Each day, more of the world’s information and activity is moved onto digital platforms. Books, mail, music, gambling—the list goes on.
As we further progress into the digital age, we must also recognize the corresponding security risks. It’s never been so easy for somebody you don’t know to gain access to your personal information. On a larger scale, an organization’s sensitive data is always in jeopardy if not properly secured.
These modern problems require modern solutions. Similar to how you might put your money in a safe or keep valuables behind a locked door, digital users harness encryption keys to protect their information and data.
Encryption keys are random bits of information compiled specifically for scrambling and unscrambling data. Each one is built with an algorithm that keeps it unique and unpredictable.
Encryption keys can be used to encrypt data, decrypt data, or both. The longer the key, the more difficult the code will be to crack.
Encryption keys use a cipher to convert images, programs, and other information into indiscernible code. That data can only be deciphered by a matching key. This allows people to send and/or protect sensitive information without fear of interception.
Encryption keys often have two types of keys:
These keys are created and stored on key management servers, as are their attributes.
In addition to continuously maintaining digital access to these keys, the key management server must also be powered to keep data from being lost. To prevent system failures and keep encryption keys separate, they are often powered with batteries.
Encryption key batteries are an essential component of cybersecurity because they help the key management server maintain a more private and regulated system.
An encryption key management system comprises multiple parts. Protecting and operating an encryption key takes a lot of work. Encryption key maintenance is primarily regulated by the National Institute of Standards and Technology (NIST).
Before a key is activated, it must be assigned an estimated operational cryptoperiod, which means the creator must outline the amount of time it will be authorized for use. Typically, the more sensitive the information a key protects, the shorter its cryptoperiod will be.
The list below outlines the stages of an encryption key’s full life-cycle.
Encryption keys are built for security, so it makes sense that they must be properly secured. There are two main types of security that must be addressed: physical security and logical security.
Along with the use of a hardware security module (HSM), physical security involves the actual environment in which the key manager is located. This security plan should include safeguards for the considerations listed below.
FIPS 140-2 also lists four levels of increasing security that represent a corresponding threat level.
Once physical security has been established, you can focus on logical security. This is how you can separate the cryptographic components that hold the keys from other items in the network.
There are three primary factors to consider for logical security.
The last necessary task is to establish the role of the user in an encryption key system. NIST encourages the concept of least privilege, meaning you only allow people the minimum access they need to perform their job.
User access should be limited logically and physically to ensure security on both fronts. Keys can be restricted upon creation to only allow access for individuals with certain roles.
Depending on what you plan to use your encryption key for, there are two main strategies of encryption/decryption that are typically used: symmetric and asymmetric.
Symmetric encryption systems use one password as an encryptor and a decryptor. This is a very secure option for storing information. However, because the encryptor and decryptor are on a single key, information can sometimes be stolen or leaked when the password is shared.
When using symmetric encryption, you are encouraged to update the key frequently to improve your security. This type of key is often used for data-at-rest, such as information stored in a database that can be accessed by authorized users.
Similar to symmetric keys, asymmetric encryption keys use a complex algorithm to secure data. The difference is that an asymmetric system has two keys, one for encryption and one for decryption. These two keys are referred to as a key pair and can only be used together. This way, the encryption key can be shared freely with the public, while the decryption key is kept private—only to be used for accessing the encrypted data submitted by the public.
Asymmetric encryption is considered more reliable because only the holder of the private key can access the encrypted information. When the key pair is activated, the public key owner will get a message requesting a passcode.
For optimal security, the passcode should be delivered manually, but some software allows users to store the code so decryption is automatic upon receiving the message. These keys are used to secure data-in-motion. One asymmetric encryption key example is a virtual private network (VPN).
The cryptoperiod for symmetric keys is shorter than that for asymmetric keys due to necessary cipher updates, but the key server still must have a power supply to keep the system up and running.
Current batteries for encryption keys do not last a sufficient amount of time and require replacements for long-term projects. Battery efficiency can also decrease based on usage and may be influenced by extreme environmental conditions.
At City Labs, we have developed small betavoltaic batteries powered by tritium decay that can output energy for over 20 years. Our batteries have a consistent and predictable drop-off that does not change based on usage. Many of our partners are still using our devices for a variety of applications.
See how our NanoTritium™ technology works to power encryption keys and other microelectronics.
City Labs batteries can also be confidently placed in convenient locations. We have a patent for putting power sources directly on the circuit board to hide them and make the energy easily accessible.
Our Power Source Package patent provides increased security for your encryption key management server by eliminating the risk of power outages and sheltering your battery in a safer place.
City Labs NanoTritium™ batteries will greatly increase the lifespan of your encryption keys, allowing you to keep data safe for longer periods of time without maintenance under a wide range of temperatures and environmental conditions. This feature is especially useful for security servers in remote locations or keys in places that are not easy to access.