S 2.264 Regular regeneration of encrypted data in archiving
Initiation responsibility: Information Security Management, Head of IT
Implementation responsibility: Head of IT, Administrator, Information Security Management
Cryptographic procedures are subject to a technological ageing process, since weaknesses not known or relevant at the time the procedures were selected can be demonstrated over the course of time by means of mathematical or technical further developments.
Regarding retention periods of 10 years and more, it must be assumed that encrypted or signed data will have to be re-encrypted repeatedly with new keys and possibly on the basis of new algorithms in order to continuously protect the confidentiality and/or integrity of the data.
In order to be able to assess whether an algorithm is still reliable and sufficiently secure, developments in the field of cryptography should be surveyed continuously. Furthermore, relevant sources of information must continuously be analysed with regard to whether ways of compromising existing procedures are disclosed.
If the encryption procedures used are no longer contemporary and therefore the confidentiality or integrity of the encrypted data can no longer be ensured, the data must be re-encrypted and/or re-signed.
The following aspects must be taken into consideration during re-encryption (see also module S 1.7 Cryptographic concept):
- An encryption algorithm secure according to the current standards must be used that can be assumed to be secure for a long period.
- A procedure for encryption and key distribution must be selected which meets the requirements of the archiving application.
- The newly generated keys must be distributed securely to the users of the encryption procedure.
- An authentication of the encryption keys (e.g. by means of an electronic certificate) must be arranged.
- The original file must be destroyed upon successful encryption; for WORM media, the entire data medium.
- If data media are withdrawn within the framework of re-encryption, these must also be disposed of securely.
- Along with the main data media, backup data media must also be disposed of securely and/or old files must be deleted securely.
The keys can be distributed in two different ways: If the keys are to be generated by an independent, trustworthy institution, it must be ensured that the new keys are transferred confidentially and unaltered to the original owner of the document.
When using asymmetric procedures for encryption, the document owner may alternatively generate a pair of keys himself/herself upon request and inform the archiving institution about the public key.
In any case, it must be taken into consideration that such re-encryption requires a certain lead time: The owners of the data and/or keys must be notified, the required keys must be generated and distributed. In the event of a large number of different owners and large data volumes, the corresponding time required must be taken into account.
When selecting a new encryption procedure the reliability of which is guaranteed for as long as possible, a current and recognised secure algorithm should be selected. If there is no really good alternative for the currently used algorithm, it should be checked whether an increase of the key length could constitute a provisional solution.
Upon re-encryption and re-archiving, the old databases must be destroyed reliably. If the original data was archived on WORM media, the data media the data had been stored to in the previous encryption must be disposed of securely. On rewritable media, the data must be deleted reliably (see also S 2.167 Selecting suitable methods for deleting or destroying data). It must be taken into account that the data stored on backup media must also be re-encrypted and that old backup media must be deleted or destroyed selectively (see also S 6.84 Regular data backup of the system and archived data).
Review questions:
- Are existing encryption procedures continuously examined for their ability to be compromised and are cryptographic developments surveyed?
- Are insecure encryption procedures replaced and the data encrypted using these procedures re-encrypted using a secure encryption procedure?
- Are old databases destroyed irreversibly at the time of re-encryption?