A vulnerability assessment of roaming soft certificate PKI solutions

In the past two or three years most major PKI technology vendors have released products which allow digital certificate holders with "soft certificates" to have their private keys stored at a central server and uploaded when needed to their local machine. This allows users to "roam" from one machine to another without having to manually manage the export and import of their keys onto temporary media like diskettes. Thus users gain much of the portability and usability advantages of hardware key media like smartcards and USB dongles but without the associated cost. This paper highlights the security engineering and deployment considerations by presenting a systematic vulnerability assessment of the common roaming architecture.

Tags:

Read the complete paper at SANS