Symmetric key management
Encyclopedia
Symmetric key management is the key management
of cryptographic
symmetric encryption keys. In a symmetric key algorithm
the keys involved are identical for both encrypting and decrypting a message. Such keys must be chosen carefully, and distributed and stored securely. In any system there may be multiple keys for various purposes. Accordingly, key management is central to the successful and secure use of symmetric key algorithms.
The main characteristics of symmetric key management are:
. It is important, for some algorithms have weak keys which make cryptanalysis
easier, even much easier. DES
, the US Government approved cipher standard has, for instance, four known weak keys. These keys must be known, if they exist, and eliminated from the pool of possible keys. Otherwise, the chief requirement of a key for symmetric cipher use is unpredictability, specifically to any potential attacker. This is somewhat like the case of password
s. Because this is equivalent to high entropy
, and because keys can be thought of as a string of bit
s, the usual technique for generating a key is to select one from a pool of binary
random number
s.
Equivalently, one may say that the output of a key generating function should not support a conclusion about the input.
In either case, the quality of the random number generator used should be as high as possible. This is difficult to achieve in practice. Many key derivation function
s use a mathematical one way function, such as a cryptographic hash functions like MD5
or SHA 1. If used carefully these prevent an attacker from learning the input to the KDF and from guessing it with any better likelihood of getting it correct than chance. Hash function outputs are not random, being deterministically dependent on their inputs, and so their inputs should have high entropy.
Keys are often derived from a password, or more satisfactorily (passwords being unlikely to be randomly chosen) from pseudo random number generator, some of which are also cryptographically secure. Many pseudo random number generators are entirely unsuitable for such a use however, as they are not in fact random, and so do not have high entropy.
. Clear text exchange is quite impractical as any interceptor will immediately learn the key to be used and so will be able to decrypt messages they weren't intended to have access to.
Since the Diffie-Hellman key exchange protocol was published in 1975, it has become possible to exchange a key over an insecure communications channel, which has very substantially reduced the risk of key disclosure during distribution. It is possible, using something akin to a book code, to include key indicators as clear text attached to an encrypted message. The encryption technique used by Richard Sorge
's code clerk was of this type, referring to a page in a statistical manual, though it was in fact a code. The German Army
Enigma
symmetric encryption key was a mixed type early in its use; the key was a combination of secretly distributed key schedules and a user chosen session key component for each message.
In more modern systems, such as Open PGP compatible systems, a session key for a symmetric key algorithm is distributed encrypted by an asymmetric key algorithm. This approach avoids even the necessity for using a key exchange protocol like Diffie-Hellman key exchange.
A more complex method of key exchange involves encapsulating one key within another. It's not clear that this increase security for if one key can be securely exchanged (the encapsulating key), the encapsulated key can presumably be as well. This technique is usually termed Key Wrap
. A common technique uses Block cipher
s and cryptographic hash function
s.
A related method, also more complicated, is to exchange a master key (sometimes termed a root key), and, as needed, derive subsidiary keys, possible for each session, from that key. As with the key wrapping scheme above, this scheme also offers no obvious benefit, for if the master key can be distributed securely, so might the subsidiary keys. When the availability of secure exchange is intermittent, or when keys must be related to each other (i.e., departmental keys are tied to divisional keys, and individual keys tied to departmental keys) this technique may be useful. However, tying keys to each other increase the damage which may result from a security breach as attackers will learn something about more than one key. This reduces entropy, with regard to an attacker, for each key involved.
Key management
Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...
of cryptographic
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
symmetric encryption keys. In a symmetric key algorithm
Algorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
the keys involved are identical for both encrypting and decrypting a message. Such keys must be chosen carefully, and distributed and stored securely. In any system there may be multiple keys for various purposes. Accordingly, key management is central to the successful and secure use of symmetric key algorithms.
The main characteristics of symmetric key management are:
- key generation
- key exchange
- key storage
- key usage
Key generation
Key generation is part of key managementKey management
Key management is the provisions made in a cryptography system design that are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.Key management concerns...
. It is important, for some algorithms have weak keys which make cryptanalysis
Cryptanalysis
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
easier, even much easier. DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
, the US Government approved cipher standard has, for instance, four known weak keys. These keys must be known, if they exist, and eliminated from the pool of possible keys. Otherwise, the chief requirement of a key for symmetric cipher use is unpredictability, specifically to any potential attacker. This is somewhat like the case of password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s. Because this is equivalent to high entropy
Information entropy
In information theory, entropy is a measure of the uncertainty associated with a random variable. In this context, the term usually refers to the Shannon entropy, which quantifies the expected value of the information contained in a message, usually in units such as bits...
, and because keys can be thought of as a string of bit
Bit
A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...
s, the usual technique for generating a key is to select one from a pool of binary
Binary numeral system
The binary numeral system, or base-2 number system, represents numeric values using two symbols, 0 and 1. More specifically, the usual base-2 system is a positional notation with a radix of 2...
random number
Random number
Random number may refer to:* A number generated for or part of a set exhibiting statistical randomness.* A random sequence obtained from a stochastic process.* An algorithmically random sequence in algorithmic information theory....
s.
Equivalently, one may say that the output of a key generating function should not support a conclusion about the input.
In either case, the quality of the random number generator used should be as high as possible. This is difficult to achieve in practice. Many key derivation function
Key derivation function
In cryptography, a key derivation function derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function...
s use a mathematical one way function, such as a cryptographic hash functions like MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
or SHA 1. If used carefully these prevent an attacker from learning the input to the KDF and from guessing it with any better likelihood of getting it correct than chance. Hash function outputs are not random, being deterministically dependent on their inputs, and so their inputs should have high entropy.
Keys are often derived from a password, or more satisfactorily (passwords being unlikely to be randomly chosen) from pseudo random number generator, some of which are also cryptographically secure. Many pseudo random number generators are entirely unsuitable for such a use however, as they are not in fact random, and so do not have high entropy.
Key exchange
Prior to any communication protected by a symmetric key encryption algorithm, both parties (and no one else) must possess the same properly generated key. Formerly, exchange of such a key was extremely troublesome, and was greatly eased by access to secure communications such as a diplomatic bagDiplomatic bag
A diplomatic bag, also known as a diplomatic pouch is a kind of receptacle used by diplomatic missions. The physical concept of a "diplomatic bag" is flexible and therefore can take many forms e.g. an envelope, parcel, large suitcase or shipping container, etc...
. Clear text exchange is quite impractical as any interceptor will immediately learn the key to be used and so will be able to decrypt messages they weren't intended to have access to.
Since the Diffie-Hellman key exchange protocol was published in 1975, it has become possible to exchange a key over an insecure communications channel, which has very substantially reduced the risk of key disclosure during distribution. It is possible, using something akin to a book code, to include key indicators as clear text attached to an encrypted message. The encryption technique used by Richard Sorge
Richard Sorge
Richard Sorge was a German communist and spy who worked for the Soviet Union. He has gained great fame among espionage enthusiasts for his intelligence gathering during World War II. He worked as a journalist in both Germany and Japan, where he was imprisoned for spying and eventually hanged....
's code clerk was of this type, referring to a page in a statistical manual, though it was in fact a code. The German Army
German Army
The German Army is the land component of the armed forces of the Federal Republic of Germany. Following the disbanding of the Wehrmacht after World War II, it was re-established in 1955 as the Bundesheer, part of the newly formed West German Bundeswehr along with the Navy and the Air Force...
Enigma
Enigma machine
An Enigma machine is any of a family of related electro-mechanical rotor cipher machines used for the encryption and decryption of secret messages. Enigma was invented by German engineer Arthur Scherbius at the end of World War I...
symmetric encryption key was a mixed type early in its use; the key was a combination of secretly distributed key schedules and a user chosen session key component for each message.
In more modern systems, such as Open PGP compatible systems, a session key for a symmetric key algorithm is distributed encrypted by an asymmetric key algorithm. This approach avoids even the necessity for using a key exchange protocol like Diffie-Hellman key exchange.
A more complex method of key exchange involves encapsulating one key within another. It's not clear that this increase security for if one key can be securely exchanged (the encapsulating key), the encapsulated key can presumably be as well. This technique is usually termed Key Wrap
Key Wrap
Key Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate cryptographic key material. The Key Wrap algorithms are intended for applications such as protecting keys while in untrusted storage, or transmitting keys over untrusted communications networks...
. A common technique uses Block cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take a 128-bit block of plaintext as input, and output a corresponding 128-bit block of ciphertext...
s and cryptographic hash function
Hash function
A hash function is any algorithm or subroutine that maps large data sets to smaller data sets, called keys. For example, a single integer can serve as an index to an array...
s.
A related method, also more complicated, is to exchange a master key (sometimes termed a root key), and, as needed, derive subsidiary keys, possible for each session, from that key. As with the key wrapping scheme above, this scheme also offers no obvious benefit, for if the master key can be distributed securely, so might the subsidiary keys. When the availability of secure exchange is intermittent, or when keys must be related to each other (i.e., departmental keys are tied to divisional keys, and individual keys tied to departmental keys) this technique may be useful. However, tying keys to each other increase the damage which may result from a security breach as attackers will learn something about more than one key. This reduces entropy, with regard to an attacker, for each key involved.
Key storage
However distributed, symmetric keys must be stored securely to maintain communications security. There are various techniques in use to assist with this. Likely the most common is that an encryption application manages keys for the user and depends on an access password to control use of the key. It is rare to use keys in 'raw' form, that is as a string of bits, most probably because such strings often generate mistakes when handled by humans.Key use
The major issue is length of key use, and therefore frequency of replacement. Because it increases any attackers required effort, keys should be frequently changed. This also limits loss of information, as the number of stored encrypted messages which will become readable when a key is found will be decrease as the frequency of key change increases. Historically, symmetric keys have been used for long periods in situations in which key exchange was very difficult or only possible intermittently. Ideally, the symmetric key should change with each message or interaction, so that only that message will become readable if the key is learned (e.g., stolen, cryptanalyzed, or social engineered).See also
- Key WrapKey WrapKey Wrap constructions are a class of symmetric encryption algorithms designed to encapsulate cryptographic key material. The Key Wrap algorithms are intended for applications such as protecting keys while in untrusted storage, or transmitting keys over untrusted communications networks...
- Key derivation functionKey derivation functionIn cryptography, a key derivation function derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function...
- Pseudorandom function family
- Symmetric key algorithm