secure your encryption with hsm
TRANSCRIPT
![Page 1: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/1.jpg)
Secure Your Encryption with HSMNarudom Roongsiriwong, CISSP
OWASP Thailand Chapter Meeting 4/2017June 29, 2017
![Page 2: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/2.jpg)
WhoAmI● Lazy Blogger
– Japan, Security, FOSS, Politics, Christian– http://narudomr.blogspot.com
● Information Security since 1995● Web Application Development since 1998● Head of IT Security and Solution Architecture, Kiatnakin Bank PLC (KKP)● Consultant for OWASP Thailand Chapter● Committee Member of Cloud Security Alliance (CSA), Thailand Chapter● Consulting Team Member for National e-Payment project● Committee Member of Thailand Banking Sector CERT (TB-CERT)● Contact: [email protected]
![Page 3: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/3.jpg)
Real World Cryptography
We spend too much time arguing about algorithm but lack of time discussing● Key controls and key management● Key change/exchange procedures● Cryptographic toolkits● Random number/seed generators● Process & documentation● Training
![Page 4: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/4.jpg)
Brute-Forcing vs Key Thef
Left hand side: At the Passwords^12 Conference, Jeremi Gosney (a.k.a epixoip) demonstrated a rig of 25 AMD Radeon GPUs that leveraged Virtual OpenCL Open Cluster (VCL)
![Page 5: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/5.jpg)
Cryptography uses SECRET keys
How can we keep keys being SECRET?
![Page 6: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/6.jpg)
Key Management Fundamental
![Page 7: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/7.jpg)
“Key management is the hardest part of cryptography and often the Achilles’ heel of an otherwise secure system.”
- Bruce Schneier, Applied Cryptography (2nd edition)
![Page 8: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/8.jpg)
Key Management Framework
Generation Exchange Storage Rotation Archiving Destruction
Key Usage
![Page 9: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/9.jpg)
Key Generation● Generate Key● Register Owner● Activate Key● Deactivate Key● Suspend and Re-Activate a Key● Renew a Public Key● Key Derivation or Key Update● Associate a Key with its Metadata● Modify Metadata● List Key Metadata
![Page 10: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/10.jpg)
Key ExchangeEstablish Key● Validate Public Key Domain
Parameters● Validate Public Key● Validate Public Key Certification
Path● Validate Symmetric Key● Validate Private Key (or Key Pair)● Validate the Possession of a Private
Key● Perform a Cryptographic Function
using the Key● Manage the Trust Anchor Store
Cryptographic Key and Metadata Security: During Key Establishment● Key Transport● Key Agreement● Key Confirmation● Key Establishment Protocols
(TLS, IKE, SSH, …)
![Page 11: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/11.jpg)
Key Storage● Store Operational Key and Metadata● Backup of a Key and its Metadata● Recover Key and/or Metadata● Enter a Key and Associated Metadata into a Cryptographic
Module● Output a Key and Associated Metadata from a Cryptographic
Module
![Page 12: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/12.jpg)
Key Rotation (Retirement)● Replace Key (Rollover, Update and Renewal)● De-register Key● Revoke Key
– Document, Test and Maintain Compromise Management Plan– Establish and Maintain Notification Process– Assess Impact as Part of Incident Response– Do Not Delete the Keys
![Page 13: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/13.jpg)
Key Archival● Archive Key and/or Metadata● Recover Key and/or Metadata
![Page 14: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/14.jpg)
Key Destruction● Destruction of Encryption Key Materials● Retention of Encryption Key Meta-Data
![Page 15: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/15.jpg)
An Overview of Hardware Security Module
![Page 16: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/16.jpg)
What is an HSM?
● Cryptographic Computing Hardware Module● Protected Key Store● Well-Defined Interface Protocol● Hard to Compromise
Hardware Security Module
![Page 17: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/17.jpg)
Other Names of HSM● Personal Computer Security Module (PCSM)● Secure Application Module (SAM)● Secure Cryptographic Device (SCD)● Secure Signature Creation Device (SSCD)● Hardware Cryptographic Device● Cryptographic Module
Source: SANS Institute InfoSec Reading Room, An Overview of Hardware Security Modules
![Page 18: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/18.jpg)
Cryptographic Computing Module● Hardware Accelerate Cryptography
– Symmetric: AES, 3DES, Blowfish, Aria, Camelia– Asymmetric: RSA, DSA, Diffie-Hellman, ECC
● Secure Random Number Generator● Message Digest (Hash)● Message Authentication Code (MAC)
![Page 19: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/19.jpg)
Protected Key Store● Keys stored in tamper-proof nonvolatile memory
– If tampering is detected, memory will be malfunction● Implemented using
– Covering components in epoxy– Thin wires covering sensitive components
![Page 20: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/20.jpg)
How HSM Helps Key Management?● HSM has key generation functions● HSM provides key transport and key agreement functions● HSM provides protected key storage and key handling
functions● HSM provides ciphertext translation function from one key to
another for key rotation● HSM provides key backup/recover functions for key archival● HSM is able to delete keys inside protected storage.
![Page 21: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/21.jpg)
Main Application Areas● PKI Environments
– Certification Authority (CA) and Registration Authority (RA)– Generate, store and handle key pairs
● Card Payment Systems– Authentication and integrity checking of messages– Confidentiality (e.g. PIN)– On-line PIN verification– Checking card security codes– Re-encryption of PIN blocks– Card creation: PIN mailers, generation of magnetic stripe data,
personalization of chip cards– E-commerce and M-commerce– Home banking
![Page 22: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/22.jpg)
Other Application Areas● Key Distribution Centers● SSL connectivity● PayTV● Access control: one time passwords, user authentication● (Qualified) Digital signatures● Time-stamping● Trusted Platform Modules (TPM)● Document protection
![Page 23: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/23.jpg)
HSM Selection Criteria
![Page 24: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/24.jpg)
Smart Card / SIM SD Card
HSM Form Factors
USB
Network / Remote InterfaceLocal Interface (PCI/PCIe)
![Page 25: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/25.jpg)
HSM Key Store Architectures
Keys stored in HSM● Pros:
– No additional component is needed
– Ease of maintenance● Cons:
– Limited numbers of keys● Example Product: Safenet,
USB Type, Smart Card Type
Keys stored externally and encrypted by master key in HSM● Pros:
– Unlimited or large numbers of keys
● Cons:– Additional components are
needed– Hard to maintain
● Example Product: Thales
![Page 26: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/26.jpg)
HSM: General Purpose vs Specific PurposeGeneral Purpose● Equipped with standard
cryptographic algorithms Symmetric, Asymmetric, Hashing)
● Support major OS drivers including VMWare and Hyper-V
● Support standard APIs– PKCS#11– Open SSL– Java (JCE)– Microsoft CAPI and CNG
Specific Purpose● Optimized for specific function
– Security Application Module (SAM) / SIM
– Electronics Fund Transfer / Payment System
● Limited Cryptographic algorithm● Support specific applications
– EFT Key Management– MAC (Message Authentication
Code)● May not support standard APIs
![Page 27: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/27.jpg)
HSM Speed● RSA Signing Speed → Signing operations per second (at 1024-
bit, public exponent 3 or 65537)● RSA Key Generation Speed → Keys per second (at 1024-bit
and 2048-bit)● Visa PIN Verification → Operation per second● AES Encryption → MB per second (at 256-bit key length)
![Page 28: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/28.jpg)
HSM Licensing● HSM specification may support many cryptography algorithms
but not all are activated– Algorithm activation based on the license
● Maximum encryption/decryption speed may not be the same as declare in the specification– Speed limit by the license
● Network or remote interface type HSM may limit the number of hosts or IP addresses connected to the HSM upon the license
![Page 29: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/29.jpg)
HSM: Standard and Certification● FIPS 140-2● Common Criteria Evaluation Assurance Level (CC-EAL)● PCI HSM● APCA● MEPS
![Page 30: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/30.jpg)
FIPS 140-2
Level Requirement
1 Basic security requirements
2 Tamper evidence, user authentication
3 Tamper detection/resistance, data zeroisation, splitting user roles
4 Very high tamper detection/resistance, Environmental protection
![Page 31: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/31.jpg)
CC-EAL● What Protection Profile (PP)
has been used for the Target of Evaluation (ToE)?– CMCKG-PP – Key
Generation– CMCSO-PP – Signing
Operations
EAL1 Functionally tested
EAL2 Structurally tested
EAL3 Methodically tested and checked
EAL4 Methodically designed, tested, and reviewed
EAL5 Semi-formally designed and tested
EAL6 Semi-formally verified design and tested
EAL7 Formally verified design and tested
![Page 32: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/32.jpg)
HSM Key Backup/Restore● How do you backup your keystore?
– Smart Card– Secure USB Storage
● Key synchronization among two HSMs or more?● Can you restore a backup elsewhere?
– e.g. on a hot-standby site● Split key backup possible?● Well-known backup format?
![Page 33: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/33.jpg)
Cloud HSM● Amazon AWS CloundHSM● IBM Bluemix HSM
https://aws.amazon.com/cloudhsm/https://www.ibm.com/cloud-computing/bluemix/hardware-security-module
![Page 34: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/34.jpg)
HSM API● PKCS#11● OpenSSL Engine● Microsoft CAPI● Java Cryptography Extension● Vendor specific API● Low level programming (need for speed)
– USB Type or Smart Card Type + Reader: PC/SC + vendor specific smart card application protocol data unit (APDU)
– Network Type: Socket programming with vendor specific protocol
![Page 35: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/35.jpg)
PKCS#11● PKCS #11 is one of the Public-Key Cryptography Standards but
also support other cryptographic functions● Defines a platform-independent API to cryptographic tokens,
such as hardware security modules (HSM) and smart cards● API name is “Cryptoki”, but often called PKCS#11 API as its
standard. Complex C API.● Wrappers
– Java Cryptography Architecture/Extension (JCA/JCE)– Pkcs11Interop → .NET (Open source, Nuget package available)– PyKCS11 → Python– Ruby-pkcs11 → Ruby
![Page 36: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/36.jpg)
PKCS#11 Functions● Key Management
– Key & Key Pair Generation– Key Factory– Key Agreement (Diffie-Hellman)– Key Store (Keys & Certificates)
● Cipher (Encrypt/Decrypt)● Secure Random Number Generator● Message Digest● Message Authentication● Digital Signature
![Page 37: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/37.jpg)
Key Management with HSM Web Service
![Page 38: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/38.jpg)
Pain Points● How can we encourage developers adopt HSM and key
management process?● How can we ensure that developers properly implement only
approved cryptography algorithm?● How can we help applications rotate keys properly and
correctly?● If we need stronger encryption algorithm or longer key
length in the future, how can we migrate the encrypted data without application modification?
![Page 39: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/39.jpg)
HSM Wrapper API Connection Diagram
![Page 40: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/40.jpg)
Wrapping Functions● decryptdata(AppKeyID, Ciphertext)
– Return Plaintext● encryptdata(AppKeyID, Plaintext)
– Return Ciphertext● translatedata(AppKeyID, Ciphertext)
– Return new CipherText
● AppKeyID is not the same as HSM key ID but a pointer to a configuration record of– Encryption algorithm– History list of HSM key IDs usage– decryptdata & encryptdata will always use
current key that associates with AppKeyID● Ciphertext is encrypted data● Plaintext is original data
HSMKeyID AppKeyID ValidFrom
39 3 Last Jan 1
40 4 Last Feb 1
41 3 Next Jan 1
42 4 Next Feb 1
translatedata function will decrypt an input ciphertext with the current key and re-encrypt with the nearest future keyFor example from key history table, if AppKeyID=3, translatedata function will use HSMKeyID=39 to decrypt input ciphertext to a plaintext, then will encrypt that plaintext with HSMKeyID=41 to a new ciphertext.
![Page 41: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/41.jpg)
Application Example: PGP Decryption
Data
Encrypt key using receiver‘s
public key
RSA
Encrypted Message
Encrypt Decrypt
Encrypt data using random
key
q4fzNeBCRSYqv
Encrypted Key
Generate Random
Key
Data
TIakvAQkCu2u
Random Key
Encrypted Message
Data
q4fzNeBCRSYqv
Encrypted Key
Decrypt data using key
Decrypt using receiver‘s private key
RSA
TIakvAQkCu2u
Data
● Call Wrapper API’s “decryptdata” function with parameters– AppID (Which App Profile)– q4fzNeBCRSYqv as
Encrypted Data● Receive TIakvAQkCu2u as
Decrypted Data
![Page 42: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/42.jpg)
Application Example:Secure Password for Deployment Automation
![Page 43: Secure Your Encryption with HSM](https://reader034.vdocument.in/reader034/viewer/2022050614/5a648bbe7f8b9a2c568b5873/html5/thumbnails/43.jpg)