Information technology — Security techniques — Key management — Part 1: Framework

ISO/IEC 11770-1:2010 defines a general model of key management that is independent of the use of any particular cryptographic algorithm. However, certain key distribution mechanisms can depend on particular algorithm properties, for example, properties of asymmetric algorithms. ISO/IEC 11770-1:2010 contains the material required for a basic understanding of subsequent parts. Examples of the use of key management mechanisms are included in ISO 11568. If non-repudiation is required for key management, ISO/IEC 13888 is applicable. ISO/IEC 11770-1:2010 addresses both the automated and manual aspects of key management, including outlines of data elements and sequences of operations that are used to obtain key management services. However it does not specify details of protocol exchanges that might be needed. As with other security services, key management can only be provided within the context of a defined security policy. The definition of security policies is outside the scope of ISO/IEC 11770. The fundamental problem is to establish keying material whose origin, integrity, timeliness and (in the case of secret keys) confidentiality can be guaranteed to both direct and indirect users. Key management includes functions such as the generation, storage, distribution, deletion and archiving of keying material in accordance with a security policy (ISO 7498-2). ISO/IEC 11770-1:2010 has a special relationship to the security frameworks for open systems (ISO/IEC 10181). All the frameworks, including this one, identify the basic concepts and characteristics of mechanisms covering different aspects of security.

Technologies de l'information — Techniques de sécurité — Gestion de clés — Partie 1: Cadre général

General Information

Status
Published
Publication Date
21-Nov-2010
Current Stage
9093 - International Standard confirmed
Completion Date
15-Nov-2021
Ref Project

Relations

Buy Standard

Standard
ISO/IEC 11770-1:2010 - Information technology -- Security techniques -- Key management
English language
30 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (Sample)

INTERNATIONAL ISO/IEC
STANDARD 11770-1
Second edition
2010-12-01


Information technology — Security
techniques — Key management —
Part 1:
Framework
Technologies de l'information — Techniques de sécurité — Gestion de
clés —
Partie 1: Cadre général





Reference number
ISO/IEC 11770-1:2010(E)
©
ISO/IEC 2010

---------------------- Page: 1 ----------------------
ISO/IEC 11770-1:2010(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.


COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 2010
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2010 – All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC 11770-1:2010(E)
Contents Page
Foreword .iv
Introduction.v
1 Scope.1
2 Terms and definitions .1
3 Symbols and abbreviated terms .6
3.1 Symbols.6
3.2 Abbreviated terms.6
4 General model of key management.6
4.1 General .6
4.2 Protection of keys .7
4.2.1 General aspects of key management.7
4.2.2 Protection by cryptographic techniques .7
4.2.3 Protection by non-cryptographic techniques.7
4.2.4 Protection by physical means.7
4.2.5 Protection by organisational means .8
4.3 Generic key life cycle model .8
4.3.1 Key life cycle definitions.8
4.3.2 Transitions between key states .9
4.3.3 Transitions, services and keys .10
5 Basic concepts of key management .10
5.1 Key management services .10
5.1.1 Summary of key management services.10
5.1.2 Generate-Key (key generation) .12
5.1.3 Register-Key (key registration) .12
5.1.4 Create-Key-Certificate (key certification).12
5.1.5 Distribute-Key (key distribution).12
5.1.6 Install-Key (key installation).12
5.1.7 Store-key (key storage).12
5.1.8 Derive-Key (key derivation) .13
5.1.9 Archive-Key (key archiving) .13
5.1.10 Revoke-Key (key revocation) .13
5.1.11 Deregister-Key (key deregistration) .13
5.1.12 Destroy-Key (key destruction) .13
5.2 Support services .13
5.2.1 Key management facility services.13
5.2.2 User-oriented services.14
6 Conceptual models for key distribution for two entities.14
6.1 Introduction to key distribution .14
6.2 Key distribution between two communicating entities.14
6.3 Key distribution within one domain .15
6.4 Key distribution between two domains.16
7 Specific service providers.18
Annex A (informative) Threats to key management .19
Annex B (informative) Key management information objects .20
Annex C (informative) Classes of cryptographic applications.21
Annex D (informative) Certificate lifecycle management.23
Bibliography.30

© ISO/IEC 2010 – All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC 11770-1:2010(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC 11770-1 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, IT Security techniques.
This second edition cancels and replaces the first edition (ISO/IEC 11770-1:1996), which has been technically
revised.
ISO/IEC 11770 consists of the following parts, under the general title Information technology — Security
techniques — Key management:
⎯ Part 1: Framework
⎯ Part 2: Mechanisms using symmetric techniques
⎯ Part 3: Mechanisms using asymmetric techniques
⎯ Part 4: Mechanisms based on weak secrets
The following part is under preparation:
⎯ Part 5: Group key management
iv © ISO/IEC 2010 – All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC 11770-1:2010(E)
Introduction
In information technology there is an ever-increasing need to use cryptographic mechanisms for the protection
of data against unauthorised disclosure or manipulation, for entity authentication, and for non-repudiation
functions. The security and reliability of such mechanisms are directly dependent on the management and
protection afforded to a security parameter, the key. The secure management of these keys is critical to the
integration of cryptographic functions into a system, since even the most elaborate security concept will be
ineffective if the key management is weak. The purpose of key management is to provide procedures for
handling cryptographic keying material to be used in symmetric or asymmetric cryptographic mechanisms.
This part of ISO/IEC 11770 defines a general model of key management that is independent of the use of any
particular cryptographic algorithm. However, certain key distribution mechanisms may depend on particular
algorithm properties, for example, properties of asymmetric algorithms.
This part of ISO/IEC 11770 contains the material required for a basic understanding of subsequent parts.
Examples of the use of key management mechanisms are included in ISO 11568. If non-repudiation is
required for key management, ISO/IEC 13888 is applicable.
This part of ISO/IEC 11770 addresses both the automated and manual aspects of key management, including
outlines of data elements and sequences of operations that are used to obtain key management services.
However it does not specify details of protocol exchanges that might be needed.
As with other security services, key management can only be provided within the context of a defined security
policy. The definition of security policies is outside the scope of ISO/IEC 11770.
The fundamental problem is to establish keying material whose origin, integrity, timeliness and (in the case of
secret keys) confidentiality can be guaranteed to both direct and indirect users. Key management includes
functions such as the generation, storage, distribution, deletion and archiving of keying material in accordance
with a security policy (ISO 7498-2).
This part of ISO/IEC 11770 has a special relationship to the security frameworks for open systems
(ISO/IEC 10181). All the frameworks, including this one, identify the basic concepts and characteristics of
mechanisms covering different aspects of security.

© ISO/IEC 2010 – All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 11770-1:2010(E)

Information technology — Security techniques — Key
management —
Part 1:
Framework
1 Scope
This part of ISO/IEC 11770
a) establishes the general model on which key management mechanisms are based,
b) defines the basic concepts of key management which are common to all the parts of ISO/IEC 11770,
c) specifies the characteristics of key management services,
d) establishes general principles on the management of keying material during its life cycle, and
e) establishes the conceptual model of key distribution.
2 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
2.1
asymmetric cryptographic technique
cryptographic technique that uses two related transformations, a public transformation (defined by the public
key) and a private transformation (defined by the private key)
NOTE The two transformations have the property that, given the public transformation, it is computationally infeasible
to derive the private transformation.
2.2
asymmetric key pair
pair of related keys where the private key defines the private transformation and the public key defines the
public transformation
[ISO/IEC 11770-3:2008]
2.3
certification authority
entity trusted to create and assign public key certificates
2.4
data integrity
property that data has not been altered or destroyed in an unauthorized manner
[ISO 7498-2:1989]
© ISO/IEC 2010 – All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC 11770-1:2010(E)
2.5
data origin authentication
corroboration that the source of data received is as claimed
[ISO 7498-2:1989]
2.6
decryption
reversal of a corresponding encryption
NOTE Decryption [ISO/IEC 18033-1] and decipherment [ISO/IEC 9798-1] are equivalent terms.
2.7
digital signature
data appended to, or a cryptographic transformation of, a data unit that allows a recipient of the data unit to
prove the source and integrity of the data unit and protect against forgery e.g. by the recipient
[ISO/IEC 9798-1:1997]
2.8
directory maintenance authority
entity responsible for making the public key certificates available online for ready use by the user entities
2.9
distinguishing identifier
information which unambiguously distinguishes an entity
2.10
encryption
(reversible) transformation of data by a cryptographic algorithm to produce ciphertext, i.e., to hide the
information content of the data
NOTE Encryption [ISO/IEC 18033-1] and encipherment [ISO/IEC 9798-1] are equivalent terms.
2.11
entity authentication
corroboration that an entity is the one claimed
[ISO/IEC 9798-1:1997]
2.12
key
sequence of symbols that controls the operation of a cryptographic transformation (e.g., encryption, decryption,
cryptographic check function computation, signature generation, or signature verification)
2.13
key agreement
process of establishing a shared secret key between entities in such a way that neither of them can
predetermine the value of that key
2.14
key archiving
service which provides a secure, long-term storage of keys after normal use
2.15
key certification
service which assures the association of a public key with an entity
2 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC 11770-1:2010(E)
2.16
key confirmation
assurance for one entity that another identified entity is in possession of the correct key
2.17
key control
ability to choose the key, or the parameters used in the key computation
2.18
key deregistration
procedure provided by a key registration authority that removes the association of a key with an entity
2.19
key derivation
service which forms a potentially large number of keys using a secret original key called the derivation key,
non-secret variable data and a secure transformation process
2.20
key destruction
service for the secure destruction of keys that are no longer needed
2.21
key distribution
service which securely provides key management information objects to authorized entities
2.22
key distribution centre
entity that is trusted to generate or acquire keys and to distribute the keys to communicating parties and that
shares a unique symmetric key with each of the parties
2.23
key establishment
process of making available a shared key to one or more entities, where the process includes key agreement
or key transport
[ISO/IEC 11770-3:2008]
2.24
key generation
process of generating a key
2.25
key generator
entity responsible for generation of an asymmetric key pair
2.26
key installation
service which securely establishes a key within a key management facility in a manner that protects it from
compromise
2.27
keying material
data necessary to establish and maintain cryptographic keying relationships
EXAMPLES Keys, initialization values.
© ISO/IEC 2010 – All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC 11770-1:2010(E)
2.28
key management
administration and use of generation, registration, certification, deregistration, distribution, installation, storage,
archiving, revocation, derivation and destruction of keying material in accordance with a security policy
2.29
key registration
service which associates a key with an entity
2.30
key revocation
service which assures the secure deactivation of a key
2.31
key storage
service which provides secure storage of keys intended for current or near-term use or for backup
2.32
key translation centre
entity trusted to decrypt a key that was generated and encrypted by one party and re-encrypt it for another
party
2.33
key transport
process of transferring a key from one entity to another entity, suitably protected
[ISO/IEC 11770-3:2008]
2.34
personal identification number
secret number sequence used for entity authentication, which is a memorized weak secret
2.35
private key
key of an entity's asymmetric key pair that is kept private
NOTE The security of an asymmetric system depends on the privacy of this key.
2.36
public key
key of an entity’s asymmetric key pair which can usually be made public without compromising security
2.37
public key certificate
public key information of an entity signed by the certification authority
2.38
public key information
information containing at least the entity’s distinguishing identifier and public key, but which can include other
static information regarding the certification authority, the entity, restrictions on key usage, the validity period,
or the involved algorithms
[ISO/IEC 11770-3:2008]
2.39
random number
random bit
time variant parameter whose value is unpredictable
4 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 9 ----------------------
ISO/IEC 11770-1:2010(E)
2.40
registration authority
entity responsible for providing assured user identities to the certification authority
2.41
secret key
key used with symmetric cryptographic techniques and usable only by a set of specified entities
2.42
security authority
entity that is responsible for the definition, implementation or enforcement of security policy
[ISO/IEC 10181-1:1996]
2.43
security domain
set of elements, security policy, security authority and set of security-relevant activities in which the set of
elements are subject to the security policy for the specified activities, and the security policy is administered
by the security authority for the security domain
[ISO/IEC 10181-1:1996]
2.44
sequence number
time variant parameter whose value is taken from a specified sequence which is non-repeating within a certain
time period
2.45
symmetric cryptographic technique
cryptographic technique that uses the same secret key for both the originator’s and the recipient’s
transformation
NOTE Without knowledge of the secret key, it is computationally infeasible to compute either the originator’s or the
recipient’s transformation.
2.46
time stamp
data item which denotes a point in time with respect to a common time reference
[ISO/IEC 11770-3:2008]
2.47
time variant parameter
data item such as a random number, a sequence number, or a time stamp
[ISO/IEC 11770-3: 2008]
2.48
trusted third party
security authority or its agent that is trusted with respect to some security-relevant activities (in the context of a
security policy)
[ISO/IEC 10181-1:1996]
© ISO/IEC 2010 – All rights reserved 5

---------------------- Page: 10 ----------------------
ISO/IEC 11770-1:2010(E)
3 Symbols and abbreviated terms
3.1 Symbols
A, B distinguishing identifiers of entities
CA Certification Authority
DIR Directory Maintenance Authority
KDC Key Distribution Centre
KG Key Generator
KTC Key Translation Centre
RA Registration Authority
S Signature key of entity A
A
V Verification key of entity A
A
X distinguishing identifier of authority
3.2 Abbreviated terms
CA Certification Authority
MAC Message Authentication Code
PIN Personal Identification Number
RA Registration Authority
TTP Trusted Third Party
TVP Time Variant Parameter
4 General model of key management
4.1 General
The objective of key management is the secure administration and use of key management services and
therefore the protection of keys is extremely important.
Key management procedures depend on the underlying cryptographic mechanisms, the intended use of the
key and the security policy in use. Key management also includes those functions that are executed in
cryptographic devices.
6 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 11 ----------------------
ISO/IEC 11770-1:2010(E)
4.2 Protection of keys
4.2.1 General aspects of key management
Keys are a critical part of any security system that relies on cryptographic techniques. The appropriate
protection of keys depends on a number of factors, such as the type of application for which the keys are used,
the threats they face, the different states the keys may assume, etc. Primarily, depending upon the
cryptographic technique, they have to be protected against disclosure, modification, destruction and replay.
Examples of possible threats to keys are given in Annex A. More than one of the following protection
techniques may be required to protect against these threats. The validity of a key shall be limited in time and
amount of use. These constraints are governed by the time and amount of data required to conduct a key-
recovery attack and the strategic value of the secured information over time. Keys that are used to generate
keys need more protection than the generated keys. Another important aspect of the protection of keys is
avoidance of their misuse, e.g., use of a key for key encryption to encrypt data.
4.2.2 Protection by cryptographic techniques
Some threats to keying material can be countered using cryptographic techniques. For example: encryption
counters key disclosure and unauthorised use; data integrity mechanisms counter modification; data origin
authentication mechanisms, digital signatures, and entity authentication mechanisms counter masquerade.
For encryption algorithm standards, refer to ISO/IEC 18033. For data integrity mechanisms, refer to
ISO/IEC 9796, ISO/IEC 9797, ISO/IEC 10118 and ISO/IEC 14888. For digital signatures, refer to
ISO/IEC 9796 and ISO/IEC 14888. For entity authentication mechanisms, refer to ISO/IEC 9798.
Cryptographic separation mechanisms counter misuse. Such separation of functional use may be
accomplished by binding information to the key. For example: binding control information to the key assures
that specific keys are used for specific tasks (e.g. key encryption, data integrity); key control is required for
non-repudiation using symmetric techniques. For non-repudiation using symmetric techniques, refer to
ISO/IEC 13888-2.
4.2.3 Protection by non-cryptographic techniques
Time stamps may be used to restrict the use of keys to certain valid time periods. Together with sequence
numbers, they also protect against the replay of recorded key agreement information. For time stamps, refer
to ISO/IEC 18014.
4.2.4 Protection by physical means
A cryptographic device within a secure system will typically need to protect the keying material it uses against
the threats of modification, deletion and, except for public keys, disclosure. The device typically provides a
secure area for key storage, key use and cryptographic algorithm implementation. It may provide the means to
⎯ load keying material from a separate secure key storage device,
⎯ interact with cryptographic algorithms implemented in separate security facilities (for example, smart
cards), or
⎯ store keying material off-line (for example, on memory cards).
Secure areas are typically protected by physical security mechanisms. Physical security mechanisms may
include passive mechanisms preventing direct access to the secure area as well as active tamper detection
mechanisms that destroy key material in the event of possible intrusion to the secure area. The physical
security mechanisms employed will depend on the strategic value of the secured keys over time. Security
protection for cryptographic devices is standardized in ISO/IEC 19790.
© ISO/IEC 2010 – All rights reserved 7

---------------------- Page: 12 ----------------------
ISO/IEC 11770-1:2010(E)
4.2.5 Protection by organisational means
One means of protecting keys is to organise them into a key hierarchy. Except at the lowest level of the
hierarchy, keys in one level of a hierarchy are used solely to protect keys in the next level down. Only keys in
the lowest level of the hierarchy are used directly to provide data security services. This hierarchical approach
allows the use of each key to be limited, thus limiting exposure and making attacks difficult. For example, the
effect of the compromise of a single session key is limited to compromising only the information protected by
that key.
Allowing people to have access to keys can cause significant problems in terms of being able to prevent
disclosure and (particularly for non-repudiation) to prove that the key can not have been misused. Keys should
only be available in plaintext when inside secure devices. If they shall be exported, then special measures
should be used such as dividing the key into components and not allowing one person to access all
components.
Use of a key shall also be controlled, to prevent its use in a manner that might divulge the key or the data it
protects.
4.3 Generic key life cycle model
4.3.1 Key life cycle definitions
A cryptographic key will progress through a series of states that define its life cycle. The three principal states
are:
⎯ Pending Active: In the Pending Active state, a key has been generated, but has not been activated for
use.
⎯ Active: In the Active state, the key is used to process data cryptographically, or to decrypt or verify
processed data.
⎯ Post Active: In this state, the key shall only be used for decryption or verification.
A key that is known to be compromised shall become Post Active immediately and shall not be trusted for any
other purpose than decrypting or verifying data that was processed prior to the compromise. In particular, a
compromised key shall not be reactivated.
A key is said to be compromised when it has been determined to have been subjected to unauthorized access
or control.
Figure 1 shows these states and the corresponding transitions. Figure 1 represents a generic life cycle model.
Other life cycle models may have additional details that may be sub-states of the three states presented. The
majority of life cycles require an archival activity. This activity may be associated with any of the states,
depending on the particular details of the life cycle.
8 © ISO/IEC 2010 – All rights reserved

---------------------- Page: 13 ----------------------
ISO/IEC 11770-1:2010(E)
Generation
Destruction

Pending

Active
Activation
Active
Deactivation
Reactivation
Destruction
Post
Active

Figure 1 — Key life cycle
4.3.2 Transitions between key states
When a key progresses from one state to another, it undergoes one of the following transitions, as depicted in
Fi
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.