Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
Prochain SlideShare
What to Upload to SlideShare
Télécharger pour lire hors ligne et voir en mode plein écran



Secure Your Encryption with HSM

Télécharger pour lire hors ligne

Hardware Security Modules (HSMs) are widely use for cryptography key management in many areas such as PKI, card payment, trusted platform modules, etc. However they are rarely used in in-house software development.

This presentation will explain about why we need the key management and its fundamental, overview of HSM and how it take parts in key management, HSM selection criterias, and finally, an idea to make a web service wrapper easier to adopt by developers those lack of knowledge in cryptography programming.

Secure Your Encryption with HSM

  1. 1. Secure Your Encryption with HSM Narudom Roongsiriwong, CISSP OWASP Thailand Chapter Meeting 4/2017 June 29, 2017
  2. 2. WhoAmI ● Lazy Blogger – Japan, Security, FOSS, Politics, Christian – http://narudomr.blogspot.com ● Information Security since 1995 ● Web Application Development since 1998 ● Head of IT Security and Solution Architecture, Kiatnakin Bank PLC (KKP) ● Consultant for OWASP Thailand Chapter ● Committee Member of Cloud Security Alliance (CSA), Thailand Chapter ● Consulting Team Member for National e-Payment project ● Committee Member of Thailand Banking Sector CERT (TB-CERT) ● Contact: narudom@owasp.org
  3. 3. Real World Cryptography We spend too much time arguing about algorithm but lack of time discussing ● Key controls and key management ● Key change/exchange procedures ● Cryptographic toolkits ● Random number/seed generators ● Process & documentation ● Training
  4. 4. Brute-Forcing vs Key Thef Left hand side: At the Passwords^12 Conference, Jeremi Gosney (a.k.a epixoip) demonstrated a rig of 25 AMD Radeon GPUs that leveraged Virtual OpenCL Open Cluster (VCL)
  5. 5. Cryptography uses SECRET keys How can we keep keys being SECRET?
  6. 6. Key Management Fundamental
  7. 7. “Key management is the hardest part of cryptography and often the Achilles’ heel of an otherwise secure system.” - Bruce Schneier, Applied Cryptography (2nd edition)
  8. 8. Key Management Framework Generation Exchange Storage Rotation Archiving Destruction Key Usage
  9. 9. Key Generation ● Generate Key ● Register Owner ● Activate Key ● Deactivate Key ● Suspend and Re-Activate a Key ● Renew a Public Key ● Key Derivation or Key Update ● Associate a Key with its Metadata ● Modify Metadata ● List Key Metadata
  10. 10. Key Exchange Establish Key ● Validate Public Key Domain Parameters ● Validate Public Key ● Validate Public Key Certification Path ● Validate Symmetric Key ● Validate Private Key (or Key Pair) ● Validate the Possession of a Private Key ● Perform a Cryptographic Function using the Key ● Manage the Trust Anchor Store Cryptographic Key and Metadata Security: During Key Establishment ● Key Transport ● Key Agreement ● Key Confirmation ● Key Establishment Protocols (TLS, IKE, SSH, …)
  11. 11. Key Storage ● Store Operational Key and Metadata ● Backup of a Key and its Metadata ● Recover Key and/or Metadata ● Enter a Key and Associated Metadata into a Cryptographic Module ● Output a Key and Associated Metadata from a Cryptographic Module
  12. 12. Key Rotation (Retirement) ● Replace Key (Rollover, Update and Renewal) ● De-register Key ● Revoke Key – Document, Test and Maintain Compromise Management Plan – Establish and Maintain Notification Process – Assess Impact as Part of Incident Response – Do Not Delete the Keys
  13. 13. Key Archival ● Archive Key and/or Metadata ● Recover Key and/or Metadata
  14. 14. Key Destruction ● Destruction of Encryption Key Materials ● Retention of Encryption Key Meta-Data
  15. 15. An Overview of Hardware Security Module
  16. 16. What is an HSM? ● Cryptographic Computing Hardware Module ● Protected Key Store ● Well-Defined Interface Protocol ● Hard to Compromise Hardware Security Module
  17. 17. Other Names of HSM ● Personal Computer Security Module (PCSM) ● Secure Application Module (SAM) ● Secure Cryptographic Device (SCD) ● Secure Signature Creation Device (SSCD) ● Hardware Cryptographic Device ● Cryptographic Module Source: SANS Institute InfoSec Reading Room, An Overview of Hardware Security Modules
  18. 18. Cryptographic Computing Module ● Hardware Accelerate Cryptography – Symmetric: AES, 3DES, Blowfish, Aria, Camelia – Asymmetric: RSA, DSA, Diffie-Hellman, ECC ● Secure Random Number Generator ● Message Digest (Hash) ● Message Authentication Code (MAC)
  19. 19. Protected Key Store ● Keys stored in tamper-proof nonvolatile memory – If tampering is detected, memory will be malfunction ● Implemented using – Covering components in epoxy – Thin wires covering sensitive components
  20. 20. How HSM Helps Key Management? ● HSM has key generation functions ● HSM provides key transport and key agreement functions ● HSM provides protected key storage and key handling functions ● HSM provides ciphertext translation function from one key to another for key rotation ● HSM provides key backup/recover functions for key archival ● HSM is able to delete keys inside protected storage.
  21. 21. Main Application Areas ● PKI Environments – Certification Authority (CA) and Registration Authority (RA) – Generate, store and handle key pairs ● Card Payment Systems – Authentication and integrity checking of messages – Confidentiality (e.g. PIN) – On-line PIN verification – Checking card security codes – Re-encryption of PIN blocks – Card creation: PIN mailers, generation of magnetic stripe data, personalization of chip cards – E-commerce and M-commerce – Home banking
  22. 22. Other Application Areas ● Key Distribution Centers ● SSL connectivity ● PayTV ● Access control: one time passwords, user authentication ● (Qualified) Digital signatures ● Time-stamping ● Trusted Platform Modules (TPM) ● Document protection
  23. 23. HSM Selection Criteria
  24. 24. Smart Card / SIM SD Card HSM Form Factors USB Network / Remote InterfaceLocal Interface (PCI/PCIe)
  25. 25. HSM Key Store Architectures Keys stored in HSM ● Pros: – No additional component is needed – Ease of maintenance ● Cons: – Limited numbers of keys ● Example Product: Safenet, USB Type, Smart Card Type Keys stored externally and encrypted by master key in HSM ● Pros: – Unlimited or large numbers of keys ● Cons: – Additional components are needed – Hard to maintain ● Example Product: Thales
  26. 26. HSM: General Purpose vs Specific Purpose General Purpose ● Equipped with standard cryptographic algorithms Symmetric, Asymmetric, Hashing) ● Support major OS drivers including VMWare and Hyper-V ● Support standard APIs – PKCS#11 – Open SSL – Java (JCE) – Microsoft CAPI and CNG Specific Purpose ● Optimized for specific function – Security Application Module (SAM) / SIM – Electronics Fund Transfer / Payment System ● Limited Cryptographic algorithm ● Support specific applications – EFT Key Management – MAC (Message Authentication Code) ● May not support standard APIs
  27. 27. HSM Speed ● RSA Signing Speed → Signing operations per second (at 1024- bit, public exponent 3 or 65537) ● RSA Key Generation Speed → Keys per second (at 1024-bit and 2048-bit) ● Visa PIN Verification → Operation per second ● AES Encryption → MB per second (at 256-bit key length)
  28. 28. HSM Licensing ● HSM specification may support many cryptography algorithms but not all are activated – Algorithm activation based on the license ● Maximum encryption/decryption speed may not be the same as declare in the specification – Speed limit by the license ● Network or remote interface type HSM may limit the number of hosts or IP addresses connected to the HSM upon the license
  29. 29. HSM: Standard and Certification ● FIPS 140-2 ● Common Criteria Evaluation Assurance Level (CC-EAL) ● PCI HSM ● APCA ● MEPS
  30. 30. FIPS 140-2 Level Requirement 1 Basic security requirements 2 Tamper evidence, user authentication 3 Tamper detection/resistance, data zeroisation, splitting user roles 4 Very high tamper detection/resistance, Environmental protection
  31. 31. CC-EAL ● What Protection Profile (PP) has been used for the Target of Evaluation (ToE)? – CMCKG-PP – Key Generation – CMCSO-PP – Signing Operations EAL1 Functionally tested EAL2 Structurally tested EAL3 Methodically tested and checked EAL4 Methodically designed, tested, and reviewed EAL5 Semi-formally designed and tested EAL6 Semi-formally verified design and tested EAL7 Formally verified design and tested
  32. 32. HSM Key Backup/Restore ● How do you backup your keystore? – Smart Card – Secure USB Storage ● Key synchronization among two HSMs or more? ● Can you restore a backup elsewhere? – e.g. on a hot-standby site ● Split key backup possible? ● Well-known backup format?
  33. 33. Cloud HSM ● Amazon AWS CloundHSM ● IBM Bluemix HSM https://aws.amazon.com/cloudhsm/ https://www.ibm.com/cloud-computing/bluemix/hardware-security-module
  34. 34. HSM API ● PKCS#11 ● OpenSSL Engine ● Microsoft CAPI ● Java Cryptography Extension ● Vendor specific API ● Low level programming (need for speed) – USB Type or Smart Card Type + Reader: PC/SC + vendor specific smart card application protocol data unit (APDU) – Network Type: Socket programming with vendor specific protocol
  35. 35. PKCS#11 ● PKCS #11 is one of the Public-Key Cryptography Standards but also support other cryptographic functions ● Defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM) and smart cards ● API name is “Cryptoki”, but often called PKCS#11 API as its standard. Complex C API. ● Wrappers – Java Cryptography Architecture/Extension (JCA/JCE) – Pkcs11Interop → .NET (Open source, Nuget package available) – PyKCS11 → Python – Ruby-pkcs11 → Ruby
  36. 36. PKCS#11 Functions ● Key Management – Key & Key Pair Generation – Key Factory – Key Agreement (Diffie-Hellman) – Key Store (Keys & Certificates) ● Cipher (Encrypt/Decrypt) ● Secure Random Number Generator ● Message Digest ● Message Authentication ● Digital Signature
  37. 37. Key Management with HSM Web Service
  38. 38. Pain Points ● How can we encourage developers adopt HSM and key management process? ● How can we ensure that developers properly implement only approved cryptography algorithm? ● How can we help applications rotate keys properly and correctly? ● If we need stronger encryption algorithm or longer key length in the future, how can we migrate the encrypted data without application modification?
  39. 39. HSM Wrapper API Connection Diagram
  40. 40. Wrapping Functions ● decryptdata(AppKeyID, Ciphertext) – Return Plaintext ● encryptdata(AppKeyID, Plaintext) – Return Ciphertext ● translatedata(AppKeyID, Ciphertext) – Return new CipherText ● AppKeyID is not the same as HSM key ID but a pointer to a configuration record of – Encryption algorithm – History list of HSM key IDs usage – decryptdata & encryptdata will always use current key that associates with AppKeyID ● Ciphertext is encrypted data ● Plaintext is original data HSMKeyID AppKeyID ValidFrom 39 3 Last Jan 1 40 4 Last Feb 1 41 3 Next Jan 1 42 4 Next Feb 1 translatedata function will decrypt an input ciphertext with the current key and re-encrypt with the nearest future key For example from key history table, if AppKeyID=3, translatedata function will use HSMKeyID=39 to decrypt input ciphertext to a plaintext, then will encrypt that plaintext with HSMKeyID=41 to a new ciphertext.
  41. 41. Application Example: PGP Decryption Data Encrypt key using receiver‘s public key RSA Encrypted Message Encrypt Decrypt Encrypt data using random key q4fzNeBCRSYqv Encrypted Key Generate Random Key Data TIakvAQkCu2u Random Key Encrypted Message Data q4fzNeBCRSYqv Encrypted Key Decrypt data using key Decrypt using receiver‘s private key RSA TIakvAQkCu2u Data ● Call Wrapper API’s “decryptdata” function with parameters – AppID (Which App Profile) – q4fzNeBCRSYqv as Encrypted Data ● Receive TIakvAQkCu2u as Decrypted Data
  42. 42. Application Example: Secure Password for Deployment Automation
  • ashokm44

    Mar. 3, 2021
  • IanLi1

    Jun. 26, 2020
  • AmerAyyad

    Sep. 18, 2018
  • apemon1

    Jan. 13, 2018
  • iivyinstinct

    Aug. 21, 2017
  • napat2000

    Jun. 29, 2017

Hardware Security Modules (HSMs) are widely use for cryptography key management in many areas such as PKI, card payment, trusted platform modules, etc. However they are rarely used in in-house software development. This presentation will explain about why we need the key management and its fundamental, overview of HSM and how it take parts in key management, HSM selection criterias, and finally, an idea to make a web service wrapper easier to adopt by developers those lack of knowledge in cryptography programming.


Nombre de vues

4 578

Sur Slideshare


À partir des intégrations


Nombre d'intégrations









Mentions J'aime