T 2.19 Inadequate key management for encryption
If cryptographic systems are used to protect the confidentiality of data during transmission, then inadequate key management can undermine the desired level of protection when
- the cryptographic keys are generated or stored in an insecure environment,
- the keys are unsuitable or easy to guess,
- the keys used for encryption or decryption are not transferred to the communication partner over a secure path.
Examples:
- The simplest example of inadequate key management is when the encrypted information and the cryptographic key are located on the same data carrier. In this case, anyone who gains possession of the data carrier can decrypt the information, assuming this person knows which encryption method was used.
- Cryptographic keys are usually generated by random processes and can be changed after generation. If the random number generator used is unsuitable, then insecure keys may be generated.
- Especially with master keys, it is critical to security to ensure that no weak cryptographic keys are generated. Weak keys are keys that are easy to guess or that are unsuitable for encryption (example: weak and semi-weak DES keys). If the keys derived from the master keys are not checked to see if one of the keys generated is weak, then a weak key may end up being used in actual operations.
If the subkeys used in the triple DES algorithm are all identical, then the triple DES encryption method is only as effective as single DES encryption. The additional security offered by triple DES is then wasted.
However, not only the disclosure of cryptographic keys can lead to serious problems, but their loss as well. Cryptographic keys can
- be lost or forgotten,
- become unavailable, for example when the person in possession of the key has left the company, or
- be destroyed through accidental deletion or unintentional modification, for example due to a bit error or a malfunction on a data medium.
When keys become unavailable, the data protected by them can no longer be decrypted or tested for authenticity.