[Opendnssec-user] Why protect keys with a hardware HSM?
roy at nominet.org.uk
Tue Oct 27 08:30:10 UTC 2009
Ville Mattila wrote on 10/27/2009 05:08:37 PM:
> Why should one bother setting up a hardware HSM for OpenDNSSEC signer
> to protect zone/key signing keys?
To be clear, OpenDNSSEC does not mandate a hardware HSM. It is possible to
run it with SoftHSM.
> Consider attacker trying to forge a signed zone. He gains root
> on OpenDNSSEC signer host and modifies the incoming yet-unsigned zone
> data before the records are fed to HSM for signing. Thus root access
> (and the user processing incoming unsigned zone) on OpenDNSSEC signer
> host must be secured very carefully regardless of whether one is using
> hardware or software HSM. Right?
> Keys must, of course, be well protected and hardware HSM does that
> better than software (because of far more restricted physical/software
> access methods?). But what are the signing keys in general good for
> from attackers point of view? Use them for poisoning a resolvers cache
> with e.g. the well known Kaminsky method?
> Anything else?
Signing a zone also provides protection against man in the middle attacks,
i.e. scenarios with a compromised secondary server, or with a compromised
system somewhere on the path between the server and the validator. This is
an independent class of attacks from cache-poisoning.
Additionally, signing a zone increases the usability of that zone for
securely distributing additional services. As an example, folks already
envision x509 certificates in the DNS, signed using DNSSEC.
An HSM can also be used as a signing accelerator, when a software based
keystore (for lack of a better term) is just not fast enough.
An HSM solves the problem of key-leakage, but not key abuse. Anyone with
remote (and root) access to a system that communicates with an HSM is
likely able to inject data.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user