In a retail financial services environment, the compromise of a symmetric cryptographic key is a critical security breach. Such a situation is described by the ANSI X9.24-1-2017 standard. Here, we summarize the ANSI guidance on how to respond if a potential compromise has been identified.
Compromisation of a Cryptographic Key
To begin, if there is any indication that a key has been compromised, it is mandatory that it must be thoroughly investigated.
Here are a few examples of signs that a key might be compromised:
- SCD displaying possible signs that a tamper occurred such as the cover of an HSM is slightly removed, etc.
- Errors with the activity logging
- Some cleartext key components or key shares are found outside of TEA bags
- Records of TEA bags are not well maintained and some information is missing
In general, an indication that a key may have been compromised is when ‘something is going wrong’ or ‘has gone wrong’ in the routine administrative process of key generation, key transportation, key loading, etc.
If the investigation results in finding out that an entire key may have been compromised and that unauthorized people may have knowledge of this key, then it must be considered as compromised.
It must immediately be marked as terminated and then destroyed, as prescribed by the Key ‘Replacement’, ‘Destruction’, and ‘Archiving’ sections ANSI X9.24-1-2017.
We note that, in following the standard, to mark a key as compromised, it is not even needed to have the certainty that the key could have been compromised. There only needs to be a possibility that such an event happened.
If the investigation shows that only parts of a cleartext key could have been compromised, then the key does not need to be marked as compromised. However, in terms of security, the best practice should be to retire it anyway.
The compromisation of a key leads to a series of measures depending on the role it plays. If the key was used for ciphering other keys, then these keys are also compromised, as well for any keys which could have been derived from a compromised key.
The compromisation of a key is likely to result in a “cascade” for the compromisation of many other keys. Therefore, it must be understood to be a serious and highly critical event with strong consequences.
Finally, following a compromised key event, new keys must be generated. Actions must then be taken to inform all the parties actively involved with the compromised keys so that they can take adequate measures.
The compromisation of a key is a major security problem and the ANSI X9.24-1-2017 standard gives many guidelines and directions on how such an event must be treated if it should happen. It is important to note that the standard is adamant that once a key is compromised, all the keys that have been ciphered or generated using that compromised key, must be marked as compromised, as well.
In order to respond to any potential compromise or change in crypto policy, it is crucial to have an adequate key management system that can provide the centralised control needed to rapidly update compromised keys and to mitigate the risks described above.
References, Side Notes and Further Reading
- Read more articles on the ANSI X9.24-1-2017 (2018 - today), by Martin Rupp, Matt Landrock and more
- ANSI X9.24-1-2017 - Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (2017), by the Accredited Standards Committee X9 (Incorporated Financial Industry Standards), American National Standards Institute
-  Triple-DES (TDES) is the standard and the algorithm used by triple-DES is referred to as triple-DEA(TDEA). Practically these are equivalent terms.