Managing Secret Keys

Basic Issues in Secret Key

Management
The data isn’t secret unless the key is
secret
The more random your key, the
harder it will be to guess
Randomness really does not come
easily, especially to computers
Technology : Random Key
Generation
It takes more than 57,000 years to search
for a random 56-bit DES key on a typical
workstation.
If the attackers can focus on the few million
keys your key generator is most likely to
produce, they can try all the possibilities in
less than one minute.
A good key generator will produce keys
that cannot be guessed even if attackers
know how the generator works.
PRNGs
Computers by themselves are poor
resources of unpredictable
numbers.
Mathematicians have produced
many procedures called Pseudo
Random Number Generators
(PRNGs), which generate hard-to-
predict sequence of numbers.
Heart of a strong Crypto System

Good random key generation

System replaces keys often

2-Step Process
Seeding
PRNGs
Random Seeding
Random Seeding

A random seed (or seed state, or

just seed) is a number used to
initialize a pseudorandom number
generator.
Random seeds are often generated
from the state of the computer system
(such as the time), or from a
hardware random number generator.
Hard to guess

Netscape Navigator introduced the

SSL protocol for encrypting data
being passed on a TCP connection
Application : Applied SSL to the
protection of web accesses for
commercial purposes
Contd..
In 1995, set of students reengineered and found
the procedure of working.
Then the later versions of navigators were
protected. (used the current time as the
combination)

Therefore PRNGs are the solution

3- Computer based approach for
Random Data
Monitor hardware that generates the
random data
Collect random data from user
interaction
Collect hard-to-predict data from
inside the computer
Monitor hardware that generates
the random data
:Hardware- based Key Generation

Costly and rare

Full of sensitive electronic Circuits
(having disadvantages physically)
Collect random data from user
interaction

Data can be collected by tracking interactive human

behavior.
E.g.. PGP e-mail package collects key stroke from the
user and measures the time between the keystrokes
to produce random seed value
Collect hard-to-predict data from
inside the computer

Variety of quantities used inside the

computer
E.G.. System clock, Amount of disk
space, free or in use, amount of
queue space

(only lower order bits are used, since

quantity may be predictable if higher
order is used)
PRNGs
Don Knuth describes two Important
properties of sequence numbers…
Uniform Distribution of Keys.
Sequence shouldn’t repeat each
other.
Need Careful design
Two Randomness..

Statistically Random

Cryptographically Random
Preparing Secret Keys for Delivery

Paper
Writable Media
Hardware Docking
Paper Distribution

Low-tech Method
Own strength and weaknesses
Diskettes or other writable media

Administrator shouldn’t see and too

the end user.
Data keys / magnetic cards
Wrong key copying, wrong media,
wrong destination, theft, fire….
Docking Approach

Specific to certain hardware products

Key loading can only take place by
physically attaching the crypto device
to a keying device.
No copies of keys need to exist
outside of the keyed device.
Batch Generation of Keys
Outline of a procedure for generating and
delivering secret keys
>> Identify the types of keys to be generated
& the authorized recipients of them
>>Generate an app. Set of high quality keys
>>Assign the individual keys to the
authorized recipients in your database
>>Generate the keys in the form that limits
their risk of unnecessary disclosure
Database Format for Key
Distribution
Field Name ASCII Data Type Length(bytes) Notes

USAGE Text 50 Must be descriptive to the

receivers

SERIAL_1 Integer 5 Make large enough for the

batch size

CUSTODIAN_1 Text 50 Person to be trusted with

the key

LOCATION_1 Text 250 Identifies the destination

SERIAL_2 Integer 5 Make large enough for the

batch size

CUSTODIAN_2 Text 50 Person to be trusted with

the key

LOCATION_2 Text 250 Identifies the destination

KEY Text 30 Length depends on the key

size & format
Printing Keys on Paper

Opaque Paper
Distinctive paper
Colored Paper
Dissolving Paper