Other Applications for SEAcurIT-e®
The strength and effectiveness of encryption is ultimately dependent upon good key management, particularly storage and control of use.
This is equally true no matter what the method of encryption or the type of key management - from using a stored key with a symmetric cipher such as AES, or when public keys are used as a means to distribute encryption keys or for signatures.
Furthermore, successful deployments rely on the ability to facilitate and control the use of encryption, such as managing secured information and who can access it from which device. SEAcurIT-e® is a new approach that offers the advantages of traditional approaches but without the disadvantages, as summarised here. It can buttress and enhance PKI and other schemes for the management of cryptographic keys adding distinct benefits and capabilities in security and control, or serve as a robust and practical key management framework to support the use of encryption in a wide range of applications.
SEAcurIT-e® supports both administration facilities for the centralised management and control of users and devices, and individual user management capabilities.
The SEAcurIT-e® architecture includes a component with the ability to monitor and control patterns of use, and to allow or deny access to security values such as cryptographic keys - all without any knowledge of the security values themselves.
This can be enhanced by using artificial intelligence to determine if keys are to be made available in any given instance, based upon analysis of patterns of behaviour that include which keys are accessed by which party, on which device and from which location.
SEAcurIT-e® is ideally suited to securing cloud applications and infrastructure, such as the creation of private and hybrid clouds. It is an adaptable and scalable security solution that can be embedded in any cloud offering to significantly enhance security, management and control.
It provides a foundation for the secure, controllable and effective application of security functions at a Cloud provider, locally at an end user device, or at a gateway service.
Where security functions such as encryption are applied at endpoints prior to information being passed to a cloud provider, it is necessary to secure and manage keys across potentially many different endpoint devices. These could be private keys (of a public/private key pair) specific to a user or device, where individual private keys may be shared across multiple devices if a user has one identity and uses more than one device. Or they could be a collection of (symmetric) keys used to process secure data, where the keys have to be available to every user and device with access to the data.
Where security functions are applied at a gateway prior to information being passed to a cloud provider, all keys for all users must be managed and available at the gateway. SEAcurIT-e® ensures these keys are properly protected and controlled without the need for dedicated hardware, while maintaining complete control over the keys themselves.
For Cloud resident secure applications, it can ensure that stored sensitive information such as stored encryption keys are not accessible to unintended parties in what is an inherently accessible environment.
By associating data with keys, managing keys controls access to data. Furthermore, the association between users and their available keys allows straightforward access control management.
Enhanced Password Security
SEAcurIT-e® overcomes issues surrounding short, easy to guess passwords, and ensures password check values cannot be used as a basis to compromise passwords.
When deployed at web sites, SEAcurIT-e® provides a cost effective means of protecting user information from being compromised by an attack on a site, without requiring the use of dedicated hardware. This includes protection against an exhaustive search on the compromised information, a technique sometimes used to determine user passwords.
Types of user information that can be protected include password-related information, personally identifiable information, or payment card details.
The use of SEAcurIT-e® is completely transparent to end users.
SEAcurIT-e® can meet the security needs of IoT devices where it is typically necessary to store and manage secrets such as encryption keys or authentication values.
Such values are used for purposes such as:
- Verifying the integrity of critical device-resident data (software attestation)
- Securing information for onward processing, storage or distribution in the cloud
Strong authentication utilising cryptographic methods relies on the protection and control of authentication keys.
SEAcurIT-e® is both a tool to strengthen the security of such authentication methods, or it can provide a complete solution itself. It supports multiple approaches, from the background and largely hidden use of authentication keys in applications using usernames and passwords, to where authentication keys must be available on more than one device, to overcoming vulnerabilities with weak passwords. It is device specific, with multiple devices and accounts efficiently managed and controlled. Browser authentication is supported by a dedicated authentication scheme that counters real-time man-in-the-middle (phishing) attacks.