SEC05-04 Key Security Management

Key security management is critical to the security of the entire workload. If keys are managed improperly, even strong cryptographic algorithms cannot ensure system security. The security management covers the entire lifecycle of keys, including key generation, transmission, use, storage, update, backup and restoration, and destruction.

• Risk level

  High

• Key strategies
  • Generating a key:
    • Manage keys hierarchically. Divide keys into at least two layers: root keys and working keys. The root keys encrypt working keys for protection.
    • Generate keys using secure random number generators to ensure the randomness and unpredictability of keys. Do not use weak or fixed keys.
  • Transmitting a key:
    • Use secure communication channels, such as encrypted channels or physical transmission, to transmit keys.
    • Ensure that keys are not stolen or tampered with during transmission.
  • Using a key:
    • Minimize the use of keys and avoid exposing keys unnecessarily.
    • Implement access control and permission management to restrict access to keys.
  • Storing a key:
    • Use secure storage devices or encrypted storage to store keys.
    • Ensure that only authorized personnel can access the key storage.
  • Updating a key:
    • Periodically update keys to cope with security vulnerabilities and attacks.
    • Rotate keys securely to ensure service continuity.
  • Backup and restoration:
    • Periodically back up keys and store the backup securely.
    • Ensure that there is a reliable recovery mechanism to prevent key loss or damage.
  • Destroying a key:
    • Destroy keys when they are no longer needed.
    • Destroy keys securely, for example, use encrypted deletion or physical destruction.
• Related cloud services and tools

  DEW