Security of information is a highly important aspect for users of networks, especially users of the Internet. The users may be commercial organisations, governments, universities or private individuals. Networks pass a huge variety of valuable, important and often confidential information. If the information is not secure, the consequences to the user can be disastrous. For example, the results may include financial losses, disclosure of confidential information, loss of confidence from clients and disruption to the user's activities.
When information is passed via a network, it originates at a location of generation of the information and is passed over a communication link to a receiving location. To ensure that the information transfer process is secure, public and private encryption keys are often used. Public and private key pairs ensure that data is authentic and originates from the correct source and that the data has not been modified in transit. Public and private key pair combinations give users the ability to sign and encrypt data in an authenticated, verifiable, and secure fashion.
The private key is held by the originating source and this key is kept secure and is never shared or transmitted via the network. The public key corresponding to the private key is distributed within a digital certificate and is used to confirm the identity of the parties in the transactions and to enable encryption of information for secure delivery to a destination.
A user may deal with many certificates and may have more then one private key that it uses to sign and encrypt or decrypt data.
The originating source signs a message to send to a client using the private key. The client uses the public key, which is extracted from its digital certificate, to verify the signature attached to the message. As the certificate is endorsed by a trusted source and no one else has the same private key, the client has authenticated the source.
Web servers widely use public and private key pairs to ensure that information passed from the server is authentic and is not modified in transit to a Web browser. If an attacker could obtain the private key, they could impersonate the Web server and could also decode previous transactions.
Typically private keys are encrypted and stored on a local file store at the originating source (for example, such as the Web server) and the file store is strongly protected. Since the key is only a few hundred bytes long and the storage space of the file store may be many tens of gigabytes, it has been thought reasonable to presume that the key is hard to find within a file store. However, recent studies have indicated that the keys are, in fact, easier to find than presumed as the keys to the cryptographic systems are unusual numbers with specific mathematical properties that make it possible for an attacker to identify them within the file store.
The threat of key finding is discussed in “Protecting Commercial Secure Web Servers From Key-Finding Threats” by nCipher, Inc. (http://www.ncipher.com/products/rscs/downloads/whitepapers/pcsws.pdf).
The Java platform (Java is a Registered Trade Mark of Sun Microsystems, Inc) has security provisions which include the use of private and public encryption keys. The Java platform enables the dynamic loading of code from a source outside the system. This extremely valuable function raises increased security risks. The use of private and public encryption keys is therefore important to ensure that any code being loaded from a remote source is authentic and has not been tampered with in transit. In this way, the security for the Java platform has the aim of protecting the user's workstation and resources against hostile code.
Since initial commercial deployments of the Java platform were in Web browsers, much of the focus of Java security has been in providing features for protecting against hostile applets; that is against hostile code downloaded from Web sites on the Internet. The Java platform supports security keys and powerful encryption techniques to verify that an applet came from an identifiable source and has not been modified.
An example of Public Key Infrastructure is the Java Cryptography Architecture (JCA) (http://java.sun.com/j2se/1.3/docs/guide/security/CryptoSpec.html) which provides an architecture to manage keys. The architecture is embodied in the java.security package which provides classes and interfaces for access control and authentication. This security architecture allows Java code to create and verify message digests and digital signatures.
In the Java 2 VM the class JavaKeyStore loads and stores cryptographic keys to the local file store in a relatively simple format. The key store is protected by a password, but it has become evident that a private key on a local file store can be identified due to it having a relatively unique binary pattern. Therefore private keys stored in a JavaKeyStore on a machine's file store are exposed. Secondly, once a key store file has been identified, it is easy to extract those bytes which relate to a private key due to the simple and clearly defined structure of the file.
The aim of the present invention is to provide a method and apparatus for protecting in-storage keys.