Analysis of Encryption Key Management Systems: Strengths, Weaknesses, Opportunities, Threats

Kuzminykh, Ievgeniia; Yevdokymenko, Maryna; Ageyev, Dmytro

doi:10.1109/picst51311.2020.9467909

Cited by 7 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the second part, the results were aggregated into groups based on the attributes, to rank issues and measures, and to calculate percentages, which gives a clear image of how the users view the issues, the results of the measures, and if there is a difference between the groups that need to be considered. In the third part, the SWOT analysis framework was used as an analytical lens to obtain a clear view of the strengths, weaknesses, opportunities, and threats of IoT adoption with regard to security, privacy, and trust (Kuzminykh et al, 2020) (Figure 2).…”

Section: Methodsmentioning

confidence: 99%

Users’ Privacy and Security Concerns that Affect IoT Adoption in the Home Domain

Schuster

Habibipour

2022

International Journal of Human–Computer Interaction

View full text Add to dashboard Cite

Internet of things (IoT) technology must provide users with benefits that outweigh the costs and risks for it to be widely accepted and adopted. New functionality is continuously added, and costs decrease with the increasing volumes and technological advances; however, the risks also increase as technology becomes increasingly integrated into human lives. This survey study of 251 respondents investigated how users and different user groups perceive IoT security and privacy in the home domain, their trust in the involved parties, and how different types of measures, as suggested by the literature, can affect user adoption. The results indicate that people are particularly concerned about security and privacy and are fearful of breaches and misuse. A large majority of the people do not believe the products to be secure. Less than a third of the users trust manufacturers, service providers, and governments to uphold their privacy; this remarkably hinders IoT adoption.

show abstract

Section: Methodsmentioning

confidence: 99%

Users’ Privacy and Security Concerns that Affect IoT Adoption in the Home Domain

Schuster

Habibipour

2022

International Journal of Human–Computer Interaction

View full text Add to dashboard Cite

show abstract

“…• Unauthorized disclosure prevention: An EKM must prevent unauthorized disclosure of key material or metadata [20], [21], [22]. It must implement authentication and authorization mechanisms to control access to key material.…”

Section: B Overview Of Encryption Key Managementmentioning

confidence: 99%

“…• Secure destruction of key material: An EKM must facilitate secure destruction of key material when a key is no longer required [20]. This can arise in various circumstances: a key can be rotated (based on a time-based or usage-based trigger) as part of normal operations, a key can be discovered to be compromised and rotated out, or the cryptosystem as a whole could require zeroization (e.g., if it is about to fall into unfriendly hands).…”

Section: B Overview Of Encryption Key Managementmentioning

confidence: 99%

On the Development of a Protection Profile Module for Encryption Key Management Components

Sun

Chan

et al. 2023

IEEE Access

View full text Add to dashboard Cite

The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, including the key's generation, usage, distribution, renewal, and destruction. Given the security sensitivity, it is desirable to adopt a widely accepted standard when developing an encryption key management system. Through rigorous development of security requirements and following standardized validation, evaluation, and certification, the consumers' confidence in the security of the EKM system will be enhanced. The Protection Profile (PP), defined in the Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC), specifies the security functional and assurance requirements for a specific technology. In this work, we propose a PP Module that is the new evolution of the PP covering trusted security features for EKM, which is based on its compliance with the Network Device collaborative Protection Profile (NDcPP). In particular, by analyzing threats and vulnerabilities of EKM systems, corresponding security objectives and requirements are proposed in the PP, along with the specification of evaluation activities. The quantum-safe aspect of key distribution protocols is further investigated to support EKM products with quantum-resistant algorithms and quantum key distribution features. In addition to presenting the development methodology and implementation process for the PP Module of EKM, we distill lessons learned from developing and validating the PP Module to inspire future research efforts on defining security requirements with the CC.

show abstract

Safeguarding IoT: Harnessing Practical Byzantine Fault Tolerance for Robust Security

Zafar,

Khanna,

Jain

et al. 2024

Proceedings of Data Analytics and Management

View full text Add to dashboard Cite

Analysis of Encryption Key Management Systems: Strengths, Weaknesses, Opportunities, Threats

Cited by 7 publications

References 8 publications

Users’ Privacy and Security Concerns that Affect IoT Adoption in the Home Domain

Users’ Privacy and Security Concerns that Affect IoT Adoption in the Home Domain

On the Development of a Protection Profile Module for Encryption Key Management Components

Safeguarding IoT: Harnessing Practical Byzantine Fault Tolerance for Robust Security

Contact Info

Product

Resources

About