HSM: A Must Have. Applications are everywhere SafeNet Inc. All rights reserved.

Transcription

1 What is an HSM

2 HSM: A Must Have Applications are everywhere

3 HSM: A Must Have Secrecy, Control, Payment, Rights are all attributes of applications Security & Keys are used

4 HSM: A Must Have Keeping Keys Safe keeps the application safe HSM

5 Why Hardware Security Modules? Keys are valuable Private keys for identity no one else should be able to get a copy of private signing key Symmetric keys for confidentiality keys on the host computer are subject to memory scanning attacks Protection outside hardware will always have a weakness Typically involves some form of password-based encryption passwords are easy to snoop from keyboard Easy access to keys stored on hard drive Software on host computer subject to attack Trojan horse Masquerade

6 The Role of an HSM 1. They are devices for keeping keys in hardware making the keys secure Keys underpin all the security mechanisms so they must be kept securely Keeping a Key in Hardware means that you can control when, where and how it is used 2. They Perform Cryptographic Operations on those Keys 1. If the keys are in hardware they wouldn t be secure if each time you needed to use them, you had to copy them off to another computer. 2. Since most of the asymmetric crypto operations are very computationally expensive the HSM needs to perform them quickly 3. They come in a variety of form factors, performance and storage capacities 1. Attached to a network 2. Embedded in a Server 3. Portable 4. Password Authenticated or 2 factor Authenticated with MofN 4. They offer different programming interfaces 1. PKCS11, JCE, CAPI 5. Provide a clear audit trail for all key materials

7 Summary Any application that makes use of Cryptography makes use of Keys If the application is sensitive enough protection of those keys is vital Whether the application is small, mobile and embedded in a cell phone, or large, distributed and needs to be fault tolerant if protection of keys is a requirement an HSM is required

8 Planning for Security in your application

9 Factors to Consider Vendor Security Scalability & Performance Ease of Integration

10 Vendor Considerations Global and Stable organization Broad HSM product Suite Integration options Toolkit offering Well documented API s A Software Emulation HSM for development Hosting and securing code in addition to Keys Partner Relationships offering a wide range of Solutions Reputation Document, Database, Payment, XML, PKI, Rights Management Security applications What proportion of Global F1000 trust the vendor

11 Security Key Generation of all private keys in hardware Key Storage of private keys 100% of the time in hardware Certificate Signing performed on hardware Key Backup in controlled hardware 100% of the time Trusted Path used to enter critical security parameters Recognized validation from FIPS or Common Criteria

12 FIPS Crypto module validation NOT security evaluation Conformance testing against standard Testing performed by NVLAP accredited labs Validation & certification by NIST/CSE Formerly just N.A. standard Now applicable in U.K. Labs accredited in U.K. and Germany

13 Common Criteria ISO defines criteria for specifying and evaluating security functional and assurance requirements Target of Evaluation (TOE) evaluated against requirements defined in Security Target (ST) ST contains Description, Assumptions, Threats, Objectives, Functional Requirements, Assurance Requirements & High-level Specification Evaluation Assurance Levels (EAL) are packages of Assurance Requirements intended to meet common assurance needs EAL 1 through 7

14 Common Criteria (cont) Emphasis on design assurance and testing for strength of security functions No prescribed list of conformance test requirements Mutual Recognition Arrangement (MRA) signatories recognize evaluations performed in other countries up to EAL 4 Recognized world-wide European market DoD requirement DoD Instruction

15 Best Practices for Hardware Security Modules 1. Hardware-secured key generation 6. Controlled physical access 2. Hardware-secured key storage 3. Hardware-secured key backup 7. Host independent 2-factor authentication 8. Enforced operational roles 4. Hardware-secured digital signing 9. Independent Audit 5. PKI authenticated software 10. FIPS validation

16 Operational Roles Lifecycle Operational Role Function Custodian Initialization Initialization (one time only) Vault Initialization Admin Security Officer Token Administration Set token security policy Select token initialization parameters Create Users Chief Security Officer Domain Cloning Token Backup Set Cloning Policy Create/Transfer Cloning Domains Token Backup Domain Administrator Operation User M of N Key Generation Signing Decryption Shared Secret M of N authentication M keys of N key set required to authenticate System Administrator IT Staff

17 Breadth of HSM Technology

18 Why all the different products? Programmable Sophistication All sorts of Crypto Sign, Verify and other Key ops Just Generate a Key A few Several hundreds and thousands per second operations on keys

19 Toolkits 3 rd Party or Customer Developed Host Application PKCS#11, Java, CAPI, Custom API, Payments API s Windows, Solaris, Linux, HP UX, AIX Networked to single or multiple SSM Write your own applications and load them directly onto the device secure sensitive code or place applications in untrusted environments Early-stage development all in Software

20 Build vs Buy

21 Case Studies

22 SafeNet Securing Banking Transactions SafeNet HSM Large Banks SafeNet HSM Small Banks Financial Transaction Infrastructure Applications Payments & Cash Mgt Treasury & Derivatives Trade services Pre-Settlement/trade Access Control via 2 or 3 factor SafeNet HSM Key Management SSL Acceleration FIPS certified Certificate Authority Directory Applications Clearing services Custody services

23 Check Clearing Process Embedded Example User Auth Luna PCI Root Key Storage, Signing, Encryption Luna PCI Root Key Storage, Signing, Encryption Luna PCI Root Key Storage, Signing, Encryption Signed & Encrypted Outward Electronic Check MICR & image Signed & Encrypted Outward Electronic Check MICR & image Clearing House Interface (Presenting Bank) Inward Check MICR & images Clearing House Outward return Check MICR Clearing House Interface (Paying Bank) Check MIRC data & images are captured at the Presenting Bank Sign & Enc data OCSP & Enc data Auth & license control Database encryption Luna SA Electronic Check Archive Auth & license control

24 Egg s PIN Processing with Luna SP 2 (VPS) ViewPIN Server 1 User enters CVV from card CVV 5 2 VPS encrypts CVV for card issuer 1 3 Bank Web Portal 3 Forward encrypted CVV to issuer via bank 4 Issuer decrypts CVV and looks up PIN Encrypts PIN for VPS decoding Sends back to VPS via bank 4 PIN database Card Issuer 5 VPS decrypts PIN and displays to user over SSL

25 ViewPIN Architecture Encryption of CVV2 and Decryption of PIN Luna SP Application security module deployed in the DMZ Integrated FIPS Level 3 HSM Provides tamper-protection for ViewPIN Level 3 type physical security Hardened operating system Protected application container ViewPIN Server User Web Site PIN Database With standard browser With ViewPIN link and page ViewPIN Pages Logic Authentication System With FIPS Level 3 HSM PIN HSM User

26 Database Encryption: Visa & Mastercard ` HSM used for Master Key storage & operations DB Server Application Server Manage Security Policy FIPS compliance Hardware bias in many IT organizations View Database DataProtector ` Security Manager Audit and Reporting Key Management PKCS11 Data Storage Master key Storage and Operations

27 HSM and Manufacturing PKI is not just for people PKI can also be used to create digital identities for devices like phones and computers Cisco uses SafeNet HSMs to create the digital identities for their IP phones & Routers Motorola uses HSMs to issue identities for cell phones, set-top boxes and Cable Modems As well as to protect Intellectual Property in 3rd Party Manufacturing environments SafeNet uses HSM to load firmware into HSM at manufacturing location preventing the exposure of code outside of SafeNet

28 Manufacturing PKI for IP Phones IP Phone IP phone requests certificate from Manufacturing CA Manufacturing CA Luna HSM 2 CA generates a new certificate that Luna signs with the root key 3 Certificate is sent to the phone 4 Phone now has a unique digital identity baked in by Cisco

29 Secure Hard Drive Authentication PKI Certificate Authority Manufacturing Site Identity Issuance RA Key Gen (Extracts keys to Luna SP) Luna SP Sends Keys to Hard Drives Cable modems BIOS applications. Hard drives

30 Use Case: High Assurance Bundle Security Officer 2 5 Code Signing Certificate Inspect Activate 3 Authorize Provision 4 1 Drop Ship Signing Authority Application Developer Trusted Manufacturer Deploy 7 6 Signed Code Release 1 st, 2 nd, or 3 rd Party IT Department

31 ID Card Manufacturer Solution HSM Generates new Keys and wraps for export Key Issuance Application (e.g.intercede, Oberthur, Gemplus, G&D, Datacard, Ubiq, etc) Injects wrapped keys into Smartcards Used for generating keys at manufacturing for initializing smartcards with keys for secure communication in future

32 ID Card Issuance Database PKI Root CA CMS Key Issuance Application (e.g. Intercede, Microsoft, ActivIdentity, Gemplus, BellID, Datacard, etc) Injects wrapped user keys into Smartcards HSM Manages new Keys and wraps for export Sub CAs CMS Keys End user s SC Keys Used for secure comms. with Smart Cards for issuing Digital IDs to end users

33 ID Card in FIPS201 (USGov) Many Issuers Local, state, Federal Public, private Military, civilian Separate databases No communication between organizations Many Cards Multiple badges for the same individual Multiple privileges for issued cards No validation of these credentials Unknown Privileges Issued from standalone databases No validation across organizations Not linked to identity

34 A word from my sponsor

35 Luna SA: World s first Network HSM PKI Financial Transactions Web Server (SSL acceleration) Security FIPS level 3 & Common Criteria EAL4+ Performance 4000 s/s Flexibility upto 20 Virtual HSMs Cost Shared hardware Applications PKI Root Key Protection Financial Transactions Shared SSL Acceleration

36 Advantage: Partition capable HSM Luna SA can be partitioned into virtual HSMs (up to 20) Separate administrative controls for each partition Multiple HSM applications hosted on the same unit

37 Advantage: Network Sharing PKI Sub-Root CA Network Trust Link Network Trust Link E-commerce transactions Secure Document Access Network Trust Link Network Trust Link Web Server (SSL) Reduced cost of ownership Amortize Luna SA over multiple applications, organizations, services Fewer boxes to buy, install and manage Centrally managed cryptographic keys More secure and simpler to administer

38 Network Trust Links HSM is operated by secure remote control over the network All crypto keys and operations remain inside the HSM 1 IP address Four Layers of Security 2 SSL 3 Digital certificates for server & client 4 Process-level password Application Server Network Trust Link

39 High Availability & Load Sharing Application Servers Load balanced Pair On-site Disaster Recovery Unit Off-site Luna SA s can be clustered from anywhere on the network HSM requests are cycled between active SA units Increased availability, performance, disaster recovery

40 Advantage: Multi-Person Authentication 2-Factor Authentication 2-Factor Authentication Password + + Multi-person Authentication Password +

41 Advantage: Keys always in hardware Creation Destruction Hardware- Secured Key Lifecycle Storage Usage Distribution

42 Advantage: 3 Layers of Security Tamper Resistant Hardware Multi-Person Two-Factor Access Control Encrypted Keys

43 Looking to the Future

44 Next Decade - Market Drivers Networked applications will continue to shift from a connection to a transaction orientation Valued transactions will shift from manual/paper based processes to electronic ones as confidence in security technology increases Authenticity will surpass secrecy as the primary network security driver Adoption of new and simpler Cryptographic APIs will speed the integration and deployment of hardware assisted security to applications Security for transaction oriented applications requires deeper integration with the host application and the encryption, signing and verification of atomic units of data as opposed to bulk line encryption. This model of security encourages the use of HSM technologies Cash (paper based transaction), passport/identity, legal documents (i.e. mortgage applications, land registry) and other paper based systems are migrating to online e-type solutions Cash and other transactions place more importance on assuring the identity of the parties than secrecy of the transaction. Assuring identity of people or entities requires PKI-like structure for issuance and validation. HSMs provide the backbone of this infrastructure Cryptography is not simple and the high degree of integration required with applications demands more simple methods for integration that can be applied by non-cryptography experienced engineers whose primary skills revolve around building and supporting the host application and not security. Web Services and other technologies being widely adopted help meet these goals

45 Applications using security / Document / Database DRM (on demand rights management) ewallet, eid (issuance & verification) 1. PKI Root Key Protection & SSL 1. HSM used to protect corporate, banking and retail identities for ecommerce. This application resurges by 2010 for intercorporation value transfers 2. XML & Federated Identity technologies and Corporate Governance issues drive internal need to ensure integrity of data 3. Cash is replaced with electronic wallets and states issue electronic identities. Reduces retail costs, secure borders and reduces fraudulent use of national services (such as healthcare) 4. Music, Video and Games delivered on demand to multiple platforms (itv, PC, handheld) requires platform independent security technology

46 Thank You