IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Communications Remarks
____________________________________________________________________ .........................................
S 6.56 Data backup when using cryptographic
procedures
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT Security Officer
When a company or agency is using cryptographic procedures, it is important
not to neglect the subject of data backup. Apart from the question of how a
backup of the encrypted data should best be performed, it is also necessary to
consider whether the cryptographic keys should be backed up, and if so, how.
It also makes sense to back up the configuration data relating to the crypto
products that are used.
Backing up the keys
Very careful thought must be given to the question of whether and how to
back up the cryptographic keys, because every copy of a key is a potential
weak point.
Nevertheless, there may be various reasons why it is necessary to store
cryptographic keys. A variety of methods can be used for storing keys:
- Storage on a transportable data medium, such as a floppy disk or chip card
(mainly used for distributing or exchanging keys, see S 2.46 Appropriate
key management), for transport purposes
- Storage in IT components which have to have permanent access to
cryptographic keys, for example for communication encryption
- The safekeeping of keys as a precaution against key loss, or as part of
arrangements for substitution
The following points always have to be observed in this connection:
- Cryptographic keys should be stored or kept in safekeeping in such a way
that unauthorised users cannot read them out without this being noticed.
For example, keys could be stored in special security hardware which
automatically deletes the keys in the event of an attack. If they are stored in
software, they should always be protected by a second encryption. It
should be borne in mind that most standard applications which involve
storing keys or passwords in the application generally do this using
techniques that are easy to break. Another possible variant is to use the two
person rule in the storage of keys, in other words dividing a key into two
halves or different parts for storage purposes.
- No copies should be made of communication keys or other short-lived
keys. To rule out the possibility of unauthorised use, there should generally
not be any copies made of private signature keys either. If it is decided to
opt for a key storage solution in software only, i.e. without using a chip
card or similar device, the risk of key loss is increased, for example as a
result of bit errors or a hard disk defect. In this case it may be less costly to
provide a sufficiently secure means of key storage than to inform every
communications partner every time that a key is lost.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000