[ Last changed: 17th October 1996 ]
Key management is undoubtedly one of the most important aspects of any cryptographic system. The skill of the designers who produce algorithms to withstand sophisticated cryptanalytic attacks is completely wasted if keys can be obtained by much simpler means such as seeing them displayed on a screen.
In this seminar we will present a low-level discussion on some of the basic aspects of key management; generation, distribution, storage, change and destruction. The discussion will encompass both symmetric and asymmetric systems.
For a symmetric system all keys must be secret and the distribution of those keys, particularly during initialisation, is a major headache. The introduction of asymmetric systems removed the requirement that all keys must be secret and thus changed the nature of the key distribution problem. However, for asymetric systems public keys must be authentic and must have other specific properties. These requirements create new problems.
Generic key hierarchical systems will be discussed and, possibly, some schemes designed to solve specific problems eg the transation key system for EFTPOS. The relevant standards will also be mentioned.