Adi Shamir, Nicko van Someren, "Playing `Hide and Seek' with Stored Keys", Financial Cryptography 1999.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....[11] for the NIDES system [12] His method requires storing keys on the local host, which virtually means that anyone that gains access to the host also gains access to the key and thereby the policy. Hiding the key does not really help in the long run as Shamir and van Someren demonstrates in [14]. Beside this, we could be stuck with the problem of distributing keys to a possibly vast number of hosts, if the IDS or the firewall is distributed or cooperating with other IDSs or firewalls. Another way of protecting the policy could be to use one way functions. To our knowledge this has not ....

A. Shamir, Nico van Someren, "Playing hide and seek with stored keys", Weizmann Institute of Science, Israel; nCipher Corporation Limited, England, 1998

....provide exploits against the most widely fielded applications, but this is a matter of chance rather than of design. I m aware of no compatible weak key attacks on signature schemes that work in the general case. As for CAPI, the attack found by nCipher is completely di#erent: it is documented in [11]. I understand from them that in the end it was never necessary to exploit it. 4 Historical note: I first talked about forward secure signatures sometime in early 1997 at the regular security group meeting at Cambridge University. As far as I can reconstruct from the slides, sections 1.1 and 1.2 ....

A Shamir, N van Someren, "Playing `Hide and Seek' with Stored Keys", in Financial Cryptography 1999 pp 118--124

....issues concerning physical security. In a normal office environment, the system administrator or even a janitor can wait until the employee has left the office, open up his computer, take out the hard disk and read it with the help of another computer, bypassing all the security measures. Article [20] contains more information about extracting keys from raw disk image. Introducing physical security in office environment could be quite costly, e.g. one would have to install a safe for every workstation. One cannot store two computers in one safe because every user should be the only person to ....

....signing keys in the PDAs memory. In the other case, he gets the PDA, the smart card reader and the smart card. In the first case, all he has to do is to have the PDA dump all its memory contents to a PC and the extract keys. He probably will not have to use the statistical approach described in [20] because it is very likely that some popular signing program is used that stores its keys in some known location. Then he can perform a brute force attack on the user s PIN which is used to encrypt key and he can successfully fake signed documents from the privacy of his home. For popular signing ....

N. van Someren and A. Shamir. Playing hide and seek with stored keys. Available online at http://www.ncipher.com/products/rscs/ downloads/whitepapers/keyhide2.pdf, 1998.

No context found.

Adi Shamir, Nicko van Someren, "Playing `Hide and Seek' with Stored Keys", Financial Cryptography 1999.

No context found.

A. Shamir, and N. van Someren, "Playing hide and seek with stored key", Financial Cryptography 1999.

No context found.

A. Shamir and N. van Someren, "Playing hide and seek with stored keys," LNCS, vol. 1648, 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC