Compliance is Never Enough: Encryption & Key Management

by Sarah Harvey / April 25th, 2017

Understanding a Key Management Program

The purpose of this presentation is to give you a foundation of understanding encryption. This webinar will not delve into the math involved, but rather, you will learn about the different types of encryption, key management basics, algorithm uses, and encryption attacks.

First, let’s define and discuss symmetric versus asymmetric encryption. Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. Asymmetric algorithms use different keys for encryption and decryption, and is a form of encryption where keys come in pairs. Usually, but not necessarily, if key A encrypts a message, then B can decrypt it, and if key B encrypts a message, then key A can decrypt it. By listening to the presentation, you will hear examples of how these different algorithms function.

We believe best practices for a key management program include:

  • Fully document your encryption key management program
  • Generate strong keys
  • Ensure secure key distribution
  • Keys must be protected in storage (KEK)
  • Do not encrypt new data with retired encryption keys
  • Replace keys when they are weakened or suspected of a compromise
  • Prevent unauthorized key substitution

Cryptoperiods are a major topic in key management. This webinar discusses risk factors that affect cryptoperiods, like the security life of the data and the strength of the cryptographic mechanisms. When we discuss cryptoperiods, we use the NIST Special Publication 800-57 definition:

  • Limits the amount of information protected by a given key that is available for cryptanalysis
  • Limits the amount of exposure if a single key is compromised
  • Limits the use of a particular algorithm to its estimated effective lifetime
  • Limits the time available for attempts to penetrate physical, procedural, and logical access mechanisms that protect a key from unauthorized disclosure
  • Limits the period within which information may be compromised by inadvertent disclosure of keying material to unauthorized entities
  • Limits the time available for computationally intensive cryptanalytic attacks (in applications where long-term key protection is not required)

The webinar discusses algorithms such as block cypher, stream cypher, Data Encryption Standard (DES), Triple DES, RSA, Blowfish, AES, and Two Fish. Listen to the full presentation to hear Jeff Wilder introduce topics such as disk encryption, encryption attacks, and the Q&A portion. For more information on encryption and key management, contact us today.