Unattended reboots (was Re: The clouds are not random enough)
Darren J Moffat
Darren.Moffat at Sun.COM
Mon Aug 3 04:55:34 EDT 2009
Arshad Noor wrote:
> Almost every e-commerce site (that needs to be PCI-DSS compliant) I've
> worked with in the last few years, insists on having unattended reboots.
Not only that but many will be multi-node High Availability cluster
systems as well or will be horizontally scaled. This means that there
are multiple machines needing access to the same key material. Or it
means putting a crypto protocol terminator "on the front" - the down
side of that is loosing end to end security.
> Even when the server is configured with a FIPS-certified HSM and the
> cryptographic keys are in secure storage with M of N controls for access
> to the keys, in order for the application to have access to the keys in
> the crypto hardware upon an unattended reboot,
This is because availability of the service is actually more important
to the business than "real" security.
> the PINs to the hardware
> must be accessible to the application. If the application has automatic
Or at least a broker for the application.
> access to the PINs, then so does an attacker who manages to gain entry
> to the machine.
The way we have traditionally done that in Solaris for IKE is to write
the passphrase/PIN in the clear to disk but rely on UNIX permissions to
"protect" ie readable only to root or the user account the service runs as.
> P.S. As an aside, the solution we have settled on is to have the key-
> custodians enter their PINs to the crypto-hardware (even from remote
> locations, if needed, through secure channels). While it does not
> provide for unattended reboots, it does minimize the latency between
> reboots while ensuring that there is nothing persistent on the machine
> with PINs to the crypto-hardware.
We recently added this ability for the IKE daemon on Solaris/OpenSolaris
for the case when the private keys IKE uses are stored in a PKCS#11
keystore (HSM or TPM). However we don't expect this to be used in the
case where unattended reboots or cluster failover be used.
This is really no different to storing a root/host/service keytab on
disk for Kerberos - yet that seems to be accepted practice even in
organisations that by policy don't want passphrase/PIN on disk.
--
Darren J Moffat
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list