Development of a Protection Profile Module for Encryption Key Management Components

The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, includin...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2023-01, Vol.11, p.1-1
Hauptverfasser:	Sun, Nan, Li, Chang-Tsun, Chan, Hin, Islam, Md Zahidul, Islam, Md Rafiqul, Armstrong, Warren
Format:	Artikel
Sprache:	eng
Schlagworte:	Algorithms Certification Common Criteria Computer crime Criteria Cryptography Cyber Security Encryption Encryption Key Management Modules Protection Profile Quantum computing Quantum cryptography Quantum Safe Security Technology assessment Threat evaluation
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	1
container_issue
container_start_page	1
container_title	IEEE access
container_volume	11
creator	Sun, Nan Li, Chang-Tsun Chan, Hin Islam, Md Zahidul Islam, Md Rafiqul Armstrong, Warren
description	The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, including the key's generation, usage, distribution, renewal, and destruction. Given the security sensitivity, it is desirable to adopt a widely accepted standard when developing an encryption key management system. Through rigorous development of security requirements and following standardized validation, evaluation, and certification, the consumers' confidence in the security of the EKM system will be enhanced. The Protection Profile (PP), defined in the Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC), specifies the security functional and assurance requirements for a specific technology. In this work, we propose a PP Module that is the new evolution of the PP covering trusted security features for EKM, which is based on its compliance with the Network Device collaborative Protection Profile (NDcPP). In particular, by analyzing threats and vulnerabilities of EKM systems, corresponding security objectives and requirements are proposed in the PP, along with the specification of evaluation activities. The quantum-safe aspect of key distribution protocols is further investigated to support EKM products with quantum-resistant algorithms and quantum key distribution features. In addition to presenting the development methodology and implementation process for the PP Module of EKM, we distill lessons learned from developing and validating the PP Module to inspire future research efforts on defining security requirements with the CC.
doi_str_mv	10.1109/ACCESS.2023.3239043
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_crossref_primary_10_1109_ACCESS_2023_3239043</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>10024810</ieee_id><doaj_id>oai_doaj_org_article_1bbf03ccf316468aa92e2bed2a032baa</doaj_id><sourcerecordid>2771532677</sourcerecordid><originalsourceid>FETCH-LOGICAL-c409t-81d25090fe9935f86ba377ed25b6ac5c6fbe21d0844eb61eab5cb585f62d81b33</originalsourceid><addsrcrecordid>eNpNUU1Lw0AQXUTBUvsL9BDwnLof2U1yLLFqsUWhel52N7MlJc3GTSr037ttinQu83gz783AQ-ie4CkhOH-aFcV8vZ5STNmUUZbjhF2hESUijxln4voC36JJ121xqCxQPB2h9TP8Qu3aHTR95Gykok_vejB95ZojtFUN0cqV-9Cs89G8Mf7QnqbvcIhWqlEbOIkLt2tdE1B3h26sqjuYnPsYfb_Mv4q3ePnxuihmy9gkOO_jjJSU4xxbyHPGbSa0YmkKgdRCGW6E1UBJibMkAS0IKM2N5hm3gpYZ0YyN0WLwLZ3aytZXO-UP0qlKngjnN1L5vjI1SKK1xcwYy4hIRKZUToHqcEthRrVSwetx8Gq9-9lD18ut2_smvC9pmhLOqEjTsMWGLeNd13mw_1cJlscw5BCGPIYhz2EE1cOgqgDgQoFpkhHM_gB5PoYz</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2771532677</pqid></control><display><type>article</type><title>Development of a Protection Profile Module for Encryption Key Management Components</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Sun, Nan ; Li, Chang-Tsun ; Chan, Hin ; Islam, Md Zahidul ; Islam, Md Rafiqul ; Armstrong, Warren</creator><creatorcontrib>Sun, Nan ; Li, Chang-Tsun ; Chan, Hin ; Islam, Md Zahidul ; Islam, Md Rafiqul ; Armstrong, Warren</creatorcontrib><description>The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, including the key's generation, usage, distribution, renewal, and destruction. Given the security sensitivity, it is desirable to adopt a widely accepted standard when developing an encryption key management system. Through rigorous development of security requirements and following standardized validation, evaluation, and certification, the consumers' confidence in the security of the EKM system will be enhanced. The Protection Profile (PP), defined in the Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC), specifies the security functional and assurance requirements for a specific technology. In this work, we propose a PP Module that is the new evolution of the PP covering trusted security features for EKM, which is based on its compliance with the Network Device collaborative Protection Profile (NDcPP). In particular, by analyzing threats and vulnerabilities of EKM systems, corresponding security objectives and requirements are proposed in the PP, along with the specification of evaluation activities. The quantum-safe aspect of key distribution protocols is further investigated to support EKM products with quantum-resistant algorithms and quantum key distribution features. In addition to presenting the development methodology and implementation process for the PP Module of EKM, we distill lessons learned from developing and validating the PP Module to inspire future research efforts on defining security requirements with the CC.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2023.3239043</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Algorithms ; Certification ; Common Criteria ; Computer crime ; Criteria ; Cryptography ; Cyber Security ; Encryption ; Encryption Key Management ; Modules ; Protection Profile ; Quantum computing ; Quantum cryptography ; Quantum Safe ; Security ; Technology assessment ; Threat evaluation</subject><ispartof>IEEE access, 2023-01, Vol.11, p.1-1</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2023</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c409t-81d25090fe9935f86ba377ed25b6ac5c6fbe21d0844eb61eab5cb585f62d81b33</citedby><cites>FETCH-LOGICAL-c409t-81d25090fe9935f86ba377ed25b6ac5c6fbe21d0844eb61eab5cb585f62d81b33</cites><orcidid>0000-0001-8317-5727 ; 0000-0002-0798-1409 ; 0000-0003-4735-6138 ; 0000-0001-9123-9022 ; 0000-0002-4868-4945</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/10024810$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2100,27631,27922,27923,54931</link.rule.ids></links><search><creatorcontrib>Sun, Nan</creatorcontrib><creatorcontrib>Li, Chang-Tsun</creatorcontrib><creatorcontrib>Chan, Hin</creatorcontrib><creatorcontrib>Islam, Md Zahidul</creatorcontrib><creatorcontrib>Islam, Md Rafiqul</creatorcontrib><creatorcontrib>Armstrong, Warren</creatorcontrib><title>Development of a Protection Profile Module for Encryption Key Management Components</title><title>IEEE access</title><addtitle>Access</addtitle><description>The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, including the key's generation, usage, distribution, renewal, and destruction. Given the security sensitivity, it is desirable to adopt a widely accepted standard when developing an encryption key management system. Through rigorous development of security requirements and following standardized validation, evaluation, and certification, the consumers' confidence in the security of the EKM system will be enhanced. The Protection Profile (PP), defined in the Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC), specifies the security functional and assurance requirements for a specific technology. In this work, we propose a PP Module that is the new evolution of the PP covering trusted security features for EKM, which is based on its compliance with the Network Device collaborative Protection Profile (NDcPP). In particular, by analyzing threats and vulnerabilities of EKM systems, corresponding security objectives and requirements are proposed in the PP, along with the specification of evaluation activities. The quantum-safe aspect of key distribution protocols is further investigated to support EKM products with quantum-resistant algorithms and quantum key distribution features. In addition to presenting the development methodology and implementation process for the PP Module of EKM, we distill lessons learned from developing and validating the PP Module to inspire future research efforts on defining security requirements with the CC.</description><subject>Algorithms</subject><subject>Certification</subject><subject>Common Criteria</subject><subject>Computer crime</subject><subject>Criteria</subject><subject>Cryptography</subject><subject>Cyber Security</subject><subject>Encryption</subject><subject>Encryption Key Management</subject><subject>Modules</subject><subject>Protection Profile</subject><subject>Quantum computing</subject><subject>Quantum cryptography</subject><subject>Quantum Safe</subject><subject>Security</subject><subject>Technology assessment</subject><subject>Threat evaluation</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUU1Lw0AQXUTBUvsL9BDwnLof2U1yLLFqsUWhel52N7MlJc3GTSr037ttinQu83gz783AQ-ie4CkhOH-aFcV8vZ5STNmUUZbjhF2hESUijxln4voC36JJ121xqCxQPB2h9TP8Qu3aHTR95Gykok_vejB95ZojtFUN0cqV-9Cs89G8Mf7QnqbvcIhWqlEbOIkLt2tdE1B3h26sqjuYnPsYfb_Mv4q3ePnxuihmy9gkOO_jjJSU4xxbyHPGbSa0YmkKgdRCGW6E1UBJibMkAS0IKM2N5hm3gpYZ0YyN0WLwLZ3aytZXO-UP0qlKngjnN1L5vjI1SKK1xcwYy4hIRKZUToHqcEthRrVSwetx8Gq9-9lD18ut2_smvC9pmhLOqEjTsMWGLeNd13mw_1cJlscw5BCGPIYhz2EE1cOgqgDgQoFpkhHM_gB5PoYz</recordid><startdate>20230101</startdate><enddate>20230101</enddate><creator>Sun, Nan</creator><creator>Li, Chang-Tsun</creator><creator>Chan, Hin</creator><creator>Islam, Md Zahidul</creator><creator>Islam, Md Rafiqul</creator><creator>Armstrong, Warren</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0001-8317-5727</orcidid><orcidid>https://orcid.org/0000-0002-0798-1409</orcidid><orcidid>https://orcid.org/0000-0003-4735-6138</orcidid><orcidid>https://orcid.org/0000-0001-9123-9022</orcidid><orcidid>https://orcid.org/0000-0002-4868-4945</orcidid></search><sort><creationdate>20230101</creationdate><title>Development of a Protection Profile Module for Encryption Key Management Components</title><author>Sun, Nan ; Li, Chang-Tsun ; Chan, Hin ; Islam, Md Zahidul ; Islam, Md Rafiqul ; Armstrong, Warren</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c409t-81d25090fe9935f86ba377ed25b6ac5c6fbe21d0844eb61eab5cb585f62d81b33</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Algorithms</topic><topic>Certification</topic><topic>Common Criteria</topic><topic>Computer crime</topic><topic>Criteria</topic><topic>Cryptography</topic><topic>Cyber Security</topic><topic>Encryption</topic><topic>Encryption Key Management</topic><topic>Modules</topic><topic>Protection Profile</topic><topic>Quantum computing</topic><topic>Quantum cryptography</topic><topic>Quantum Safe</topic><topic>Security</topic><topic>Technology assessment</topic><topic>Threat evaluation</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Sun, Nan</creatorcontrib><creatorcontrib>Li, Chang-Tsun</creatorcontrib><creatorcontrib>Chan, Hin</creatorcontrib><creatorcontrib>Islam, Md Zahidul</creatorcontrib><creatorcontrib>Islam, Md Rafiqul</creatorcontrib><creatorcontrib>Armstrong, Warren</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Sun, Nan</au><au>Li, Chang-Tsun</au><au>Chan, Hin</au><au>Islam, Md Zahidul</au><au>Islam, Md Rafiqul</au><au>Armstrong, Warren</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Development of a Protection Profile Module for Encryption Key Management Components</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2023-01-01</date><risdate>2023</risdate><volume>11</volume><spage>1</spage><epage>1</epage><pages>1-1</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, including the key's generation, usage, distribution, renewal, and destruction. Given the security sensitivity, it is desirable to adopt a widely accepted standard when developing an encryption key management system. Through rigorous development of security requirements and following standardized validation, evaluation, and certification, the consumers' confidence in the security of the EKM system will be enhanced. The Protection Profile (PP), defined in the Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC), specifies the security functional and assurance requirements for a specific technology. In this work, we propose a PP Module that is the new evolution of the PP covering trusted security features for EKM, which is based on its compliance with the Network Device collaborative Protection Profile (NDcPP). In particular, by analyzing threats and vulnerabilities of EKM systems, corresponding security objectives and requirements are proposed in the PP, along with the specification of evaluation activities. The quantum-safe aspect of key distribution protocols is further investigated to support EKM products with quantum-resistant algorithms and quantum key distribution features. In addition to presenting the development methodology and implementation process for the PP Module of EKM, we distill lessons learned from developing and validating the PP Module to inspire future research efforts on defining security requirements with the CC.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2023.3239043</doi><tpages>1</tpages><orcidid>https://orcid.org/0000-0001-8317-5727</orcidid><orcidid>https://orcid.org/0000-0002-0798-1409</orcidid><orcidid>https://orcid.org/0000-0003-4735-6138</orcidid><orcidid>https://orcid.org/0000-0001-9123-9022</orcidid><orcidid>https://orcid.org/0000-0002-4868-4945</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2023-01, Vol.11, p.1-1
issn	2169-3536 2169-3536
language	eng
recordid	cdi_crossref_primary_10_1109_ACCESS_2023_3239043
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals
subjects	Algorithms Certification Common Criteria Computer crime Criteria Cryptography Cyber Security Encryption Encryption Key Management Modules Protection Profile Quantum computing Quantum cryptography Quantum Safe Security Technology assessment Threat evaluation
title	Development of a Protection Profile Module for Encryption Key Management Components
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-09T11%3A34%3A53IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Development%20of%20a%20Protection%20Profile%20Module%20for%20Encryption%20Key%20Management%20Components&rft.jtitle=IEEE%20access&rft.au=Sun,%20Nan&rft.date=2023-01-01&rft.volume=11&rft.spage=1&rft.epage=1&rft.pages=1-1&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2023.3239043&rft_dat=%3Cproquest_cross%3E2771532677%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2771532677&rft_id=info:pmid/&rft_ieee_id=10024810&rft_doaj_id=oai_doaj_org_article_1bbf03ccf316468aa92e2bed2a032baa&rfr_iscdi=true