IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
- There may be different cycles for changing keys.
Distribution and exchange of keys
Cryptographic communications relationships can only work if the
communicating partners have matched cryptographic keys at their disposal.
For this to be possible, all communicating partners must be provided with the
necessary keys. Various procedures can be used for distributing keys and for
exchanging keys. The differences arise from the use of different cryptographic
techniques and mechanisms, or from the combination of such techniques and
mechanisms (see S 2.164 Selection of a suitable cryptographic procedure). In
this case the term key distribution refers to the initial provision of basic keys
to communication partners. For this, the keys are transferred to the individual
communication partners from a (usually central) key generation point, for
example a Trust Center.
The keys should be distributed on suitable data media (e.g. chip cards) or via
communications links (e.g. LAN or WAN) in a form which ensures
confidentiality (e.g. encrypted with a KEK - key encryption key), integrity
(e.g. MAC-secured) and authentication (e.g. with a digital signature in
accordance with the signature law). Gaining unauthorised knowledge of the
keys or corruption of the keys must be prevented, or it must at least be
possible to detect such an event.
The exchange of keys refers to the key agreement procedure between two
communication partners to generate a session key. The session key is a key
that is used for only a limited time, such as for the duration of a
communication connection. This length of time must be specified, because
sessions can last a very long time. The time can be specified by relative
timing, for example, or by a packet counter. A new session key is negotiated
between the communication partners for every new connection.
Advanced systems nowadays make use of asymmetric cryptographic
procedures for key distribution and key exchange. A trustworthy certification
body can be established to prove the authenticity of the public keys. The
communication partners must identify themselves to the certification body and
have their public keys certified there by means of a digital signature from the
certification body. The digital certificate generated in this way should contain
at least the public key and an identification feature specific to the
communication partner, the period of validity of the certificate and the digital
signature from the certification body. Knowledge of the public signature key
of the certification body puts every communication partner in a position to
verify the authenticity of the public key of the other party with whom they are
communicating.
Installing and storing keys
In the course of key installation it is necessary to check the authentic origin
and integrity of the key data. As a general rule, keys should never be stored in
the system in plain form but always in encrypted form. When using software
encryption products, it must be borne in mind that keys are inevitably present
in plain form on the PC system at least temporarily during the
encryption/decryption process. If the IT systems on which the cryptographic
product is being used do not offer adequate access protection for the keys,
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000