IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Personnel Remarks
____________________________________________________________________ .........................................
- Key generation: pairs of keys have to be generated for the certification
body and, if appropriate, for users.
- Key certification: the user data, the corresponding public keys and other
data are combined to form a certificate, which is digitally signed by the
certification body.
- Personalisation: the certificate and, if appropriate, the public and private
keys are transferred to a signature component (generally a chip card).
- Identification and registration: the users are identified and registered on
presentation of an identification document.
- Directory service: certificates are held ready for retrieval in a public
directory. In addition, the directory service must provide information on
whether a certificate is blocked or not.
- Time stamp service: it may be necessary to trustworthyly link certain data
to a point of time. To do this, the time is appended to the data and the result
is digitally signed by the time stamp service.
Trust centres can also offer the safekeeping of keys as an additional service if
it is intended to use the cryptographic keys for encryption. In order to ensure
that encrypted data can still be accessed if a key is lost, the owner of the key
(and no-one else) can be given a duplicate key, which is stored securely at the
trust centre.
Key distribution centres
The security of symmetric encryption methods is dependent on whether the
commonly used secret key is only known to the users who are authorised to
access the protected information. In cases where it is necessary to protect
stored data to which only the data’s owners are supposed to have access, this
is relatively easy to guarantee because these owners merely have to protect the
key in such a way that unauthorised users are unable to access it.
The situation is different, however, if it is intended to use a symmetric
encryption method to protect messages that are to be transmitted from a sender
to a recipient via an insecure transmission medium. In this case the secret key
must be available to both the sender and the recipient, i.e. there must be a
possibility of engaging a protected exchange of information between the two
parties. In practice this is often achieved by the encrypted distribution of
communication keys through bodies known as key distribution centres
(KDCs); this involves setting up entire hierarchies of keys that are mutually
interdependent in security terms. The methods used in such instances are in
some cases highly complex and are dependent on a large number of
components for their security, in particular on the physical, organisational,
staff-related and technical security of the KDCs and on the keys agreed for
communication with the KDCs.
If a secret key becomes compromised, in other words if it becomes known to
an unauthorised third party, the result is that the confidentiality of all data is
lost if it has been encrypted with that key or if encryption of the data is
dependent on the key. This is particularly critical if one of the central keys of a
key distribution hierarchy has become compromised.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000