Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Protection, CSI Eric Norman University of Wisconsin-Madison.

Similar presentations


Presentation on theme: "Key Protection, CSI Eric Norman University of Wisconsin-Madison."— Presentation transcript:

1 Key Protection, CSI Eric Norman University of Wisconsin-Madison

2 CSI ? Cheap, Simple, Impregnable.

3 The Two Principles Complete accountability of the private key Separation of duty

4 Complete Accountability of the Private Key At all times during the life cycle of the private key, we know: how many copies exist, where each copy is located.

5 Separation of Duty No single person has the capability to use (any copy of) the private key.

6 Main Protection Rule Never, never, never, never, never, never,

7 Main Protection Rule Never expose the private key to the Internet!

8 The Machine I/O limited to: – CD ROMs – Floppies – Keyboard and display – USB thingies Swapping is disabled Never leave private key on disk

9 Lifecycle of Keys DeployVerify IdleSign Public Private Create Use Destroy

10 Key Generation Randomness (create) How do we get randomness when the machine is rebooted immediately before use?

11 The Unknown Floppies Pic of floppies

12 Key Storage (idle) All confidential material (media with private keys, physical keys for padlocks, passwords, etc.) is stored in separate tamper evident bags.

13 Certificate Fingerprints (deploy, verify) Weekly campus newspaper Answering machine Business cards Compare with your neighbor

14 Key Usage (sign) Locked door.

15 Key Usage (sign)

16 Another locked door.

17 Key Usage (sign) Pic cabinet 2 locks

18 Key Usage (sign) Pic media box 2 locks

19 Key Usage (sign) Boot machine. Read input (private key, to be signed, etc.). Supply two passwords to unlock key. Sign stuff. Write output (certificates, logs). Erase memory and disk. Shut down machine.

20 Off Site Backup (idle, sign, destroy) Separate safety deposit boxes for: private key media, password half, other password half. Each in its own tamper evident bag. (Should only be necessary for audit or destruction.) It's also possible to just generate new key.

21 Key Compromise Stop signing with key. Restore trustworthy service. Revoke old key.

22 Key Destruction (destroy) Simple. Round up all copies and destroy them. Protecting a private key by destroying it is a strategy that might be applicable more often than you think.

23 CSI ! Cheap, Simple, Impregnable.


Download ppt "Key Protection, CSI Eric Norman University of Wisconsin-Madison."

Similar presentations


Ads by Google