key protection, csi

Key Protection, CSI

Eric NormanUniversity of Wisconsin-Madison

CSI ?CSI ?

Cheap,

Simple,

Impregnable.

The Two PrinciplesThe Two Principles

• Complete accountability of the private key

• Separation of duty

Complete Accountability of Complete Accountability of the Private Keythe Private Key

At all times during the life cycle of the private key, we know:

how many copies exist,

where each copy is located.

Separation of DutySeparation of Duty

No single person has the capability to use (any copy of) the private key.

Main Protection RuleMain Protection Rule

Never, never, never, never,

never, never, never, never,

never, never, never, never,

never, never, never, never,

Main Protection RuleMain Protection Rule

Never expose the private keyto the Internet!

The MachineThe Machine

• I/O limited to:– CD ROMs– Floppies– Keyboard and display– USB thingies

• Swapping is disabled• Never leave private key on disk

Lifecycle of KeysLifecycle of Keys

Deploy Verify

Idle Sign

Public

Private

Create Use Destroy

Key Generation Key Generation RandomnessRandomness

(create)(create)

How do we get randomness when the machine is rebooted immediately before use?

The Unknown FloppiesThe Unknown Floppies

Pic of floppies

Key StorageKey Storage(idle)(idle)

All confidential material

(media with private keys,

physical keys for padlocks,

passwords,

etc.)

is stored in separate tamper evident bags.

Certificate FingerprintsCertificate Fingerprints(deploy, verify)(deploy, verify)

• Weekly campus newspaper

• Answering machine

• Business cards

• Compare with your neighbor

Key UsageKey Usage(sign)(sign)

Locked door.

Key UsageKey Usage(sign)(sign)

Key UsageKey Usage(sign)(sign)

Another locked door.

Key UsageKey Usage(sign)(sign)

Pic cabinet2 locks

Key UsageKey Usage(sign)(sign)

Pic media box2 locks

Key UsageKey Usage(sign)(sign)

Boot machine.

Read input (private key, to be signed, etc.).

Supply two passwords to unlock key.

Sign stuff.

Write output (certificates, logs).

Erase memory and disk.

Shut down machine.

Off Site BackupOff Site Backup(idle, sign, destroy)(idle, sign, destroy)

Separate safety deposit boxes for: private key media, password half, other password half.Each in its own tamper evident bag. (Should only be necessary for audit or destruction.)

It's also possible to just generate new key.

Key CompromiseKey Compromise

Stop signing with key.

Restore trustworthy service.

Revoke old key.

Key DestructionKey Destruction(destroy)(destroy)

Simple. Round up all copies and destroy them.

Protecting a private key by destroying it is a strategy that might be applicable more often than you think.

CSI !CSI !

Cheap,

Simple,

Impregnable.