Abstract
The private keys used in a PKI are its most important asset. Protect these keys from unauthorised use or disclosure is essential to secure a PKI. Relying parties need assurances that the private key used to sign their certificates is controlled and managed following pre-defined statement policy. Hardware Security Modules (HSM) offer physical and logical protection and should be considered for any PKI deployment. The software that manages keys inside an HSM should control all life cycle of a private key. Normally this kind of equipment implements a embedded key management protocol and this protocols are not available to public scrutiny due to industrial interests. Other important issue is that HSMs are targeted in their development to the Bank industry and not to PKI, making some important PKI issues, like, strict key usage control and a secure auditing trail, play a secondary role. This paper presents an open protocol to securely manage private keys inside HSMs. The protocol is described, analysed and discussed.
Keywords
- Key management protocol
- Hardware Security Modules
Work supported and founded by Rede Nacional de Pesquisa/Brazil.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
FIPS: Security requirements for cryptographic modules, FIPS PUB 140-2 (2002)
Killmann, W., Leitold, H., Posch, R., Sall é, P.: Protection profile - secure signature-creation device type 3 (July 2001), http://www.commoncriteriaportal.org/public/files/ppfiles/pp0006b.pdf
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for key management part 1: General. Technical Report 800-57, NIST, May 2006, NIST Special Publication (2006)
Neumann, P.G.: Crypto key management. Commun. ACM 40(8), 136 (1997)
Daemen, J.: Management of secret keys: Dynamic key handling. In: Preneel, B., Rijmen, V. (eds.) State of the Art in Applied Cryptography. LNCS, vol. 1528, pp. 264–276. Springer, Heidelberg (1998)
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography. CRC Press, Boca Raton, FL, USA (1996)
Schiller, J.: Protecting a private key in a ca context, A useful discussion of the issues and patterns (2000)
Kerckhoffs, A.: La cryptographie militaire. Journal des sciences militaires IX, 5–38 (1883)
Shannon, C.E.: A mathematical theory of communication. Bell System Technical Journal 27, 379–423 (1948)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
X.509, I.T.R.: Information technology - open systems interconnection - the directory: Authentication framework. Technical report, ITU-T (1997)
Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Martina, J.E., de Souza, T.C.S., Custodio, R.F. (2007). OpenHSM: An Open Key Life Cycle Protocol for Public Key Infrastructure’s Hardware Security Modules. In: Lopez, J., Samarati, P., Ferrer, J.L. (eds) Public Key Infrastructure. EuroPKI 2007. Lecture Notes in Computer Science, vol 4582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73408-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-73408-6_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73407-9
Online ISBN: 978-3-540-73408-6
eBook Packages: Computer ScienceComputer Science (R0)