Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • HSM 20090529

    Загружено:

    Ruben De Leon
    98 просмотров29 страниц
    An HSM (hardware security module) is a protected device that securely holds and manages digital keys. It stores keys in tamper-proof memory so they cannot be extracted. Some HSMs also accelerate cryptography using hardware. Well-defined software interfaces like PKCS#11 allow applications to interface with the HSM. Using an HSM improves security by physically separating keys from software and providing FIPS certification of its tamper resistance and key protection. Buyers should consider an HSM's interface, algorithms, capacity, performance, certification level, and price when selecting one.

    Исходное описание:

    HSM

    Оригинальное название

    hsm-20090529

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    An HSM (hardware security module) is a protected device that securely holds and manages digital keys. It stores keys in tamper-proof memory so they cannot be extracted. Some HSMs also accelerate cryptography using hardware. Well-defined software interfaces like PKCS#11 allow applications to interface with the HSM. Using an HSM improves security by physically separating keys from software and providing FIPS certification of its tamper resistance and key protection. Buyers should consider an HSM's interface, algorithms, capacity, performance, certification level, and price when selecting one.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    98 просмотров29 страниц

    HSM 20090529

    Загружено:

    Ruben De Leon
    An HSM (hardware security module) is a protected device that securely holds and manages digital keys. It stores keys in tamper-proof memory so they cannot be extracted. Some HSMs also accelerate cryptography using hardware. Well-defined software interfaces like PKCS#11 allow applications to interface with the HSM. Using an HSM improves security by physically separating keys from software and providing FIPS certification of its tamper resistance and key protection. Buyers should consider an HSM's interface, algorithms, capacity, performance, certification level, and price when selecting one.

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 29

    HSM

    Hardware Security Modules


    Jakob Schlyter jakob@kirei.se

    !"#$"
    1

    What is an HSM?

    !"#$"
    2

    What is an HSM?
    Protected keystore

    Private keys can never be extracted in clear

    Crypto hardware

    Sometimes increases speed (but not always)

    Well-defined software interface


    !"#$"
    3

    Protected Keystore
    Keys stored in tamperproof memory

    If you mess with the chip, the device will (try to)
    detect it and zeroize

    Implemented using

    Covering components in epoxy


    Thin wires covering sensitive components

    !"#$"
    4

    Crypto Hardware
    Hardware to assist accelerate symmetric
    and asymmetric crypto

    RSA, DSA, AES, 3DES

    Good random number generator


    Hashing is often implemented in the host
    !"#$"
    5

    API
    PKCS#11 (aka Cryptoki)
    OpenSSL Engine
    Microsoft CAPI
    Java Cryptography Extension
    !"#$"
    6

    Stacked APIs are possible


    Application
    OpenSSL
    EVP Crypto Library
    PKCS#11
    Engine

    Native
    Engine

    PKCS#11 Library

    Crypto Device

    CPU

    !"#$"
    7

    Why use a HSM?

    !"#$"
    8

    What is the risk?


    Keys can be comprimised by

    Compromised hosts
    Disgruntled staff
    Math

    !"#$"
    9

    How do we lower the risk?


    Protect the host itself

    But some sort of remote management is usually


    needed anyway

    Protect the private keys

    Move keys to HSM

    !"#$"
    10

    Residual risk
    Keys can still be misused

    If you can use a key, you can also misuse it

    Garbage in

    Garage out

    If you feed it a bad zone the result is still a


    signed bad zone

    !"#$"
    11

    Increase trust?
    Using an HSM increases trust Why?

    Standards compliance
    Verifiable security e.g. FIPS 140-2

    Also provides a clean cut between keystore


    and signing software

    You know where your keys are (and not are)

    !"#$"
    12

    The Buyers Guide to


    Hardware Security Modules

    !"#$"
    13

    Types of HSMs
    Local interface e.g. PCI cards
    Remote interface e.g. Ethernet

    Sharable between multiple hosts

    Smart cards
    USB tokens

    usually a smart card with integrated reader

    !"#$"
    14

    Algorithms and key sizes


    What algorithms are supported

    RSA recommended, DSA optional

    What key sizes are supported

    Minimum key size 1024 bits recommended


    Maximum key size 2048 bits recommended

    !"#$"
    15

    Capacity
    How many keys can be stored?
    Where are the keys stored?

    Internal keystore
    External keystore (encrypted by master key)

    !"#$"
    16

    API
    What API do you need?

    PKCS#11, OpenSSL, MS-CAPI, JCE

    What platforms are supported?

    Mind details like Linux kernel versions,


    distributions etc.

    !"#$"
    17

    Speed
    Signing speed RSA

    Usually measured in 1024-bit signing operations


    (with public exponent 3 or 65537) per second.

    Key generation speed RSA

    Usually the average key generation time for


    1024-bit and 2048-bit keys per second.

    !"#$"
    18

    Security Certifications
    FIPS 140-2

    Federal Information Processing Standard

    CC-EAL

    Common Criteria Evaluation Assurance Levels

    !"#$"
    19

    FIPS 140-2
    Level

    Requirement

    Basic security requirements

    Tamper evidence, user authentication

    3
    4

    Tamper detection/resistance, data zeroisation,


    splitting user roles
    Very high tamper detection/resistance,
    Enviromental protection

    !"#$"
    20

    CC-EAL
    What Protection Profile (PP) has been used
    for the Target of Evalation (ToE)?

    CMCKG-PP Key Generation


    CMCSO-PP Signing Operations

    !"#$"
    21

    Key Backup
    How do you backup your keystore?
    Can you restore a backup elsewhere?

    e.g. on a hot-standby site

    Split key backup possible?


    Well-known backup format?
    !"#$"
    22

    Examples of HSMs

    !"#$"
    23

    SCA 6000

    Sun Crypto Accelerator 6000


    Interface

    PCI-Express x8

    Certification

    FIPS 140-2 level 3

    Performance

    13,000 sign/s

    RSA-1024

    System Support

    Solaris, Linux

    Approx price

    960

    !"#$"
    24

    AEP Keyper 9720


    Interface

    Ethernet

    Certification

    FIPS 140-2 level 4

    Performance

    1,200 sign/s

    RSA-1024

    System Support

    Solaris, Linux, Windows

    Approx price

    17,500

    !"#$"
    25

    IBM 4764 PCIXCC


    Interface

    PCI-X

    Certification

    FIPS 140-2 level 4

    Performance

    1,200 sign/s

    RSA-1024

    System Support

    Solaris, Linux, Windows, AIX, i5/OS

    Approx price

    6,600

    !"#$"
    26

    SoftHSM
    Interface

    software

    Certification

    none

    Performance

    CPU-dependent

    RSA-1024

    System Support

    Unix

    Approx price

    Note: Not really a HSM just looks like one

    !"#$"
    27

    Other vendors
    Thales (formerly nCipher)

    netHSM, nShield

    SafeNet

    Luna SP, Luna CA, Luna PCI

    !"#$"
    28

    jakob@kirei.se

    !"#$"
    29

    Вам также может понравиться