Beruflich Dokumente
Kultur Dokumente
Overview
Certificate Services in Microsoft Windows Server products provide an
integrated Public Key Infrastructure (PKI) for use by a wide range of
Windows applications. This paper examines how the addition of a SafeNet
Luna Hardware Security Module (HSM) provides a higher level of security in
a Windows Server PKI deployment.
Introduction
To aid a successful and secure Public Key Infrastructure (PKI)
implementation, this article examines the essential concepts, technology,
components, and operations associated with deploying a Microsoft PKI with
root key protection performed by a SafeNet Luna Hardware Security Module
(HSM).
Identity
Integrity
Privacy
Authentication
Access control
Non-repudiation
How It Works
Who exactly are Alice, Bob, and Charles? Just as Dick, Spot, and Jane were
invented to teach reading, cryptographers created Alice, Bob, and Charles to
illustrate encryption technology and its importance in the business world.
Alice and Bob represent individuals who wish to secure their
communications, while Charles represents an outside party who is
attempting to intercept private messages or deceive the other participants.
Each participant wishing to send a message creates two keys (a key pair)
that are different, but mathematically related. One of the two keys is a public
key, also called an encryption key, that can be freely shared and distributed;
the other is a private key, also called a decryption key, which is kept secret
and known only to the person who holds it.
When subordinate CAs issue certificates, they sign the certificate with their
own private key. The recipient of the certificate can verify the authenticity of
the subordinate CA by checking the validity of the subordinate CAs
certificate. While not holding the root key, the subordinate CAs private key
must still be protected with the same precautions as the root key. If a
subordinate CAs private key were compromised, the loss of trust within the
PKI would be devastating.
Because of the importance of the root key and the subordinate CAs private
keys, to the operation of a PKI, they should be protected with the best
available physical, technological, and operational security. Hardware Security
Modules (HSMs) address these additional security requirements with secure
hardware to generate, store, and manage sensitive private keys.
HSM Functionality
As discussed later in this article, an HSM must maintain the integrity of
private keys in a PKI. An HSM should adhere to one or more recognized
security and operational standards defined by various industry groups, such
as the Federal Information Processing Standard (FIPS), Common Criteria,
etc. An HSM deployment, and supporting operational practices, should also
address the requirements of reputable business processes and security
auditors to provide the highest degree of protection for the CA and its root
keys.
In the deployment of a Microsoft Windows Server Certificate Authority, the
co-deployment of an HSM is highly recommended to protect the CA root
keys and maintain the integrity of the resultant PKI, certificates, and PKIdependent applications.
The complete root key life cycle is contained within a Luna HSM secure,
cryptographic hardware module, associated tokens, and validated
storage module. Key material is never available at any time on the host
CAs hard drive, tape backup media, system memory, or smart card.
Note: Key materials contained on a Luna HSM can be permanently
deleted by reinitializing the token, although most audit procedures
specify physical destruction of the token in order to be thorough and
complete. It is also recommended that secure storage and material
access/audit controls be implemented to track all tokens.
FIPS validation
FIPS Validation
Administered by the National Institute of Security and Technology (NIST), the
FIPS standard sets criteria for the physical and operational security of
cryptographic security modules. Differing levels of FIPS validation exist to
accommodate varying levels of security application requirements. FIPS
recognizes four levels (1-4) of validation corresponding to increasing levels of
security in the device. For example, Level 2 provides a higher level of
security than Level 1.
FIPS validation ensures that a device meets the high level of physical
security required when protecting private keys resident on an HSM, including
tamper resistance, physical security, data integrity, and access control
measures. A Threat-Risk Assessment (TRA) from a security consultant can
help you choose the validation level best suited to your application.
Note: More information on FIPS can be found at http://csrc.nist.gov/.
Luna HSMs for root key protection are FIPS Level 3-validated to provide
intrusion resistance and tamper evidence in secure environments.
The Luna HSM generates all keys, including private keys, within a
secure cryptographic hardware token.
Luna HSMs also provide additional safeguards during the key generation
procedure by using a secure onboard Random Bit Generator (Annex C
of ANSI 9.17 and X9.82) to create a random key seed.
The Luna HSM stores private keys within its FIPS Level 3-validated
secure cryptographic hardware token.
Luna HSMs certified to FIPS level 3 include the Luna PED, a handheld
keypad device. The Luna PED provides independent login and
authentication to the HSM by communicating directly with the
cryptographic token via a dedicated cable connected to the Luna
DOCK's secure data port. This provides a trusted path between the Luna
PED and the Luna cryptographic token during authentication.
Luna HSM differentiates between five roles that are typically present
during the life of an HSM through the use of different PED keys for
authentication:
The grey PED key is used solely to initialize the token during setup.
The blue PED key is used by the security officer for token
configuration and security management tasks.
The black PED key is held by the administrator for operational user.
The red PED key is used to back up private keys from one Luna
HSM token to another.
The green PED keys are used for secret sharing with M of N access
controls.
No individual holds more than one key, thereby forcing collusion between
trusted parties before a malicious act can be committed.
Trusted Path AuthenticationLuna HSMs uses the Luna PED, not the
host CA system, for access control and authentication. The Luna PED is
connected directly to the Luna HSM to create a Trusted Path for
authentication and to eliminate the possibility of PINs or login information
being captured with key loggers resident on the host CA server.
PED Keys
A PED key is a key-shaped security device that works in conjunction with the
Luna PED. The PED key serves three distinct roles in maintaining the
security of the Luna HSM:
PED keys are an important part of the operational procedures of a Luna HSM
and should be treated with care. The keys should be clearly labeled and
stored in a safe, secure location at all times. Because the round handle of the
PED key does not contain electronic components, it can be labeled or
engraved for identification.
SafeNet Overview
SafeNet (NASDAQ: SFNT) is a global leader in information security.
Founded more than 20 years ago, the company provides complete security
utilizing its encryption technologies to protect communications, intellectual
property, and digital identities, and offers a full spectrum of products
including hardware, software, and chips. ARM, Bank of America, Cisco
Systems, the Departments of Defense, and Homeland Security, Microsoft,
Samsung, Texas Instruments, the U.S. Internal Revenue Service, and scores
of other customers entrust their security needs to SafeNet. For more
information, visit www.safenet-inc.com.
w w w . s a f e n e t - i n c . c o m
Corporate Headquarters: 4690 Millennium Drive, Belcamp, Maryland 21017 USA
Tel: +1 410.931.7500 or 800.533.3958 email: info@safenet-inc.com