SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsIn the past two or three years most major PKI technology vendors have released products which allow digital certificate holders with 'soft certificates' to have their private keys stored at a central server and uploaded when needed to their local machine. This allows users to 'roam' from one machine to another without having to manually manage the export and import of their keys onto temporary media like diskettes. Thus users gain much of the portability and usability advantages of hardware key media like smartcards and USB dongles but without the associated cost. However significant security compromises are entailed in any roaming soft certificate solution since fundamentally the key material is susceptible to sniffing or eavesdropping for at least some of the time. Careful security engineering and product deployment is needed to strike the right balance between cost/convenience and protection against identity theft. To date little analysis of this balance appears in the public domain and the relative strengths and weaknesses of commercial solutions is difficult for users to determine. This paper highlights the security engineering and deployment considerations by presenting a systematic vulnerability assessment of the common roaming architecture.