Key Revocation

About

Key revocation is the process of invalidating cryptographic keys before their natural expiration. This is crucial for maintaining the security of cryptographic systems, especially when a key is suspected to be compromised, or when a key holder's permissions are revoked. Proper key revocation practices ensure that unauthorized parties cannot use invalidated keys to access encrypted data or perform cryptographic operations.

Key Concepts

1. Types of Keys Involved in Revocation

  • Symmetric Keys: Used for symmetric encryption algorithms where the same key is used for both encryption and decryption. Symmetric keys must be revoked if compromised or no longer needed.

  • Asymmetric Keys: Consist of a public key and a private key. The private key is typically the focus of revocation because its compromise can lead to unauthorized decryption or signing.

2. Revocation Mechanisms

  • Certificate Revocation Lists (CRLs): Lists of revoked certificates issued by Certificate Authorities (CAs). Clients check these lists to ensure certificates are still valid.

  • Online Certificate Status Protocol (OCSP): A protocol used by clients to check the revocation status of a digital certificate in real-time from an OCSP responder.

  • Key Management Systems (KMS): Tools and services that manage keys and can enforce key revocation policies.

3. Reasons for Key Revocation

  • Key Compromise: A key is suspected or confirmed to be compromised.

  • User or System Changes: The key holder’s access rights have changed (e.g., an employee leaves the company).

  • Expiration and Renewal: The key is being replaced as part of a regular key rotation process.

  • Policy Violations: The key holder has violated security policies, necessitating key revocation.

Use Cases

1. Secure Web Communications (SSL/TLS)

Scenario: A company needs to revoke an SSL/TLS certificate due to a suspected compromise.

  • CRLs and OCSP: The issuing CA publishes the revoked certificate on a CRL and updates its OCSP responder to reflect the revocation. Clients checking the certificate will see it as revoked and refuse to establish a secure connection.

  • Automated Updates: Web servers and applications configured to regularly check CRLs and OCSP responses ensure they recognize revoked certificates promptly.

2. API Security in RESTful Services

Scenario: A company provides RESTful APIs and needs to revoke API keys and tokens that are compromised or no longer valid.

  • API Gateway Management: API gateways can invalidate API keys and tokens, preventing further access. Revoked keys are removed from the active key database.

  • Token Revocation Endpoints: OAuth 2.0 frameworks often include endpoints for token revocation, allowing applications to programmatically revoke access tokens and refresh tokens.

3. Secure File Storage and Transfer

Scenario: A company needs to revoke encryption keys used for file storage and transfer because of a suspected breach.

  • Re-encryption: Files encrypted with the revoked keys are re-encrypted with new keys to maintain their confidentiality.

  • Access Control Updates: Systems and applications are updated to recognize and use new keys, ensuring revoked keys can no longer decrypt files.

4. Database Encryption

Scenario: A company needs to revoke database encryption keys due to policy changes or suspected compromise.

  • Key Rotation: Database encryption keys are rotated, and the old keys are marked as revoked. Data is re-encrypted with the new keys.

  • Transparent Data Encryption (TDE): TDE systems often support automated key rotation and revocation, ensuring that data remains secure during the transition.

5. IoT Device Security

Scenario: A company deploys IoT devices that need to revoke keys used for device authentication and data encryption.

  • Device Management Platforms: IoT device management platforms can push updates to devices to revoke old keys and install new keys securely.

  • Firmware Updates: Devices can receive firmware updates that include new keys, ensuring that old keys are no longer used.

Best Practices for Key Revocation

1. Implement Comprehensive Revocation Policies

  • Clear Criteria: Define clear criteria for when and why keys should be revoked. Include key compromise, policy violations, and user or system changes.

  • Regular Reviews: Regularly review keys to identify those that should be revoked based on the defined criteria.

2. Use Reliable Revocation Mechanisms

  • CRLs and OCSP: Ensure that systems and applications are configured to use CRLs and OCSP to check the validity of certificates.

  • KMS Solutions: Leverage KMS solutions that provide robust key management, including revocation capabilities.

3. Ensure Timely Revocation

  • Automated Processes: Automate the key revocation process to ensure keys are revoked promptly when necessary. Use automated scripts or integrated tools.

  • Immediate Action: Act immediately to revoke keys when a compromise is suspected or confirmed.

4. Communicate Revocation

  • Notification Systems: Implement notification systems to inform relevant parties when keys are revoked. This ensures that all stakeholders are aware and can take necessary actions.

  • Documentation: Maintain detailed documentation of key revocation events, including reasons and actions taken.

5. Validate Revocation

  • Regular Checks: Regularly check that revoked keys are no longer in use. Use automated tools to scan systems for revoked keys.

  • Audit Logs: Maintain audit logs of key usage and revocation events. Regularly review these logs to ensure compliance with revocation policies.

PreviousKey RotationNextEncryption | Decryption

Last updated