CertiGuide to Security+  9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)

4.5.10.1  Multiple Key Pairs (Single, Dual) 1 2 3 4 5 6 4.7  Success Questions

Key Management

You discovered various things about the key management process, such as:

• Keys can be managed by either a central authority or via a distributed system in which each individual (or small groups of individuals, headed by a designated manager) manages their own key; when you use a CA to issue and manage certificates, you are using a centralized model
  
  
• Private keys must be securely stored (it is not unheard-of for companies to keep copies of private keys in vaults or off-site, in case needed for recovery; private keys may be stored in software or in hardware devices specifically designed for secure key storage)
  
  
• Each private key owner is responsible for safeguarding his/her private key so that it does not fall into anyone else’s hands
  
  
• Key escrow, which is the process of keeping a copy of the user’s private key in a centralized location accessible to security administrators, or implementing a mechanism whereby the private key can be recovered without being stored; this allows for future recovery of a key, should it be lost due to hardware issues on the user’s machine, etc.

You learned that there are some interesting issues in key recovery. Since private keys are very sensitive items, and anyone possessing the private key can sign documents claiming to be the person to whom the private key belongs, care must be taken during key recovery. Persons given this privilege should be highly trusted, and careful logs kept to ensure that this privilege is not abused. Because of the significant exposure of single-person key recovery, organizations have come up with a way to use the concept of M-of-N control to require multiple participants in any key recovery operation, reducing risk. M-of-N control involves dividing up a task among multiple people so it cannot be performed by one person acting alone. One key recovery technique using M-of-N control involves issuing each potential key recovery agent a percentage of the private key used for the recovery system, in the form of a token; in order to perform a key recovery, some M of the N authorized people entrusted with these tokens must come together and combine their tokens, to be allowed access to key recovery functions.

You discovered that multiple key pairs can be employed for added security, since a single key pair violates non-repudiation, because of the potential for someone other than the key owner to obtain someone’s private key used to sign documents. With multiple key pairs, each entity is assigned TWO key pairs, a “signing key pair” and an “encryption key pair”. This ensures that if you need to perform key recovery in order to obtain the entity’s private key to decrypt messages sent to them, you can obtain that key without also obtaining the private key that could be used to masquerade as that user’s identity.

4.5.10.1  Multiple Key Pairs (Single, Dual) 1 2 3 4 5 6 4.7  Success Questions