HSM outage causes root CA key loss

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Jul 15 00:56:12 EDT 2009

"Jeffrey I. Schiller" <jis at mit.edu> writes:

>Because of prior experience with a SafeKeyper(tm) (a very large HSM), I
>learned that when the only copy of your key is in an HSM, the HSM vendor
>really owns you key, or at least they own you!

I thought the Safekeypers had a cloning mechanism (as do things like Chrysalis
cards, although that proved to be not very secure when it was reverse-
engineered), and the idea was that you cloned one into the other as a backup?
Mind you at $x0,000 per device that's a good business for the HSM vendor.

"Weger, B.M.M. de" <b.m.m.d.weger at TUE.nl> writes:

>Suppose this happens in a production environment of some CA (root or not),
>how big a problem is this? I can see two issues:
>- they have to build a new CA and distribute its certificate to all users,
>  which is annoying and maybe costly but not a security problem,
>- if they rely on the CA for signing CRLs (or whatever0 revocation
>  mechanism they're using) then they have to find0 some other way to revoke
>  existing certificates.

The original article doesn't make this clear but what's involved here isn't
really a PKI in the conventional sense but more something like a master-keyed
system in the style of ATM networks.  In the same marvellous repurposing of
terminology that often occurs elsewhere in smart cards where, for example, a
checksum becomes a "signature", in this case the "certificates" are just a
jumble of parameters, some stuffed inside the signature itself (via a sign-
with-message-recovery mechanism instead of the usual sign-with-appendix) and
the rest bound to it through a hash.  The "CA" key is more an attestation key,
there are no CRLs or certificate-checking in the conventional sense (you can
get away with these name games by calling the stored data a "card verifiable
certificate", and if you have a "certificate" then what signs it is obviously
a "CA", so you get something that seems to be a PKI but isn't).  So when you
lose your master key as they did in this case and there isn't really a PKI
there at all, it really is game over.

Even if it was a real PKI, rolling over a root is an incredibly traumatic
experience, which one trial found could only be done via a "system rebuild"
(in plain english a reformat and reinstall of the whole PKI).  This is why CA
root certs have a 20-40 year lifetime, so you never end up in a position where
you have to roll them over.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list