Have you ever considered how to ensure the security of the cryptographic keys held on your smartcard or embedded in your NFC-enabled smartphone?
Key management deals with the secure generation, distribution, storage, and lifecycle management of cryptographic keys for both traditional cards and mobile credentials. Keys must be chosen carefully and distributed and stored securely. This important subject deserves a detailed study itself, but here I will raise a few of the essential key management best-practices you should keep in mind when discussing your business requirements with a manufacturer.
First, whenever there is a choice, choose a manufacturer that allows you to utilize your own cryptographic authentication key, so that you have a unique key for your facility or organization. Though it may be easier not to have the responsibility for managing and safeguarding your own keys, utilizing your own authentication keys will protect your organization from a key compromise in someone else’s readers purchased from the same manufacturer.
This may seem obvious, but you should not choose a manufacturer that stores the same key in all the credentials it produces. Extracting the key from a single card would compromise all the others. Use a manufacturer that uses diversified keys; each card uses a different key that is derived cryptographically from a master key, so one implementation is different from the next.
Customers should also consider a manufacturer that allows for updating and maintaining a secure and consistent data model throughout a credential’s lifecycle.
Master key
Second, if offered a choice, use readers that protect their master key from being easily extracted from the reader. The individual components of an access control system need to communicate with one another in the form of card read messages, door unlock messages, audit trail data, cardholder privilege changes, etc. It is critical to protect this information exchange on the communications medium on two levels. The actual communications medium (be it hard-wired or wireless) and the data content must be protected. Look for reader manufacturers that use a secure element such as a trusted platform module, secure access module, or equivalent device to store cryptographic keys.
Equally, choosing readers and credentials that operate in unison within a trusted identity platform framework creates a secure and trusted boundary within which all cryptographic keys governing system security can be delivered with end-to-end privacy and integrity. Some manufacturers go one step further and actually do all the cryptographic operations inside the secure element itself, making it even more difficult to compromise the key information or data.
Of course, always be prepared to act quickly in case a key compromise does occur. Know how to use the manufacturer’s procedures to roll or change the keys in both the readers and cards. Some manufacturers can move cryptographic data, such as keys and reader firmware upgrades, from a secure vault on its premises directly into the secure element inside the reader.
Related posts:
Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.
Sign up now!
I know that not many people are looking to try to break their reader just to see how easy it is to get the Master Key from it and there are probably several instances where the reader is given no thought at all. I have to say I was glad to see that part in the article because it raises awareness of a component we take for granted day to day and should be looked at.
interesting, I trust you are right… as a lot of the time we never think…
The main issue is span of key use, and therefore frequency of replacement. Because it raises any attackers required effort, keys should be frequently changed. This also limits loss of info, as the number of stored encrypted messages which will become readable when a key is found will decrease as the frequency of key change rises. Historically, symmetric keys have been used for extended periods in circumstances in which key exchange was very difficult or only possible intermittently. Preferably, the symmetric key should change with each message or interaction, so that only that message will become readable if the key… Read more »