Some Applications for SEAcurIT-e®
Blockchain is an unalterable distributed register of events or transactions. To ensure that ledger entries have a usefulness or value and to maintain control over assets, the security and control of cryptographic keys at nodes (or wallets) is essential.
In a decentralised environment such as Blockchain, nodes may have complete and independent control over the secrecy of their security values, and the reliance on trusted centres of security is often undesirable.
SEAcurIT-e® can protect private signature keys and other security values on both private and public ledgers. It is scalable, simplifies key management and reduces risk, and as a software solution there is no requirement for dedicated hardware.
The powerful and flexible management capabilities provided by SEAcurIT-e® range from full independent control by users or nodes, to the centralised management and control of access and use of security values but without nodes ceding control over secrecy.
The strength and effectiveness of encryption is ultimately dependent upon good key management, particularly storage and control of use.
This is equally true no matter what the method of encryption or the type of key management - from using a stored key with a symmetric cipher such as AES, or when public keys are used as a means to distribute encryption keys or for signatures.
Furthermore, successful deployments rely on the ability to facilitate and control the use of encryption, such as managing secured information and who can access it from which device. SEAcurIT-e® is a new approach that offers the advantages of traditional approaches but without the disadvantages, as summarised here. It can buttress and enhance PKI and other schemes for the management of cryptographic keys adding distinct benefits and capabilities in security and control, or serve as a robust and practical key management framework to support the use of encryption in a wide range of applications.
SEAcurIT-e® supports both administration facilities for the centralised management and control of users and devices, and individual user management capabilities.
SEAcurIT-e® is ideally suited to securing cloud applications and infrastructure, such as the creation of private and hybrid clouds. It is an adaptable and scalable security solution that can be embedded in any cloud offering to significantly enhance security, management and control.
It provides a foundation for the secure, controllable and effective application of security functions at a Cloud provider, locally at an end user device, or at a gateway service.
Where security functions such as encryption are applied at endpoints prior to information being passed to a cloud provider, it is necessary to secure and manage keys across potentially many different endpoint devices. These could be private keys (of a public/private key pair) specific to a user or device, where individual private keys may be shared across multiple devices if a user has one identity and uses more than one device. Or they could be a collection of (symmetric) keys used to process secure data, where the keys have to be available to every user and device with access to the data.
Where security functions are applied at a gateway prior to information being passed to a cloud provider, all keys for all users must be managed and available at the gateway. SEAcurIT-e® ensures these keys are properly protected and controlled without the need for dedicated hardware, while maintaining complete control over the keys themselves.
For Cloud resident secure applications, it can ensure that stored sensitive information such as stored encryption keys are not accessible to unintended parties in what is an inherently accessible environment.
By associating data with keys, managing keys controls access to data. Furthermore, the association between users and their available keys allows straightforward access control management.
Enhanced Password Security
SEAcurIT-e® overcomes issues surrounding short, easy to guess passwords, and ensures password check values cannot be used as a basis to compromise passwords.
When deployed at web sites, SEAcurIT-e® provides a cost effective means of protecting user information from being compromised by an attack on a site, without requiring the use of dedicated hardware. This includes protection against an exhaustive search on the compromised information, a technique sometimes used to determine user passwords.
Types of user information that can be protected include password-related information, personally identifiable information, or payment card details.
The use of SEAcurIT-e® is completely transparent to end users.
The SEAcurIT-e® architecture includes a component with the ability to monitor and control patterns of use, and to allow or deny access to security values such as cryptographic keys - all without any knowledge of the security values themselves.
This can be enhanced by using artificial intelligence to determine if keys are to be made available in any given instance, based upon analysis of patterns of behaviour that include which keys are accessed by which party, on which device and from which location.
SEAcurIT-e® can meet the security needs of IoT devices where it is typically necessary to store and manage secrets such as encryption keys or authentication values.
Such values are used for purposes such as:
- Verifying the integrity of critical device-resident data (software attestation)
- Securing information for onward processing, storage or distribution in the cloud
Strong authentication utilising cryptographic methods relies on the protection and control of authentication keys.
SEAcurIT-e® is both a tool to strengthen the security of such authentication methods, or it can provide a complete solution itself. It supports multiple approaches, from the background and largely hidden use of authentication keys in applications using usernames and passwords, to where authentication keys must be available on more than one device, to overcoming vulnerabilities with weak passwords. It is device specific, with multiple devices and accounts efficiently managed and controlled. Browser authentication is supported by a dedicated authentication scheme that counters real-time man-in-the-middle (phishing) attacks.