Tuesday, May 24, 2011

Why We Use Hardware Security Modules

[Updated 5/22/2013] My statement, in the summary, about the limited value of an HSM when using soft keys was poorly articulated.

Hardware Security Modules (HSMs) are a security device that adds a lot of expense, man hours, and complexity to a data processing system. As security and usability are always a trade-off, let’s look at when you want to make the trade. First off, what do HSMs to at a basic level? An HSM is a device used for key management and encryption and decryption of data. The HSM holds the key material on the device and there is no way to export the keys in a usable format. This keeps and attacker from copying your encrypted database and then taking the key and decrypting the data offsite, on his own time, where he is less likely to be caught. Used correctly, this is a big security gain.
There are a few guiding principles to keep in mind when looking at the threats to your data and the protections that the proper use on an HSM can bring.
When considering how to implement key management, the other option we look at is software based keys. Let’s take a quick look at the trade-offs of each. As you will see, HSMs are not a silver bullet.
Software Keys
Someone with physical access to your server can take your keys*
An attacker who can execute code on your servers can copy your keys
A rogue administrator can copy your keys
Use adds considerable extra expense
Use adds considerable complexity
Someone with root level access to your app server can see data before it is encrypted
*Properly configured, the keys are unusable even if the HSM is stolen.
While there are hundreds of specific threats and attack vectors against your data processing systems, it is important to align your controls to specific threats. In the case of using hardware encryption modules, there are three basics threats that might make us consider the use of an HSM over software based keys.
  1. The rogue administrator.
  2. Attackers with physical access to servers.
  3. Attackers who have root access on servers.
While there may be some other benefits offered by an HSM, they are ancillary and redundant to other controls that should be in place.
We need to understand a couple of basic HSM concepts before we can see what they do for us.
  • The Security World – This is a logical concept that can span more than one HSM. It is a group of HSMs that all share a common master key. Members of a security world can share application keys from other members in the world. Keys can be copied to security world members without possibility of comprise.
  • Smart Cards – The security world is run by and protected with smart cards. These cards are actually small computers that that can create keys, store them and perform operations using them. The cards can be protected with a PIN for additional security. The cards are designed to make it very difficult to copy a card in a short time and without destroying it.
  • k of n card sets – Many operations on an HSM require a high level of assurance, so the HSM can be setup to require more than one smartcard be used to perform an operation. The card set is sized and distributed so that it is unlikely that cardholders will be able to collaborate on subversive actions. The number of cards required to perform actions is called a quorum. A large n ensures that if cards are lost or destroyed enough can still be found to maintain uptime. k of n is based on Shamir’s Secret Sharing algorithm.
  • Administrator Card Set - The ACS cards run the security world, in conjunction with the HSM. ACS cards are used to backup and restore the security world. This includes adding new HSMs to the security world. The key that decrypts the backup file for disaster recovery and adding devices to the security world is base on the ACS and protected with the secret sharing algorithm.
  • Operator Cards – The OCS cards are used to access application keys. These are the keys that actually encrypt and decrypt the data. The OCS k of n can be different from the ACS k of n.
  • HSM Soft keys – The HSM soft keys these are application keys that can be used with no action from an OCS card set. All you need to do is boot the server holding the HSM, or the netHSM. If an attacker takes the HSM, they have unrestricted use of the key. They can’t export the key, but they can use the key at will to decrypt any stolen encrypted data.
When properly configured, the HSM keeps and attacker with privileged access or a rogue administrator from taking a copy of your encrypted data and copy of your key and decrypting your data at their leisure. The best the attacker can do is to grab data before it is encrypted or send encrypted data to the HSM for decryption. When looked at in conjunction with proper audit logs and some sort of IDS or IPS solution, this should significantly limit the time that the attacker has access to gather plaintext data.
If an attacker manages to steal an HSM they cannot copy your security worlds as they lack the ACS quorum. They cannot use OCS protected keys without the OCS quorum. HOWEVER, anything protected by HSM soft keys can be decrypted by simply putting the stolen HSM online in a new system.
The bottom line is this:
  • If you use an HSM with HSM Soft keys, you probably are wasting your money as you are not reducing risk when attackers have physical access. You can get the same logical access value with keys stored in the file system of the appropriate application tier. [Update] The HSM still provides lots of value, as a stolen HSM should go noticed.  You still do need to keep in mind that your operations, both physical and logical, may have a weak link that can lower the security of your overall system. 
  • If the attacker has root access at the right tier in your application, at a minimum, they can copy off the data before it is encrypted and worse case, they can call APIs to decrypt data at will.
HSMs are awesome, but don’t assume just they will solve your problems. In my experience, the biggest holes are created by the applications and APIs that rely on the HSMs.

Thursday, May 5, 2011

The Next Big Thing in Information Security

Many of us in the industry are bothered by the use of security vendors selling based on Fear, Uncertainty, and Doubt (FUD). FUD gets in the way of rational thought and often has a negative impact on proper prioritization and budgeting. Specific vulnerabilities may change, but the basics have not; Threats can come from the host, application, or network.

The latest “new” scary thing to fear is the Advanced Persistent Threat. This is terrifying!!! What is this new threat? The threat is just that virus and malware authors are getting better at their jobs. Now that there is a market for cyber-crime, hostage-ware and the like, the bad guys are getting more advanced. The free market is at work and the money attracts talent. All the APT does is makes itself really hard to remove. The bad guys are just finding more ways and have better logic behind their execution. In windows for example, they are placing the their code in many location, in multiple forms, running in multiple processes that reinforce each other, and that startup in many locations and for many reasons. Their code starts early and when you kill one of their processes, another re-instantiates it. They bad guys are just getting more thorough.

Now that the security marketing guys have invented this new scary threat, there is only one solution, my solution. We need to map a very specific control to a specific threat or vulnerability. There is only one control that can meet this threat head on; the “Advanced Persistent Control” or the “Advanced Persistent Control Suite”. These are really enterprise solutions. To address the consumer space; we need a product with “Advanced Persistent Protection”. No other compensating control maps so perfectly to the threat.

I have Googled, Binged, Yahooed, Patent and Trademark searched the heck out of these things* and get no hits, so I am in the process of filing the appropriate trademark, service mark, provisional patents and copyright paperwork to protect these names and technologies. Boy do I love how the patent office allows such insanely broad patents. I own these names, but will be willing to license them to security vendors if their products and bids qualify.

That’s right, Symantec, McAfee, Kaspersky, or an up and comer, line up and start bidding. For the right price, I will sell my rights completely; otherwise I may just license limited use of the names. I must warn you, don’t think you can just take these names. They are not in common use and they are mine. Like Michael Let’s Get Ready to RumbleBuffer, I plan to carefully and jealously guard my property.

Consumers beware, if you do not have Advance Persistent Protection, you are asking to be a victim of cyber-crime.

Corporations, without an Advanced Persistent Control Suite, you are not taking due diligence to protect your customers’ data and intellectual property. I smell grounds for gross negligence. Don't be a victim, like RSA.

Bidders, you can contact me at mark.gamache@gmail.com

*Ok, there was on unrelated hit on one of the terms. One!

Inputting falsified referrals to this site violates the terms of service of this site and is considered unauthorized access (hacking).