Critical security parameter

Critical security parameter definition

A critical security parameter is data that is essential to the secure operation of a cryptographic module.

The loss, compromise, or unauthorized disclosure of a CSP weakens the security of a cryptographic module, so CSPs require stringent protection.

See also: biometric device, biometric security, biometric authentication, biometric data, passcode, encryption key

Examples of CSPs

• Cryptographic keys. Private keys, public keys, and symmetric keys. They are used in encryption, decryption, digital signatures, and other cryptographic operations.
• Seed values. These initial values generate a sequence of random or pseudorandom numbers used for generating cryptographic keys.
• PINs. PINs authenticate users in various systems, especially common in banking.
• Passwords and passphrases. Used for accessing cryptographic modules, encrypting keys, or authenticating users.
• Secret and private key components. Parts of a cryptographic key that — when combined — reconstruct the original key.
• Digital certificates. Used in public key infrastructure (PKI), these certificates verify the ownership of a public key.
• Security policies configuration data. Configuration settings that control the operation of a cryptographic module: algorithms, key lengths, and modes of operation.
• Cryptographic seed material. Used to derive keys and other cryptographic parameters.
• Initialization vectors (IVs) and nonces. Used in certain encryption modes to ensure that the same plaintext will not result in the same ciphertext when encrypted multiple times.
• Biometric templates. Systems that use biometrics for authentication consider stored biometric data a CSP.