Professional Documents
Culture Documents
net/publication/221190722
CITATIONS READS
21 1,516
3 authors, including:
Some of the authors of this publication are also working on these related projects:
AutoManSec 4 CloudIoT - Autonomic Management and Security for Cloud and IoT View project
All content following this page was uploaded by Jean Everson Martina on 02 May 2014.
Once the backup process is triggered, the administrators The private key of the backup HSM (krbkp ) is loaded from
group is authenticated using authenticateGroup algorithm, backup data storage BDS in step 1. In step 2, the session
stated by step 1. In step 2, the HSM’s certificate (ch ) and key ksbkp used to encrypt the backup package file (BP F )
encrypted private key (ekrh ) are loaded from ADS, and is decrypted using krbkp . The BP F is decrypted in step 3
then, the HSM’s private key is released in step 3. The steps using ksbkp , released previously. As explained before, this
between 4 and 9 copy the current content of all data stored algorithm must authenticate the administrators group and
into backup package file (BP F ), excluding non-exportable a auditors group, so, in steps 4 and 5, the HSM reads CT L
data storage (N XD) as explained by Martina[13]. Briefly, and ADS from BP F and, in step 6, authenticates the ad-
the N XD stores a part of the secret required for the ad- ministrators group. Once again, in step 7, AudDS is read
ministrators to perform any action over operators groups, from the BP F , enabling the HSM to authenticate the audi-
then, once the backup is recover in a new HSM, each oper- tors group in step 8. Finally, in steps 9 to 11, ODS, KDS
ators group must explicitly authorise the adminitrators to and BDS are read from BP F and a new instance of the
act again on its behalf. This gives assurance to the opera- HSM is made fully operational.
tors group in question that no backup of their keys can be
recovered and become usable without their consent. 6. ADDITIONAL PROCEDURES
In step 10, the HSM loads the set of backup certificates Security hardware by itself, in real situations, is not suf-
(Cbkp ) previously imported to define the target HSMs. The ficient to guarantee the security of critical systems. Addi-
backup session key is generated in step 11 and used in step tional procedures are necessary, such as the testimony of
12 for encrypting the BP F . A signature is made in step 13 witnesses. These procedures and testimonies should be pre-
from the encrypted backup package file for external checks. viewed in a PKI practice statement as well as the description
Therefore, in steps 14 to 16, the loop performs an encryp- of all ceremonies. Important ceremonies include the creation
tion of the backup session key ksbkp using each public key of of backups and the moment at which a backup HSM is made
backup HSM’s certificates, creating as many encrypted ses- operational.
sion keys as backup certificates there exist. Finally, the list Despite very pertinent to PKI operation, this topic is of-
of encrypted backup session keys and the signed encrypted tenly forgotten. Recently, it was revisited by Ellison [7],
backup package file (seBKP ) are exported as a result of the who points its real importance to cover all outbound oper-
execution. ations, normally done by human nodes, in any secure op-
eration which involves mechanised nodes. Normally we do
5.4 Recovering Backups have to consider for security reasons, all operations in any
Recovery of HSM backups is only allowed in HSMs al- security protocol or algorithm, even those needed to create
ready prepared as backup HSM, i.e., where the algorithm the requisites to their operation.
from subsection 5.1 were run, and the exported backup cer- In our case,as a prerequisite, every operation must be
tificate has been imported previously before the backup was logged because these logs allow the auditors groups to create
Figure 3: Creating backup file ceremony
activity trails. If any problem occurs with the main HSM, mony steps, involving as many people as possible and, ide-
its backup can be recovered. Its internal state will be just as ally, recording the ceremony.
at the backup procedure, without logs and procedures done After a ceremony, a final report must be generated us-
subsequently. So, just a backup does not solve their prob- ing all available data, which should also include ceremony
lems. The auditors groups have an important role in this steps’ registers and logs. Finally, attendees present sign the
context: tracing operations, controlling the administrators, report guaranteeing the veracity of the operation. Tests on
validating the operators groups’ activities and others. the ceremony steps should be performed beforehand, using
As shown in the last section, the creation of a backup a parallel environment to try to avoid problems. These cer-
involves many steps and, consequently, some critical points emonies will also allow the auditors groups to follow the
are met. A useful way of avoiding possible mistakes and system trail using logs.
maintaining the systems is to perform ceremonies. Figure 3 Additionally, to avoid any possible compromise of the so-
shows the ceremony to create backup files in the OpenHSM. lution, some additional measures should be taken. If, for
The full ceremony description for the OpenHSM usage is instance, an HSM becomes inoperative, the HSM should not
not the focus of this present paper, but this small fragment be repaired. In this case, the HSM should be burnt, for in-
already shows us two important concerns: stance, in a incinerator. This eliminates any possibility of
keys being recovered.
• A log extraction in the beginning of the ceremony, to Finally, the operational HSM and its backup HSM should
enable us to trust the HSM before starting the proce- be kept in different sites, avoiding the loss of both at the
dure, thus avoiding operation if any tamper tentative same incident.
was tried since last operation;