Security Architecture for Sensitive Information Systems [chapter]

Xianping Wu, Phu Dung, Balasubramaniam Srinivas
2010 Convergence and Hybrid Information Technologies  
Dynamic Keys once public key yes one high Key Lifetime refers to the length of time the key can be used for encryption. The lifetime of long-term shared keys is indefinite, since the lifetime depends on the security policy and key size. Session keys, used for securing all messages in the one communication session, are also called ephemeral keys. Their lifetimes are less than long-term shared keys. The one-time pad and dynamic keys are used only once. 22 Among cryptographic keys, the one-time
more » ... and dynamic keys have the smallest lifetime. Key Distribution refers to the process of exchanging shared secrets for encryption. Strictly, long-term keys and secret dynamic keys employ public key cryptography to exchange secrets in order to overcome symmetric key distribution problems. Session keys can be distributed by using a shared long-term key or a public key starting at every communication session. A one-time pad is normally exchanged via physical devices. Distributing very long one-time pad keys is inconvenient and usually poses a significant security risk. The pad is essentially the encryption key, but unlike keys for modern ciphers, it must be extremely long and is consequently difficult for humans to remember. Theoretically, the more frequently keys are exchanged, the more secure they are, because the adversary has less cipher text to work with for any given key. On the other hand, the distribution of keys delays the start of any exchange and places a burden on network capacity. Therefore, long-term keys and dynamic keys have advantages over others in key distribution. Nevertheless, in term of security, dynamic keys, unlike long-term keys, are used only once, and do not involve key distribution (only once for initial secret sharing). Dynamic keys are consequently more secure than long-term keys. Key Synchronization refers to the process of ensuring that the key for encryption is the same for the two involved entities. Because long-term keys are shared and session keys are distributed for each transaction, these do not need key synchronization. However, for one-time pad keys and dynamic keys, both need to synchronize the key in order to ensure communication between entities. In this regard, one time pad keys 141 Security Comparison In this section (4.1), dynamic key management was introduced based on Definition 3.4. By applying the nature of dynamic keys 46 , if the agreements (Section 4.1.1) are followed, the security of the proposed architecture is guaranteed. The proposed dynamic key management provide stronger security than other existing approaches in sensitive information protection, and comparable with communication channel (unicast and multicast), user interface and sensitive information storage protection. This comparison is presented in Table 4 .1. The comparison criteria are selected based on the discussion in Chapter 2. Table 4.1. Key Managements Comparison. Criteria Key Management Approaches Communication Channel User Interface Sensitive Information Storage DKM Unicast Multicast Key Type long-term group long-term long-term public long-term public dynamic Key Distribution yes yes yes/no yes/ no no Key Lifetime indefinite moderate indefinite indefinite indefinite once Security Breach Detection no no no no yes Key Type refers to the type of keys employed in key managements. As discussed in Chapter 2, long-term (master) and public keys are mainly adopted in extant approaches of sensitive information protection. However, in the proposed security architecture, dynamic keys are adopted to in DKM. DKM has the advantage over others due to the nature of dynamic keys.
doi:10.5772/9641 fatcat:cdq2t26wcfc3vc5czgqog3h5pu