2.11 Other Facets of Security
Next, we look briefly at a few other important facets of a complete security system, albeit issues that are somewhat outside the scope of digital cryptography. An overall security system is only as secure as the weakest facet.
No key should be used forever. The longer a key has been in use and the more often its uses are exposed, the greater the probability of it being compromised due to accident, subversion, or cryptanalysis. Most systems require regular key updates and a plan for nonscheduled rollover in case of known compromise. While the timing for such updates depends on the particular circumstances, most public keys should not be used for more than a year. In fact, sometimes it is reasonable to use a keyfor example, an enveloped encryption symmetric keyonce only.
Devices and areas where keys are exposed, cryptographic computations are performed, and the plain text version of cipher text appears must be physically secure. If an adversary can obtain keys or passwords by getting them from computer memory, observing user keystrokes, or similar activities, you are sunk. Cryptographic security relies on the security of the keys. If the actual cryptographic computations can be observed, changed, or bypassed, security is lost.
In security systems of any complexity, there are always people whom you must trust. They include, but are not limited to, people with physical access to the keying material, people who implemented the software and/or hardware involved with critical operations, and people who designed the system. If operation of the system is critical or protects valuable secrets, how do you assure that these people are trustworthy?
Even with good cryptography, physical, and personnel security, what sort of administrative procedures do you have? If a security violation or compromise occurs, who reports it and what action is taken? Does anyone actually check that what is supposed to be done is being done, that encrypted data are actually secure?
One implementation of secure Telnet used a 64-bit DES key, which includes eight nominal "parity" bits. The keys consisted of 64 randomly generated bits, but the actual encryption/decryption routine ignored the supplied key and used a key of all zero bits if the parity was wrong! Consequently, more than 99.5% of the time, the same zero key was used [JIS]. This system scrambled the bits so they looked secure to a human. This code interoperated well with other copies of itself, as both ends made the same mistake, but in a way that was very insecure to anyone trying a few keys. A zero key is particularly obvious to try when attempting to decode unknown cipher text because it could result from a software or hardware failure and is one of the four "weak" keys for DES. The lesson: Constant vigilance and oversight of security systems are needed.