions or information whereby no single ANS X9.24entity is able to access or use the materials (e.g., cryptographic key). ISO 11568

ECC Elliptic curve cryptography ANS X9.63

ISO ISO is not an acronym, although it is a common belief that it means the www.iso.ch

International Standards Organization. Rather, ISO is a word, derived from

the Greek isos, meaning equal, which is the root of the prefix iso-, such as

isometric and isonomy.

KEK Key enciphering key is a symmetric key generated and used for the sole ANS X9.24

purpose of protecting other symmetric keys (e.g., master key, session key). ISO 11568

MAC Message authentication code is an integrity value that is cryptographically ANS X9.9

derived from a message so that the modification or substitution of either ANS X9.19

can be detected. ISO 16609

NIAP National Information Assurance Partnership www.niap.nist.gov

NIST National Institute of Standards and Technology www.nist.gov

NSA National Security Agency www.nsa.gov

NVLAP National Voluntary Laboratory Accreditation Program www.nvlap.nist.gov

PIN Personal identification number is a 4- to 12-digit number used by financial ANS X9.8

institutions to authenticate their customers at an ATM for cash withdrawal ISO 9564

and at POS devices for debit transactions.

7/28/2019 KPMG_wp

24/25

2 0 0 2 K P M

G

L L P

h

U

S

b

f i

f K P M G

I

i

l

S

i

i i

A l l i h

d

P i

d i

h

U

S A


Term Description Reference

PKI Public key infrastructure is a framework of hardware, software, people, ANS X9.79

processes, and policies that employs digital signature technology to facilitate

a verifiable association between the public component of an asymmetric

public key with a specific subscriber that possesses the corresponding

private key. The public key may be provided for digital signature verification,

authentication of the subject in communication dialogues, and for message

encryption key exchange or negotiation.

POS Point of sale terminal is a merchant device typically consisting of a magnetic

stripe reader, a keypad, a display window, and a telephone dialer for obtaining

credit or debit card authorization.

RC5 Rivest Cipher; symmetric cryptographic algorithm so named for its inventor,

Ron Rivest.

Root CA The CA at the top of the CA hierarchy. ANS X9.79

RSA Asymmetric cryptographic algorithm named for the original paper, R. Rivest,

A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and

Public Key Cryptosystems," Communications of the ACM, 21(2): 120-126,

February 1978.

Split Knowledge A condition under which two or more parties separately and confidentially ANS X9.8

have custody of components of a single key that, individually, convey no ANS X9.24

knowledge of the resultant cryptographic key. ISO 11568

Tamper Evident A characteristic that provides visual evidence that an attack has been ANS X979attempted.

Tamper Resistant A characteristic that provides passive physical protection against an attack. ANS X9.79

7/28/2019 KPMG_wp

25/25

kpmg_wp

Documents