Key Management Systems and Their Security

broken image

Key Management Systems (KMS), also known as key control systems, provide authentication and tamper resistance against unauthorized access to data. KMSs have evolved from simple devices to more complex software and hardware designs. Originally, a single master key would control all keys in a system, preventing any unauthorized change or alteration of these keys. As security requirements and access authorization became more complex, the design of master key lock control systems was further developed to accommodate new authorization methods and to provide stronger protection against loss or theft of keys.

The first NISSP 800-57 standard required that all servers required a key management algorithm, providing both authentication and tamper resistance. All computers would need to be programmed with at least one, and preferably two, parameters allowing for random access to the master password and to block all unauthorized key changes. In addition, the algorithm provided protection against unintentional and intentional access and modification of the key material. The algorithm could be implemented in a variety of ways, including:

- Computationally scrambled public key blots (CSB) were produced using a secret message and an encryption algorithm known only to the maker of the keys. Public key cryptography is often referred to as digital signatures, because they are not derived from a physical key material, such as keys, thumb prints, or passwords. Public key cryptography provides the security and privacy necessary for secure key management. A public key algorithm can be specified in a number of different forms. These include symmetric key production, digital signatures, digital certificates, and key generation by use of randomly generated numbers called "public key keys."

- Digital certificates are digitally signed messages that provide information that cannot be changed without knowledge of the signer. A digital signature algorithm uses elliptical digital encryption with a private key that is protected by a secret, uniformly distributed key schedule. This type of key management method allows for highly secure digital signatures without the need to disclose key information to the intended receiver. Digital certificates are used to provide evidence of authenticity, usually transmitted as proof of the website authenticity at different levels of authentication.

- CTR (ctr) and EDAC (ecc), which are also known as encryption Diffie-Calibration, types of symmetric key management that use different factors for generating digital certificates, including parameters and padding modes. CTR and EDACs use a finite random stream called the secret factor, which is randomly assigned to a finite array of cryptographic keys. These parameters determine both the length of the digital certificate and the security level that are best for a given key.

The integrity of a company's digital key material may be compromised by the use of weak cryptographic key tracking software systems, such as failover oracle software, weak password policies, and the inability to reconfigure compromised keys quickly enough to prevent unauthorized access. In addition, some types of key management systems fail to encrypt sensitive data at rest. Such systems do not use elliptical encryption, as suggested in some standards because elliptical encryption is susceptible to attacks from malicious agents.

Furthermore, some key management systems use default settings that make the system vulnerable to attacks from passive attackers who do not need to possess the actual secret material. Such attacks compromise the encryption algorithm used by the system, leaving company communications open to eavesdropping from others. If you want to read more, visit https://www.ehow.com/facts_7318010_local-alarm-vs_-monitored-alarm_.html.