S 6.56 Data backup when using cryptographic methods

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: IT Security Officer

When cryptographic methods are used, it is important not to neglect the subject of data backup Apart from the question of how a backup of the encrypted data should best be performed, it is also necessary to consider whether the cryptographic keys should be backed up, and if so, how. It also makes sense to back up the configuration data relating to the crypto products that are used.

Backing up the keys

Very careful thought must be given to the question of whether and how to back up the cryptographic keys, because every copy of a key is a potential weak point.

Nevertheless, there may be various reasons why it is necessary to store cryptographic keys. A variety of methods can be used for storing keys:

• storage on a transportable data medium, such as a floppy disk or chip card (mainly used for distributing or exchanging keys, see S 2.46 Appropriate key management),
• storage in IT components which have to have permanent access to cryptographic keys, for example for communication encryption, and
• the safekeeping of keys as a precaution against key loss, or as part of arrangements for substitution.

The following points always have to be observed in this connection:

• Cryptographic keys should be stored or kept in safekeeping in such a way that unauthorised users cannot read them out without this being noticed. For example, keys could be stored in special security hardware which automatically deletes the keys in the event of an attack. If they are stored in software, they should always be protected by a second encryption. It should be kept in mind that most standard applications which involve storing keys or passwords in the application generally do this using techniques that are easy to break. Another possible variant is to use the two person rule in the storage of keys, in other words dividing a key into two halves or different parts for storage purposes.
• No copies should be made of communication keys or other short-lived keys. To rule out the possibility of unauthorised use, there should generally not be any copies made of private signature keys either. If it is decided to opt for a key storage solution in software only, i.e. without using a chip card or similar device, the risk of key loss is increased, for example as a result of bit errors or a hard disk defect. In this case it may be less costly to provide a sufficiently secure means of key storage than to inform every communications partner every time that a key is lost.
• Backup copies should always be made of long-lived keys, for example keys that are used for the archiving of data or for generating session keys.

Backing up encrypted data

Particular care needs to be taken when backing up encrypted data or when using encryption during a backup procedure. If errors occur at such times, it usually means that all of the data will be unusable, not just a few records.

The long-term storage of encrypted or signed data is associated with many additional problems. It is not only necessary to see to it that the data media are regularly refreshed and that the technical components for processing these media are available at all times, it must also be ensured that the cryptographic algorithms and the key lengths still represent the state of the art. As far as the long-term archiving of data is concerned, it may therefore make more sense to store the data unencrypted and instead store it in an appropriately secure location, for example in a safe.

As a precaution, the crypto modules should always be archived because experience shows that even after a number of years data may crop up which has not been stored in the archive.

Backing up the configuration data of the products used

When using relatively complex crypto products, it is important not to forget to back up their configuration data (see also S 4.78 Careful modifications of configurations). Once chosen, the configuration should be documented so that it can be set up again quickly after a system failure of if re-installation becomes necessary.

Review questions:

• Are unauthorised persons prevented from reading cryptographic keys also during data backups?
• Are long-lived cryptographic keys stored safely?
• In case of long-term storage of encrypted data, is it checked at regular intervals that the cryptographic algorithms and the key lengths still represent the state of the art?
• Is it guaranteed that access to data stored in encrypted form is still possible after longer periods?
• Are crypto products used archived?
• Are configuration data of crypto products backed up?