One aspect of key management is dealing with what happens when a symmetric cryptographic key is no longer needed. The section ‘Key Replacement, Destruction and Archiving’ within ANSI X9.24-1-2017 explains what needs to happen.
A cryptoperiod is the time period during which a cryptographic key is allowed to be used. Common cryptoperiods range from one to seven days for symmetric cipher keys, However, the standard does not give any concrete indication of what the duration of a cryptoperiod should be.
A well-defined cryptoperiod will limit the amount of exploitable information through cryptanalysis since the key change. Therefore, this is an important protection parameter.
According to ANSI X9.24-1-2017, the factors needed to adequately compute a cryptoperiod, include:
- Key use;
- Key type;
- Key strength;
- Amount of sensitive data being encrypted;
- Key management history;
- Key management method.
Therefore, the standard gives requirements and guidelines about how a key shall be maintained and exploited, “from cradle to grave.” When a cryptoperiod is over, the key will be retired. Once a key is retired, it has to be destroyed. ANSI X9.24-1-2017 mentions that “Keys are destroyed when they are no longer operationally necessary.”
Key destruction must be done in such a way that it ensures no forensic-like process could be used to reconstruct pieces of the destroyed keys. For instance, tools like electronic microscopes are used to perform the extraction of data from damaged sources. ANSI X9.24-1-2017 dictates that such tools have no possible ways to recover the destroyed keys.
Key destruction can be performed by zeroization, if the key is stored inside an SCD (Secure Cryptographic Device) that allows it (typically an HSM), by creating a forced tamper event, like for example, removing all sources of power supply, or if available, using a zerozation function. Cryptographic zeroization implicitly prevents forensic reconstruction of the destroyed key.
For example, in the case of cleartext components stored in TEA bags, a shredding device can be used to turn the paper containing key information into blobs of pulp that cannot ever be recovered
Finally, we must mention key archival. A key can be copied to a separate environment where it will reside as an archive, even after it has been officially terminated and destroyed. Of course, it must never be allowed to come back to the operational environment. The reasons for key archiving is often for forensic reasons, such as if some old ciphered data would need to be deciphered for inspection reasons.
The archiving process is dangerous in terms of security and must be strictly monitored. ”An unauthorized attempt to enter a key or restore a replaced key (e.g., replay) SHALL be precluded or detected.”
ANSI X9.24-1-2017 does not address the way key archiving works.
References and Further Reading
- More articles on Key Blocks (2019 - today), by Dawn M. Turner and Martin Rupp
- More articles on Key Management (2015 - today), by Matt & Peter Landrock, Stefan Hansen, Dawn Turner, and more
- X9 TR34–2012 - Interoperable Method for Distribution of Symmetric Keys using Asymmetric Techniques: Part 1 – Using Factoring-Based Public Key Cryptography Unilateral Key Transport (August 2012), by the American National Standards Institute
- Information Supplement: PIN Security Requirement 18-3 - Key Blocks (2019), by the PCI Security Standards Council
- Read more articles on the ANSI X9.24-1-2017 (2018 - today), by Martin Rupp, Matt Landrock and more
- ANSI X9.24-1-2017 - Retail Financial Services Symmetric Key Management Part 1: Using Symmetric Techniques (2017), by the Accredited Standards Committee X9 (Incorporated Financial Industry Standards), American National Standards Institute
- ASC X9 TR 31-2018 - Interoperable Secure Key Exchange Key Block Specification (2018), by American National Standards Institute (ANSI)