Cryptography Reference
In-Depth Information
they are typically not secure enough to store cryptographic keys that are critical
for an entire system, such as a system master key.
COMMUNICATING WITH HARDWARE
The use of hardware is a good means of protecting stored keys, however, it relies
on a secure interface between the processes outside the hardware and the processes
inside the hardware. For example, without a secure interface it might be possible
for an unauthorised party to take an encrypted key from a database outside the
hardware and 'persuade' the hardware to decrypt and then use this key on their
behalf to reveal the result of a cryptographic computation. The problem is that the
hardware responds to external calls, which can come fromany number of different
applications.Most hardware requires an
Application Programming Interface
(API)
that contains a large number of different commands such as generate key, verify
PIN, validate MAC, etc. It is therefore possible that an attacker could utilise these
commands.
The security of this interface relies on access control to applications and
devices, which in turn is related to the security of the hardware computing
platform and the physical security surrounding it. Thus HSMs for important
applications such as banking systems are always located in tightly controlled
environments, both logically and physically.
In order to exploit weaknesses in an API, an attacker needs to write an
application and have communication access to the hardware. Such an attacker
would probably need to be a 'privileged' insider. Nonetheless, some proof-of-
concept attacks have been publicised against the APIs of commercial HSMs. We
will give an example of an API attack in Section 10.6.1.
EVALUATING HARDWARE
Since hardware is often used for critical components of a key management
system, it is essential to have high confidence that it is sufficiently secure to
fulfill its role. Obviously, it is not in a security hardware vendor's interests to
produce insecure products, so they normally maintain high levels of vigilance
regarding the security of their products. They also spend a lot of time
reviewing and analysing the associated APIs. There are several organisations
that carry out independent evaluations of the physical protection offered by
hardware, particularly HSMs. There are also standards for HSM security,
the most important of which is FIPS 140, against which most HSMs are
evaluated.
10.5.4
Key storage risk factors
The risks to key storage media depend not only on the devices on which keys
are stored, but also on the environments within which the devices reside. This
relationship is indicated in Figure 10.6, which identifies four zones based on
different environmental and device controls.
