Traditional Approaches

The security and control of cryptographic keys is fundamental to ensuring the effectiveness of many security functions, and whilst existing approaches have good points, they also have disadvantages.

Where the direct use by a device of dedicated security hardware is not appropriate or available, there are two general approaches to ensuring the security and control of stored values such as cryptographic keys. These are Local or Centralised Key Storage...

The first concerns storing keys locally. Where they are protected (or encrypted) using a password, then there are two common approaches, one being to use a login password to make keys available to applications (possibly not just the intended application) on the device, the other is to use a password when the key is required. The problem with this type of approach is that protection is only as good as the password employed, and so the keys are vulnerable to attacks such as an exhaustive search on the password. If stored keys are to be protected by being encrypted with a full strength encryption key, then all you have really achieved is to redefine the problem of how to protect one set of keys with how to protect another (similar) set of keys.

  • Advantages: Users have full ownership and control over their keys
  • Disadvantages: Vulnerable to compromise by accessing or analysing the content of the device, and if protected by a password then reliant on the password strength

The other approach is to store keys in a centralised server or service, often employing a HSM (Hardware Security Module) for physical protection. Sometimes all keys are stored centrally, sometimes it is just a master key that is used to decrypt other keys as necessary.

  • Advantage: Centralised management
  • Disadvantages: Effectively entrusting keys to another party, and concentrates all security and trust in one place thereby creating a single point of failure - sometimes referred to as 'all eggs in one basket'

A new approach from SEAcurIT-e

SEAcurIT-e® takes advantage of the best features of available tools and technology, while compensating for disadvantages.

It is based on the premise that any device can be compromised and its content subject to exhaustive analysis, and it designed to remain resilient.

  • Leverage the high availability and integrity of data centres or similar Cloud services to significantly enhance the security and control of cryptographic keys and other security values
    • But do so while maintaining full control over the secrecy of keys, and without sacrificing or diminishing control over secrecy
    • Doesn't entrust the secrecy of keys to another party
    • Computationally infeasible to derive any information about keys or other security values, even if a user's password is known
    • Provider can be changed and data migrated as there is no secrecy requirement
    • Organisations free to choose their own provider
  • No information about keys can be obtained by analysing the key storage-related information resident on a device
    • No system information can be used as a basis to compromise keys or user passwords (such as by exhaustive search), irrespective of the strength of the password
  • No vesting of security in a single system component
  • Gives the benefits of centralised management and control but without entrusting the secrecy of keys to another party
  • Ensures that the secrecy of keys remains protected if any part of system is compromised
  • Can refresh system values without requiring any changes to the keys being managed
    • May be a scheduled update or be triggered by a security event
    • The refresh process can be invisible to users