Virtual HSM Implementation in Openvz Containers

Virtual HSM Implementation in Openvz Containers

Virtual HSM implementation in OpenVZ containers Dmitriy Kartashov Saint-Petersburg Academic University of RAS 2014 (SPbAU) Virtual HSM 2014 1 / 15 Introduction Hardware Security Module (HSM) external pluggable device that stores data in the internal memory and performs cryptographic operations on that data. Motivation I some host providers oer facilities to improve the security of sensitive data; I it's achieved by using hardware security modules; I maintaining these devices is expensive for customers. Aim I we want to develop a solution which security is comparable to HSM, but utilization and maintenance costs are much lower. (SPbAU) Virtual HSM 2014 2 / 15 Idea of Virtual HSM I Store the sensitive data and operate on them in one environment and process the results of cryptographic operations in the other. I Runtime environments are represented by virtual containers. I Client application cannot access the secret data directly this is achieved by OS mechanisms. (SPbAU) Virtual HSM 2014 3 / 15 Alternative solutions I OpenDNSSEC SoftHSM or any other software token secure storage implementation with PKCS#11 API. Disadvantages: I cryptographic operations are performed in a client application environment; I non-scalability. I Trusted Virtual Securty Module (TvSM) security module that uses Java VM as isolated environment. Disadvantages: I non-standard API; I can't be used by host providers; (SPbAU) Virtual HSM 2014 4 / 15 Virtual HSM architecture (SPbAU) Virtual HSM 2014 5 / 15 Virtual HSM components I VHSM server I authentication; I performs cryptographic operations on secret data; I Secure storage I keeps encrypted user data; I Transport I data exchange between client and server virtual environments; I container identication; I VHSM API library I interaction with VHSM from client environment; (SPbAU) Virtual HSM 2014 6 / 15 VHSM server registration I registration via VHSM API by admin-user; I the master key used for user data encryption is generated by the PBKDF2 from the user password; I 256-bit authentication key encrypted with master-key in GCM mode is generated through the registration process; (SPbAU) Virtual HSM 2014 7 / 15 VHSM server authentication I user login and password + container id; I auth key decrpyption success grants access to the VHSM; (SPbAU) Virtual HSM 2014 8 / 15 Secure storage I SQL database; I encryption AES-GCM with user master key; I secret data are accessed by id; (SPbAU) Virtual HSM 2014 9 / 15 Transport I high-level communication protocol Protocol Buers; I inter-container communication Netlink; (SPbAU) Virtual HSM 2014 10 / 15 Client virtual environment Part of PKCS#11 API: I session management, user authentication; I key management: import, generation, destroying; I digital signature (HMAC-SHA1), encryption (AES-GCM); I user management: creation, modication, destroying; (SPbAU) Virtual HSM 2014 11 / 15 Threat analysis Condentiality I reading secret user data from the client application memory I secret data are processed in the isolated and trusted environment only; I user data disclosure due to database leakage I secret data are stored in the encrypted form, the encryption key is not stored in the persistent storage and derived from the user password; I direct DB access / SQL-injection I the database is stored in isolated environment; SQL prepared statements usage. (SPbAU) Virtual HSM 2014 12 / 15 Threat analysis Privileges escalation / Accessibility I sending of ill-formed messages I transport module checks the message header. Attacks on protobuf parser are dicult because of xed message structure; I DoS-attack by calling API functions or sending messages frequently I currently no protection is implemented; (SPbAU) Virtual HSM 2014 13 / 15 Conclusion Virtual HSM is one of possible implementations of the software HSM where logical execution environments are separated and isolated. Advantages: I host-providers don't require additional resources to maintain this solution; I scalability is limited only by hardware resources. Disadvantages: I less secure than a real HSM; I poor performance due to lack of hardware acceleration. Links: I repository: http://git.openvz.org/?p=vhsm I wiki: http://openvz.org/Virtual_HSM (SPbAU) Virtual HSM 2014 14 / 15 Thank You (SPbAU) Virtual HSM 2014 15 / 15.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    15 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us