Unreferenced date August 2009 In cryptography , zeroisation also spelled zeroization is the practice of erasing sensitive parameters electronically stored data, cryptographic key s, and Critical Security Parameter CSPs from a cryptographic module to prevent their disclosure if the equipment is captured. This is generally accomplished by altering or deleting the contents to prevent recovery of the data. ref http csrc.nist.gov publications fips fips140 2 fips1402.pdf ref When encryption was performed by rotor machine mechanical devices , this would often mean changing all the machine s settings to some fixed, meaningless value, such as 0 number zero . On machines with letter settings rather than Numerical digit numerals , the letter O was often used instead. Some machines had a button or lever for performing this process in a single step. Zeroisation would typically be performed at the end of an encryption session to prevent accidental disclosure of the keys, or immediately when there was a risk of capture by an adversary. Citation needed date June 2011 In modern software based cryptographic modules, zeroisation is made considerably more complex by issues such as virtual memory and compiler optimization computer science optimisation s Citation needed date January 2010 . Also, zeroisation may need to be applied not only to the key, but also to a plaintext and some intermediate values. A cryptographic software developer must have an intimate understanding of memory management in a machine, and be prepared to zeroise data whenever a sensitive location might move outside the security ... data due to memory management, software designers consider performing zeroisation When an application ... resistance tamper resistant hardware, automatic zeroisation may be initiated when tampering is detected. Such hardware may be rated for cold zeroisation , the ability to zeroise itself without its normal power supply enabled. Standards for zeroisation are specified in American National Standards ... more details
see power analysis Tamper resistant chips may be designed to Zeroisation zeroise their sensitive ... of specification environmental parameters. A chip may even be rated for cold zeroisation , the ability ... more details
Citations missing date March 2007 The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA approved systems are still Classified information in the United States classified , but much more about its early systems has become known and its most modern systems share at least some features with commercial products. Rotor machine s from the 1940s and 1950s were mechanical marvels. The first generation electronic systems were quirky devices with cantankerous punched card readers for loading key cryptography keys and failure prone, tricky to maintain vacuum tube circuitry. Late 20th century systems are just Black box systems black box es, often literally. In fact they are called blackers in NSA parlance because they convert classified signals red into unclassified signals black . They typically have electrical connector s for the red signals, the black signals, electrical power, and a port for loading keys. Controls can be limited to selecting between fill device key fill , normal operation and diagnostic modes and an all important Zeroisation zeroize button that erases classified information including keys and perhaps the encryption algorithms. 21st century systems often contain all the sensitive cryptographic functions on a single, tamper resistant integrated circuit that supports multiple algorithms and allows over the air or network rekeying, so that a single AN PRC 152 hand held field radio can interoperate with most current NSA cryptosystems. http www.rfcomm.harris.com products tactical radio communications an prc 152.pdf Security factors NSA has to deal with many factors in ensuring the security of communication and information COMSEC and Information security INFOSEC in NSA jargon Confidentiality and authentication making sure messages cannot be read by unauthorized people and that they cannot be forged nonrepudiation . Little is publicly known about the algorithms ... more details
Encyclopedia
top
