Title :
Reliability analysis for cryptographic key management
Author :
Sheng Xiao ; Weibo Gong ; Towsley, Don ; Qingquan Zhang ; Ting Zhu
Author_Institution :
Coll. of Inf. Sci. & Eng., Hunan Univ., Changsha, China
Abstract :
The main duty of key management is to keep cryptographic keys in secret. However, it is difficulty to quantitatively assess that how well does a key management scheme protect the keys. In this paper, we propose to use reliability theory, which was mainly used to evaluate performance persistence for engineering systems, to estimate the performance of key management schemes. The reliability analysis leads to counter-intuitive results such as the widely deployed periodic key update scheme is ineffective when key thefts are possible. The analysis also shows that using password with an electronic security token for authentication is a strong security measure in the beginning but is unreliable in the long run. In general, the reliability analysis demonstrates that current key management schemes focus too much on postponing the first key theft from occurring but lack of considerations on quickly recovering stolen keys. In the later part of this paper, we discuss possible directions that may improve the reliability of key management schemes.
Keywords :
private key cryptography; reliability theory; telecommunication network management; authentication; counter-intuitive results; cryptographic key management; electronic security token; engineering systems; key management scheme; key thefts; periodic key update scheme; reliability analysis; reliability theory; stolen keys; Authentication; Availability; Reliability engineering; Reliability theory; Safety;
Conference_Titel :
Communications (ICC), 2014 IEEE International Conference on
Conference_Location :
Sydney, NSW
DOI :
10.1109/ICC.2014.6883450
