Secure introduction for enterprise secrets : An evaluation framework

Abstract: A dependency on secrets is inherent in most IT systems, especially as they become increasingly complex and interdependent. Vast amounts of research have explored how to protect the confidentiality, integrity and authenticity of secrets through means such as encryption and authentication. These means are in themselves supported by secrets, and introducing those secrets is an area that has seen less exploration. Secrets are protected by secrets, and the secret at the top needs to be provided by one of the numerous methods with various advantages and disadvantages. This work follows a design science research approach to design a framework for comparing those methods of secure introduction, demonstrated through scenarios and practical exercises.