Symmetric Key Size for Different Level of Information Classification

Abstract

Information is an important asset to an organization as well as to a nation. Incorrect handling of information may cause economic damage to an organization or cause harm to national security. Some of the information is confidential or sensitive. Confidential information can be categorized into various levels of classification. The classification depends on the level of damage to an organization or to national security when the information is disclosed. Therefore confidential information is normally protected by using cryptographic algorithms. In these algorithms, key is an important element since it is one of the parameters that determine the level of security that the algorithms can provide. The larger the key size, the better security it can provide. Small key sizes are vulnerable to exhaustive attacks. Debates on key sizes were discussed in many literature and documents of software vendors that provide cryptographic solutions. Hence we think that different information classification should be protected with different key sizes. The aim of this paper is to propose key sizes for different classification of information. First we discussed about different levels of information classification. Then we proposed a model to determine adequate key sizes based on Lenstra’s model. Our proposed model includes a lifespan of information to be encrypted. By using this model, we then propose key sizes for different levels of information classification.