The use of public key cryptographic signatures and authentication protocols is becoming more common with the advent of support for public key cryptography in Web browsers. The security of the private key, however, remains a problem. The most basic threat is the theft of a private key that is stored on a disk. Usually such a key is stored in a software key container, a file, wherein the keys are encrypted by using a password. An attacker who steals the container can try to guess the password using a dictionary attack.
To overcome such problems, CA Strong Authentication provides a method for secure storage of private keys in software, using cryptographic camouflage. Attacks on the key container are inherently supervised. The key container embeds the user’s private key among spurious private keys. An attacker who tries to crack the key container will recover many plausible private keys. The attacker will not be able to distinguish the correct private key from the spurious decoys until they use the keys to sign the challenge and send it to CA Strong Authentication Server. CA Strong Authentication Server notices the multiple authentication failures and suspends the user’s access.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|