Cryptography
Lesson 10
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
© (ISC)2 ® 2010, All Rights Reserved
For Personal Use of (ISC)2 Seminar Attendee Only
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
CISSP-ISSEP® Bootcamp Seminar v10
Technical Management
Public Key Infrastructure
Chapter 7
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
2
Key Management
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
3
2
Usage Control
5
6
7
Storage
Recovery
Escrow
8
Zeroization
1
3
Creation
Change and Expiry
4
Distribution
Creation
Automated key generation
Truly random
Suitable length
Key encrypting keys
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
4
Key Usage Control
Management has a vested interest in what activities or content may be hidden in cryptographically protected communications or files
They may create a policy that allows management to audit or decrypt encrypted data at their discretion
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
5
Key Change and Expiry
In any environment, plans should be made to update keys periodically
Generating symmetric keys is easy, but delivering them is expensive since you will be delivering [N*(N-1)]/2 keys to N users
Expiry
Expiry ensures that a key is never overused
Expiry based upon:
Amount of traffic
Amount of traffic over time
Time-in-use
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
6
Distribution
Out of band
Public key encryption
Secret key construction
Secret key delivery
Key Distribution Centers (KDC)
Certificates
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
7
Storage
Trusted hardware
Smartcards
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise Distributed Under Any Circumstances
8
Recovery
Split knowledge
Multi-party key recovery (MPR)
© Copyright 2012-2013 (ISC)², Inc. All Rights Reserved.
For Personal Use of (ISC)2 Seminar Attendee Only.
Contents May Not Be Copied or Otherwise.