1 / 23

Key Protection, CSI

Key Protection, CSI. Eric Norman University of Wisconsin-Madison. CSI ?. Cheap, Simple, Impregnable. The Two Principles. Complete accountability of the private key Separation of duty. Complete Accountability of the Private Key.

giulio
Download Presentation

Key Protection, CSI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key Protection, CSI Eric Norman University of Wisconsin-Madison

  2. CSI ? Cheap, Simple, Impregnable.

  3. The Two Principles • Complete accountability of the private key • Separation of duty

  4. Complete Accountability of the Private Key At all times during the life cycle of the private key, we know: how many copies exist, where each copy is located.

  5. Separation of Duty No single person has the capability to use (any copy of) the private key.

  6. Main Protection Rule Never, never, never, never, never, never, never, never, never, never, never, never, never, never, never, never,

  7. Main Protection Rule Never expose the private keyto the Internet!

  8. The Machine I/O limited to: CD ROMs Floppies Keyboard and display USB thingies Swapping is disabled Never leave private key on disk

  9. Lifecycle of Keys Deploy Verify Public Private Idle Sign Destroy Use Create

  10. Key Generation Randomness(create) How do we get randomness when the machine is rebooted immediately before use?

  11. The Unknown Floppies Pic of floppies

  12. Key Storage(idle) All confidential material (media with private keys, physical keys for padlocks, passwords, etc.) is stored in separate tamper evident bags.

  13. Certificate Fingerprints(deploy, verify) • Weekly campus newspaper • Answering machine • Business cards • Compare with your neighbor

  14. Key Usage(sign) Locked door.

  15. Key Usage(sign)

  16. Key Usage(sign) Another locked door.

  17. Key Usage(sign) Pic cabinet 2 locks

  18. Key Usage(sign) Pic media box 2 locks

  19. Key Usage(sign) Boot machine. Read input (private key, to be signed, etc.). Supply two passwords to unlock key. Sign stuff. Write output (certificates, logs). Erase memory and disk. Shut down machine.

  20. Off Site Backup(idle, sign, destroy) Separate safety deposit boxes for: private key media, password half, other password half. Each in its own tamper evident bag. (Should only be necessary for audit or destruction.) It's also possible to just generate new key.

  21. Key Compromise Stop signing with key. Restore trustworthy service. Revoke old key.

  22. Key Destruction(destroy) Simple. Round up all copies and destroy them. Protecting a private key by destroying it is a strategy that might be applicable more often than you think.

  23. CSI ! Cheap, Simple, Impregnable.

More Related