CRYPTO BLOG

A collection of cryptographic articles and resources

Simplifying the Complex Process of Auditing a Key Management System for Compliance

01. April 2016 by James H. Reinholm (guest)

This article explains some of the cryptographic key management tasks involved in demonstrating and proving compliance to acceptable standards, and how this process can be simplified by centralization, automation, and adequate preparation.

Read More

Key Management Interoperability Protocol (KMIP): achievements and challenges

23. March 2016 by Dawn M. Turner (guest)

The Key Management Interoperability Protocol standard intends to provide interoperability across various key management environments and hence to reduce costs and increase efficiency of heterogenious cryptographic applications.

However, there are 3 tendencies which challenge the current standard and its interoperability protocol: a) the shift of a big share of internet traffic towards mobile communications, b) the growing Internet of Services with the related service-based communication and c) the advance of cloud computing.

This article first looks at the achievements of KMIP so far, then sheds light on the current challenges to and shortcomings of the protocol and tries to provide answers and solutions to these in the remainder of the article.

Read More

What is Key Management? a CISO Perspective

21. February 2016 by Dawn M. Turner (guest)

Key management refers to managing cryptographic keys within a cryptosystem. It deals with generating, exchanging, storing, using and replacing keys as needed at the user level. A key management system will also include key servers, user procedures and protocols, including cryptographic protocol design. The security of the cryptosystem is dependent upon successful key management.

This article introduces into key management from a perspective of a CISO or any person in charge of maintaining information security within an organization.

Read More

How to Deploy and Manage Cryptography in a Project the Right Way

04. December 2015 by Ashiq JA (guest)

With the ever increasing number of online services and electronic transactions, business owners are becoming ever more dependent on the use cryptography to prevent sensitive information from cyber attackers. Cryptographic implementations are often considered to be a project bottleneck due to its time consuming nature and increasing cost within IT budgets.

In recent years, cryptography has been identified as an area that required further innovation to meet the needs of large businesses. Organizations are facing multiple challenges with the implementation and ongoing maintenance of cryptography on both new and legacy systems. In this article, we present a few recommendations based on Cryptomathic’s approach to simplifying the implementation of cryptography in a project.

Read More

Using a Centralized Key Management System to Enforce Information Security Policies

01. December 2015 by Ashiq JA (guest)

A Key Management System (KMS) must be designed in a manner that supports the goals of each organization using the KMS. The aim of a security policy is to provide a secure working environment for the organization by establishing required security measures, protocols and controls. 

It consists of the rules and requirements by an organization that governs the use of its information and services, and the security level and strategies for protecting the Confidentiality, Integrity, and Availability (CIA) of its information. 

In complex systems policies may be broken down into sub-polices or may have different policies covering different applications or categories of information.

Read More