On the difficulty of protecting private keys in software

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

This paper makes simple observation on security of the networked cryptographic device resilient to capture that was developed to protect user’s private keys by software-only techniques. That scheme provided valuable features for secure generation of digital signatures or decryption of messages in a way of retaining a password-protected private key in a user-controlled device. The key idea was to exploit network connectivity rather than tamper-resistance of the device for securing the private key in software. However, we have found a few weak points that are not negligible in some sense. It was difficult to protect the private key in software even with provable security. So, we will describe such difficulties and provide possible solutions in this paper. Also the networked cryptographic devices will be augmented in that fashion.

Original languageEnglish
Title of host publicationInformation Security - 5th International Conference, ISC 2002, Proceedings
PublisherSpringer Verlag
Pages17-31
Number of pages15
Volume2433
ISBN (Print)3540442707, 9783540442707
Publication statusPublished - 2002 Jan 1
Event5th International Conference on Information Security, ISC 2002 - Sao Paulo, Brazil
Duration: 2002 Sep 302002 Oct 2

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2433
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other5th International Conference on Information Security, ISC 2002
CountryBrazil
CitySao Paulo
Period02/9/3002/10/2

Fingerprint

Electronic document identification systems
Software
Provable Security
Network Connectivity
Digital Signature
Password

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Kwon, T. (2002). On the difficulty of protecting private keys in software. In Information Security - 5th International Conference, ISC 2002, Proceedings (Vol. 2433, pp. 17-31). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2433). Springer Verlag.
Kwon, Taekyoung. / On the difficulty of protecting private keys in software. Information Security - 5th International Conference, ISC 2002, Proceedings. Vol. 2433 Springer Verlag, 2002. pp. 17-31 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{1eb30de053ed442c9d6f4f77dbe2a506,
title = "On the difficulty of protecting private keys in software",
abstract = "This paper makes simple observation on security of the networked cryptographic device resilient to capture that was developed to protect user’s private keys by software-only techniques. That scheme provided valuable features for secure generation of digital signatures or decryption of messages in a way of retaining a password-protected private key in a user-controlled device. The key idea was to exploit network connectivity rather than tamper-resistance of the device for securing the private key in software. However, we have found a few weak points that are not negligible in some sense. It was difficult to protect the private key in software even with provable security. So, we will describe such difficulties and provide possible solutions in this paper. Also the networked cryptographic devices will be augmented in that fashion.",
author = "Taekyoung Kwon",
year = "2002",
month = "1",
day = "1",
language = "English",
isbn = "3540442707",
volume = "2433",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "17--31",
booktitle = "Information Security - 5th International Conference, ISC 2002, Proceedings",
address = "Germany",

}

Kwon, T 2002, On the difficulty of protecting private keys in software. in Information Security - 5th International Conference, ISC 2002, Proceedings. vol. 2433, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2433, Springer Verlag, pp. 17-31, 5th International Conference on Information Security, ISC 2002, Sao Paulo, Brazil, 02/9/30.

On the difficulty of protecting private keys in software. / Kwon, Taekyoung.

Information Security - 5th International Conference, ISC 2002, Proceedings. Vol. 2433 Springer Verlag, 2002. p. 17-31 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2433).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - On the difficulty of protecting private keys in software

AU - Kwon, Taekyoung

PY - 2002/1/1

Y1 - 2002/1/1

N2 - This paper makes simple observation on security of the networked cryptographic device resilient to capture that was developed to protect user’s private keys by software-only techniques. That scheme provided valuable features for secure generation of digital signatures or decryption of messages in a way of retaining a password-protected private key in a user-controlled device. The key idea was to exploit network connectivity rather than tamper-resistance of the device for securing the private key in software. However, we have found a few weak points that are not negligible in some sense. It was difficult to protect the private key in software even with provable security. So, we will describe such difficulties and provide possible solutions in this paper. Also the networked cryptographic devices will be augmented in that fashion.

AB - This paper makes simple observation on security of the networked cryptographic device resilient to capture that was developed to protect user’s private keys by software-only techniques. That scheme provided valuable features for secure generation of digital signatures or decryption of messages in a way of retaining a password-protected private key in a user-controlled device. The key idea was to exploit network connectivity rather than tamper-resistance of the device for securing the private key in software. However, we have found a few weak points that are not negligible in some sense. It was difficult to protect the private key in software even with provable security. So, we will describe such difficulties and provide possible solutions in this paper. Also the networked cryptographic devices will be augmented in that fashion.

UR - http://www.scopus.com/inward/record.url?scp=84945318333&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84945318333&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84945318333

SN - 3540442707

SN - 9783540442707

VL - 2433

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 17

EP - 31

BT - Information Security - 5th International Conference, ISC 2002, Proceedings

PB - Springer Verlag

ER -

Kwon T. On the difficulty of protecting private keys in software. In Information Security - 5th International Conference, ISC 2002, Proceedings. Vol. 2433. Springer Verlag. 2002. p. 17-31. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).