2 min read

ANSI X9.24-1-2017: Key Replacement, Destruction, and Archiving

ANSI X9.24-1-2017: Key Replacement, Destruction, and Archiving

One aspect of key management is dealing with what happens when a symmetric cryptographic key is no longer needed. The section ‘Key Replacement, Destruction and Archiving’ within ANSI X9.24-1-2017 explains what needs to happen.

Key Replacement

New Call-to-actionANSI X9.24-1-2017 describes how to replace cryptographic symmetric keys by involving the notion of a cryptoperiod.

A cryptoperiod is the time period during which a cryptographic key is allowed to be used. Common cryptoperiods range from one to seven days for symmetric cipher keys, However, the standard does not give any concrete indication of what the duration of a cryptoperiod should be.

A well-defined cryptoperiod will limit the amount of exploitable information through cryptanalysis since the key change. Therefore, this is an important protection parameter. 

According to ANSI X9.24-1-2017, the factors needed to adequately compute a cryptoperiod, include:

  • Key use;
  • Key type;
  • Key strength;
  • Amount of sensitive data being encrypted;
  • Key management history;
  • Key management method.

Therefore, the standard gives requirements and guidelines about how a key shall be maintained and exploited, “from cradle to grave.” When a cryptoperiod is over, the key will be retired. Once a key is retired, it has to be destroyed. ANSI X9.24-1-2017 mentions that “Keys are destroyed when they are no longer operationally necessary.”

Key Destruction

Key destruction must be done in such a way that it ensures no forensic-like process could be used to reconstruct pieces of the destroyed keys. For instance, tools like electronic microscopes are used to perform the extraction of data from damaged sources. ANSI X9.24-1-2017 dictates that such tools have no possible ways to recover the destroyed keys.

Key destruction can be performed by zeroization, if the key is stored inside an SCD (Secure Cryptographic Device) that allows it (typically an HSM), by creating a forced tamper event, like for example, removing all sources of power supply, or if available, using a zerozation function. Cryptographic zeroization implicitly prevents forensic reconstruction of the destroyed key.

For example, in the case of cleartext components stored in TEA bags, a shredding device can be used to turn the paper containing key information into blobs of pulp that cannot ever be recovered

Finally, we must mention key archival. A key can be copied to a separate environment where it will reside as an archive, even after it has been officially terminated and destroyed. Of course, it must never be allowed to come back to the operational environment. The reasons for key archiving is often for forensic reasons, such as if some old ciphered data would need to be deciphered for inspection reasons. 

The archiving process is dangerous in terms of security and must be strictly monitored. ”An unauthorized attempt to enter a key or restore a replaced key (e.g., replay) SHALL be precluded or detected.”

ANSI X9.24-1-2017 does not address the way key archiving works.


New call-to-action

References and Further Reading