Page 599 - StudyBook.pdf
P. 599

Public Key Infrastructure • Chapter 10  583



                 EXAM WARNING
                      Make sure that you understand what a HSM is and why a Smart Card is
                      the most popular form of these modules.




                    For banks, defense institutions, and other extremely high-security environ-
                 ments, there is often a need to retain keys in a HSM that has very high security
                 requirements. In such an HSM, all keys can be generated and kept inside the
                 module, and tampering with the module will result in the destruction of all keying
                 material onboard.As noted above, it can be very expensive to generate new root
                 keys and distribute them, but if your certificate server is capable of signing several
                 million dollars’ worth of transactions, it’s cheaper to do the wholesale replacement
                 of the contents of your PKI than it is to have a key exposed to a malicious intruder
                 (or a malicious insider). Hardware security models are very expensive.

                 Private Key Protection

                 Keeping private keys stored in technologically and physically secure locations must
                 be your first priority when dealing with PKI. Many people take private keys for
                 corporate root CAs completely offline (with modern virtualization techniques, you
                 can create the entire root CA on a bootable USB stick and store it in a safe), store
                 them in a secure place (such as a safe or an offsite storage company), and use them
                 only when they need to generate a new key for a new intermediate CA. However,
                 there is another method of protecting private keys, a process known as escrow.

                 Escrow

                 If you have ever owned a home, you are familiar with the term “escrow.” In terms
                 of owning a home, an escrow account is used to hold monies that are used to pay
                 things like mortgage insurance, taxes, homeowners insurance, and so forth.These
                 monies are held in a secure place (normally by the mortgage company) where only
                 authorized parties are allowed to access it.
                    Key escrow works in the same way.When a company uses key escrow, they
                 keep copies of their private key in one or more secured locations where only
                 authorized persons are allowed to access them.A simple key escrow scheme would
                 involve handing a copy of your keys to an escrow company, who would only
                 divulge the keys back to you (or your successor in the organization you represent),
                 upon presentation of sufficient credentials.



                                                                              www.syngress.com
   594   595   596   597   598   599   600   601   602   603   604