With the advent of support for public key cryptography in Web browsers, the use of public key cryptographic signatures and authentication protocols is becoming more common.
The security of the private key, however, remains a problem. The most basic threat is the theft of a private key that is stored on a disk. Usually such a key is stored in a software key container, a file, wherein the keys are encrypted by using a password.
An attacker that steals the container can try to guess the password using a dictionary attack.
To overcome such problems, CA Strong Authentication provides a method for secure storage of private keys in software, using cryptographic camouflage, where attacks on the key container are inherently supervised.
The key container embeds the user’s private key among spurious private keys. An attacker who tries to crack the key container will recover many plausible private keys, but will not be able to distinguish the correct private key from the spurious decoys until they use the keys to sign the challenge and send it to the CA Strong Authentication Server. In such cases, CA Strong Authentication Server notices the multiple authentication failures and suspends the user’s access.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|