How Do You Keep A Secret Key Secret?


dyadic_logoBrilliance Security Magazine sat down with Professor Yehuda Lindell, Chief Scientist & Co-founder, of Dyadic at Black Hat 2015.  Dyadic delivers encryption and authentication solutions by having private keys split between multiple locations, safe from rogue admins, stolen credentials, device compromise or any single zero-day or malware.

yehudaProf. Lindell said the solution was created to answer the question of “How do you keep a secret key a secret if you are using it all the time to encrypt and decrypt?”  He explained that the key is likely sitting on the application server, often in the same database it is protecting.  If an attacker reaches this server you must assume they have stolen the key, whether it was or not.  This is a huge problem when protecting sensitive data.

According to the 2013 Verizon Data Breach report (Verizon RISK 2013), 54% of data breaches overall were due to compromised servers. In addition, although 75% of the attacks were driven by financial motives, the number of state-level and industrial espionage attacks is on the rise.

At the core of Dyadic’s Distributed Security Module (DSM) lies cutting-edge technology based on decades of advanced cryptographic research in secure multiparty computation (MPC).  Professors Lindell from Bar-Ilan University, Israel and Nigel Smart from University of Bristol, UK are two of the co-founders of Dyadic and are two of the world’s leading authorities in the field of practical MPC.

Overturning the assumption that in order to use a secret key it has to be sitting at one place at one time, Dyadic’s solution removes the single point of failure by splitting the key randomly between two or more servers. Then all operations take place without ever bringing the key together, so it is never in any one place to be stolen.

To defeat the system an attacker would need to simultaneously control multiple servers in order to learn anything about the key.  The two parts of the key can reside on separate servers, in different locations, running on different operating systems and protected by different administrator credentials.  The two parts of the key are never in the same place at the same time and no one  ever has access to the complete key.

Please “like” our Facebook page and comment on this article.