Development of a Protection Profile Module for Encryption Key Management Components

The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, includin...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE access 2023-01, Vol.11, p.1-1
Hauptverfasser: Sun, Nan, Li, Chang-Tsun, Chan, Hin, Islam, Md Zahidul, Islam, Md Rafiqul, Armstrong, Warren
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, including the key's generation, usage, distribution, renewal, and destruction. Given the security sensitivity, it is desirable to adopt a widely accepted standard when developing an encryption key management system. Through rigorous development of security requirements and following standardized validation, evaluation, and certification, the consumers' confidence in the security of the EKM system will be enhanced. The Protection Profile (PP), defined in the Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC), specifies the security functional and assurance requirements for a specific technology. In this work, we propose a PP Module that is the new evolution of the PP covering trusted security features for EKM, which is based on its compliance with the Network Device collaborative Protection Profile (NDcPP). In particular, by analyzing threats and vulnerabilities of EKM systems, corresponding security objectives and requirements are proposed in the PP, along with the specification of evaluation activities. The quantum-safe aspect of key distribution protocols is further investigated to support EKM products with quantum-resistant algorithms and quantum key distribution features. In addition to presenting the development methodology and implementation process for the PP Module of EKM, we distill lessons learned from developing and validating the PP Module to inspire future research efforts on defining security requirements with the CC.
ISSN:2169-3536
2169-3536
DOI:10.1109/ACCESS.2023.3239043