An enterprise uses AES-256 encryption for its SAN volumes. During an internal compliance review, auditors flag that the master volume-encryption key (MEK) can be exported by a single storage administrator who possesses the key-management server credentials. The security architect must implement a control so that any future export or use of the MEK will demand the cooperation of two separate custodians, each of whom holds a different key token, and that neither token by itself reveals any information about the MEK.
Which of the following mitigation techniques best satisfies this requirement?
Require the storage administrator to log in to the key-management server with smart-card-based multi-factor authentication.
Rotate the MEK every 30 days and store previous keys in an offline, fire-proof safe managed by the security team.
Load the MEK into a single hardware security module (HSM) and protect the HSM with a strong administrator PIN.
Divide the MEK using a split-key (secret-sharing) scheme so that two custodians must combine their separate key shares before the MEK can be reconstructed.
Splitting the master key into two independent cryptographic shares enforces split knowledge and dual control: each custodian's token is useless on its own, and both must collaborate to reconstruct or use the MEK. Storing the key in a single HSM with a PIN (or adding MFA) still allows one individual to act alone once authenticated, while periodic key rotation with offline storage does not stop a lone administrator from accessing the current key. Only the split-key approach directly eliminates single-person control over the encryption key.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a split-key (secret-sharing) scheme?
Open an interactive chat with Bash
Why is a single hardware security module (HSM) with a PIN insufficient in this scenario?
Open an interactive chat with Bash
What are the advantages of using dual control and split knowledge for key management?