Zeroisation
Encyclopedia
In cryptography
, zeroisation (also spelled zeroization) is the practice of erasing sensitive parameters (electronically stored data, cryptographic keys, and CSPs
) from a cryptographic module to prevent their disclosure if the equipment is captured. This is generally accomplished by altering or deleting the contents to prevent recovery of the data. When encryption
was performed by mechanical devices
, this would often mean changing all the machine's settings to some fixed, meaningless value, such as zero
. On machines with letter settings rather than numerals
, the letter 'O' was often used instead. Some machines had a button or lever for performing this process in a single step. Zeroisation would typically be performed at the end of an encryption session to prevent accidental disclosure of the keys, or immediately when there was a risk of capture by an adversary.
In modern software based cryptographic modules, zeroisation is made considerably more complex by issues such as virtual memory
and compiler
optimisation
s . Also, zeroisation may need to be applied not only to the key, but also to a plaintext
and some intermediate values. A cryptographic software developer must have an intimate understanding of memory management in a machine, and be prepared to zeroise data whenever a sensitive location might move outside the security boundary. Typically this will involve overwriting the data with zeroes, but in the case of some types of non-volatile storage the process is much more complex; see data remanence
.
As well as zeroising data due to memory management, software designers consider performing zeroisation:
Informally, software developers may also use zeroise to mean any overwriting of sensitive data, not necessarily of a cryptographic nature.
In tamper resistant
hardware, automatic zeroisation may be initiated when tampering is detected. Such hardware may be rated for cold zeroisation, the ability to zeroise itself without its normal power supply
enabled.
Standards for zeroisation are specified in ANSI
X9.17 and FIPS 140-2
.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, zeroisation (also spelled zeroization) is the practice of erasing sensitive parameters (electronically stored data, cryptographic keys, and CSPs
Critical Security Parameter
In cryptography, the abbreviation CSP may refer to Critical Security Parameter. A Critical Security Parameter is information that is either user or system defined and is used to operate a cryptography module in processing encryption functions including cryptographic keys and authentication data,...
) from a cryptographic module to prevent their disclosure if the equipment is captured. This is generally accomplished by altering or deleting the contents to prevent recovery of the data. When encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
was performed by mechanical devices
Rotor machine
In cryptography, a rotor machine is an electro-mechanical device used for encrypting and decrypting secret messages. Rotor machines were the cryptographic state-of-the-art for a prominent period of history; they were in widespread use in the 1920s–1970s...
, this would often mean changing all the machine's settings to some fixed, meaningless value, such as zero
0 (number)
0 is both a numberand the numerical digit used to represent that number in numerals.It fulfills a central role in mathematics as the additive identity of the integers, real numbers, and many other algebraic structures. As a digit, 0 is used as a placeholder in place value systems...
. On machines with letter settings rather than numerals
Numerical digit
A digit is a symbol used in combinations to represent numbers in positional numeral systems. The name "digit" comes from the fact that the 10 digits of the hands correspond to the 10 symbols of the common base 10 number system, i.e...
, the letter 'O' was often used instead. Some machines had a button or lever for performing this process in a single step. Zeroisation would typically be performed at the end of an encryption session to prevent accidental disclosure of the keys, or immediately when there was a risk of capture by an adversary.
In modern software based cryptographic modules, zeroisation is made considerably more complex by issues such as virtual memory
Virtual memory
In computing, virtual memory is a memory management technique developed for multitasking kernels. This technique virtualizes a computer architecture's various forms of computer data storage , allowing a program to be designed as though there is only one kind of memory, "virtual" memory, which...
and compiler
Compiler
A compiler is a computer program that transforms source code written in a programming language into another computer language...
optimisation
Optimization (computer science)
In computer science, program optimization or software optimization is the process of modifying a software system to make some aspect of it work more efficiently or use fewer resources...
s . Also, zeroisation may need to be applied not only to the key, but also to a plaintext
Plaintext
In cryptography, plaintext is information a sender wishes to transmit to a receiver. Cleartext is often used as a synonym. Before the computer era, plaintext most commonly meant message text in the language of the communicating parties....
and some intermediate values. A cryptographic software developer must have an intimate understanding of memory management in a machine, and be prepared to zeroise data whenever a sensitive location might move outside the security boundary. Typically this will involve overwriting the data with zeroes, but in the case of some types of non-volatile storage the process is much more complex; see data remanence
Data remanence
Data remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
.
As well as zeroising data due to memory management, software designers consider performing zeroisation:
- When an application changes mode (e.g. to a test mode) or user;
- When a computer process changes privilegesComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
; - On termination (including abnormal termination);
- On any error condition which may indicate instability or tampering;
- Upon user request;
- Immediately, the last time the parameter is required; and
- Possibly if a parameter has not been required for some time.
Informally, software developers may also use zeroise to mean any overwriting of sensitive data, not necessarily of a cryptographic nature.
In tamper resistant
Tamper resistance
Tamper resistance is resistance to tampering by either the normal users of a product, package, or system or others with physical access to it. There are many reasons for employing tamper resistance....
hardware, automatic zeroisation may be initiated when tampering is detected. Such hardware may be rated for cold zeroisation, the ability to zeroise itself without its normal power supply
Power supply
A power supply is a device that supplies electrical energy to one or more electric loads. The term is most commonly applied to devices that convert one form of electrical energy to another, though it may also refer to devices that convert another form of energy to electrical energy...
enabled.
Standards for zeroisation are specified in ANSI
American National Standards Institute
The American National Standards Institute is a private non-profit organization that oversees the development of voluntary consensus standards for products, services, processes, systems, and personnel in the United States. The organization also coordinates U.S. standards with international...
X9.17 and FIPS 140-2
FIPS 140-2
The Federal Information Processing Standard Publication 140-2, , is a U.S. government computer security standard used to accredit cryptographic modules. The title is Security Requirements for Cryptographic Modules...
.