dejanpan / sros2

tools to generate and distribute keys for SROS 2
Apache License 2.0
0 stars 0 forks source link

Elaborate (hypothetically) what the problem is if one does not have a proper HSM #4

Open dejanpan opened 7 years ago

dejanpan commented 7 years ago

HSM = Hardware Security Module (https://en.wikipedia.org/wiki/Hardware_security_module).

Right now digital keys for authentication are stored probably in root?

awkonecki commented 7 years ago

Keys are typically not stored in the raw. Typically a cryptographic hash is stored of the key itself with some algorithm identifiers and possible salf/seed/initialization information. On linux for example /etc/.passwd is the file that contains users and passwords. However not even a hash is stored in this file. An x is indicated to inform that the cryptographic hash and salt information is stored in the shadow file i believe is in /etc/shadow. So when a process attempts to check user login information, the application must be allowed to call the the kernel cryptographic functions and access the shadow and password file. Linux makes available a standard API do perform this method.

In a case in which an application is managing all its own secret information i.e. no key chain or API call to standard kernel operations the secret material is likely to reside in a static memory location; albeit encrypted until needed (i.e. it is recommended that when an application receives key material that it encrypts it immediately to provide a level of obfuscation to a process that may happen to be snooping on the memory that the process is operating on.

HSMs can provide the same, or operate on the keys in the plain as long as there is no software that allows exfiltration of the key material itself but this is dependent on the scenario.

On Tue, Jul 18, 2017 at 2:28 PM, Dejan Pangercic notifications@github.com wrote:

Assigned #4 https://github.com/dejanpan/sros2/issues/4 to @akonecki https://github.com/akonecki.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/dejanpan/sros2/issues/4#event-1169181343, or mute the thread https://github.com/notifications/unsubscribe-auth/ACW8J13b9ypCeK2W8MrpqnDPTHjQM0G6ks5sPSNsgaJpZM4Ob8oF .

awkonecki commented 7 years ago

An HSM allows the application to pose questions to the HSM without revealing the secret material to the querying application (it acts like an oracle where data and provided and acted upon by the HSM; HSM in the end will provide a result. Depending on implementation it may or may not reveal success or failure and would be dependent on the application to catch by process a resultant answer.

HSM only provides a place to keep secrets and possibly operate on the secret material within a Trusted Execution Environment. The access to the HSM is assumed trust-worthy and is typically managed by the Kernel that would resemble something similar to access to the passwd/shadow files in linux.