NIST laying the groundwork for more advanced cryptography
Connecting state and local government leaders
Two publications released by NIST outline the results of a workshop on cryptographic key management and provide an approach for agencies transitioning to new crypto algorithms and key sizes.
The National Institute of Standards and Technology has released two documents as part of its Cryptographic Key Management Project -- a summary of a key management workshop held in June that explored the risks and challenges of handling cryptographic keys in new technological environments, and a draft of recommendations for agencies on transitioning to new algorithms and keys.
Key management is one of the most difficult tasks in cryptography, because a cryptographic algorithm or scheme is only as secure as the keys used to encrypt and decrypt data. The scalability and usability of the methods used to distribute keys are of particular concern. NIST’s key management project is an effort to improve the overall key management strategies to enhance the usability of cryptographic technology, provide scalability and support a global cryptographic key management infrastructure.
Related stories:
NIST upgrades guidelines for cryptographic key management
The key to strong encryption: Matching the right tools to the job
The first step in achieving those goals was a workshop NIST hosted in June that examined the obstacles in using the key management methodologies currently in use. It also covered alternative technologies that key management needs to accommodate and approaches for moving from current methodologies to more desireable methods.
The results of the workshop are summarized in NIST Interagency Report 7609. An approach to transitioning to new generations of keys and algorithms is provided in a draft of Special Publication 800-131, “Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes.”
The NIST Information Technology Laboratory’s Computer Security Division held the workshop to identify technologies needed to allow a “leap ahead” of normal development lifecycles to greatly improve the security of computer applications. It was the first step in developing a CKM System Design Framework that will address issues identified in the workshop.
“Numerous problems have been identified in current key management methodologies, including the lack of guidance, inadequate scalability of the methods used to distribute keys, and user dissatisfaction because of the 'unfriendliness' of these methods,” the report states.
Presentations covered a variety of security issues, including key management systems that are available but are under-used because they lack user-friendly automated key management services; systems that are under development but not reaching the marketplace because of financial, logistical and support service problems; and new security mechanisms needed to support future computing environments such as cloud computing, integrated international applications, and the secure management of dynamic and global relationships among people, organizations and applications.
Draft SP 800-131 provides guidance for transitions to stronger cryptographic keys and more robust algorithms, based on years of experience in dealing with key management. It is part of an effort to define the implement appropriate key management procedures and to establish adequate strengths for algorithms for protecting sensitive information, as well as to plan ahead for changes in the use of cryptography as algorithms become compromised and computing technology used to break them advances. Special Publication 800-57, Part 1, included a general approach for transitioning from one algorithm or key length to another. The new draft of SP 800-131 gives more specific guidance.
Comments on SP 800-131 can be sent to CryptoTransitions@nist.gov until March 15.