Saturday, November 14, 2015

Split Keys to Multiple Machines

The objective of this post is to discuss the feasibility of splitting credentials into multiple machines.

Why to Split Key

  • The motivation is to enhance the difficulty for the attackers to steal the key. The attackers would need to compromise several machines together 
How to Split Key

  • [2] RSA

Feasibility of Splitting Key to Protect Security

  • Though the secrets are separated, the rebuilding process must occur, by necessity, on a single machine which obtains, at some point, the secret itself. In particular, if you do the reassembly on a machine which is evil (i.e., which is under the control of an attacker through some malware), then the attacker learns the SSH private key. [1]

Conclusion

  • It is not feasible to defense covert channel attack through splitting credentials to multiple machines. 

References

No comments:

Post a Comment