Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.
-
Upload
alonzo-pender -
Category
Documents
-
view
226 -
download
4
Transcript of Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.
![Page 1: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/1.jpg)
Hardware Security Modules and Kerberos
Asanka Herath
Secure Endpoints Inc.
![Page 2: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/2.jpg)
WHY HSMS?Advantages of integrating HSMs into the Kerberos infrastructure
![Page 3: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/3.jpg)
Why HSMs?
Compromise containment Reliable Auditing Performance Compliance (FIPS 140)
![Page 4: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/4.jpg)
KEY MANAGEMENT WITH AN HSM
Changes to key management when integrating an HSM
![Page 5: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/5.jpg)
For example…
![Page 6: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/6.jpg)
nCipher nShield
![Page 7: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/7.jpg)
NCIPHER SECURITY WORLDS
![Page 8: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/8.jpg)
Properties of a Security World
Key management• Managed key usage
Key encapsulation• Keys generated and live inside the security
world and (ideally) never leave Secure code execution
• Secure Execution Environment (SEE)
![Page 9: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/9.jpg)
A Security World Consists of …
Hardware modules Administrator card set Operator card sets and/or softcards Encrypted key data or certificate data
![Page 10: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/10.jpg)
The Security World Key
• Contained in …• The administrator card set
• Protects …• Key recovery information
![Page 11: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/11.jpg)
Module Key
Contained in …• The hardware module
Protects …• Application keys
![Page 12: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/12.jpg)
Operator Keys
Contained in …• Operator card sets
Protects …• Application keys
![Page 13: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/13.jpg)
Application Keys
Contained in …• Key blobs
Protects …• Other applications keys• Data
![Page 14: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/14.jpg)
A Security World Consists of …
Keys that protect other keys
![Page 15: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/15.jpg)
A Hierarchy of Keys
Application Key A
Operator Key A
Operator Card Set
Application Key B
Data
![Page 16: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/16.jpg)
A Hierarchy of Keys
Application Key A
Module Key
Application Key B
Data
![Page 17: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/17.jpg)
Privilege Separation
Ability to use a key gives the ability to use child keys
But not vice-versa Facilitates privilege separation
![Page 18: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/18.jpg)
Key Tickets
Can be issued for any loaded key Can be redeemed for the use of a
specific key• Necessary for delegating use of keys across
application boundaries Transient
• Per session
![Page 19: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/19.jpg)
Working With Key Tickets
Application Key A
Application Key B
Application Key B Ticket
Application Key B
Application Key B Ticket
Data
Process 1 Process 2
![Page 20: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/20.jpg)
HEIMDALIntegrating HSMs with Kerberos infrastructure
![Page 21: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/21.jpg)
Key Usage Model in Heimdal
Application has access to plaintext key
![Page 22: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/22.jpg)
New Key Usage Model
Separate key usage from key material• An application doesn’t need the plaintext key in order
to use it Ability to specify a key without knowing the
plaintext key• Key tickets• Key blobs• Key identifiers
Ability to load and unload keys• Using already loaded keys
![Page 23: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/23.jpg)
KERBEROS API AND LIBRARY
What’s involved in integrating the use of HSMs into code
![Page 24: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/24.jpg)
Key Encoding
Current …• Assumes knowledge of the physical key
• Key length is fixed• No need to prepare/clean up keys. Stateless.
(exceptions: derived keys, key schedules)
Need …• Backwards compatibility• Support key references
• Key tokens• Key blobs• Key identifiers
![Page 25: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/25.jpg)
Key Blob
Contains (encrypted with parent key)• Key• Access control list• Usage constraints
• Time limits• Use limits
• Issuance certificate• Security world and module information
• Timestamps
![Page 26: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/26.jpg)
Key Types and Encryption Types
A new “Key Type”? A new “Encryption Type”? Must distinguish between a plaintext key
and a key reference
![Page 27: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/27.jpg)
Something like …
Plain text (fixed)
Header
Key blob (variable)
Header
Key reference (variable)
![Page 28: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/28.jpg)
Key “Lifetimes”
Loading a key requires a parent/authorization key to be already loaded
“Lifetime” refers to the time between loading and unloading a key
![Page 29: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/29.jpg)
Connection to Hardware Devices
Connections must be established first• Can be somewhat expensive• Lazy connections
Connections should be avoided if unnecessary• Specially for client libraries where we may or
may not have access to the security world and access to security world is not necessary
![Page 30: Hardware Security Modules and Kerberos Asanka Herath Secure Endpoints Inc.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551a1d2855034619378b5267/html5/thumbnails/30.jpg)
Privilege Separated Processes
Break into privilege separates processes Move privileged code into SEE