[Opendnssec-user] Why protect keys with a hardware HSM?
Antoin.Verschuren at sidn.nl
Tue Oct 27 08:38:44 UTC 2009
When an attacker has access to the private keys, he can do a rollover to have keys published that the original owner can not use to correct the false entries, and/or he can change the delegation at the parent publishing a new DS that doesn't match the ones in the original NS set anymore, making rolling it back an administrative rather than a technical process.
I agree that a lot of damage can be done when you have access to the unsigned zone data, but at least there's no doubt about the publisher of that data.
When the trust anchor (private KSK) is in the hand of the attacker, the publisher changes, and reverting back to the original publisher is and administrative procedure which requires 3th parties (parent, TAR's, etc.) to come into action with out of band verification methods.
This off course beside the point you already made, and that is that when an attacker has the keys, he can publish false data in specific caches that the world will see as valid entries without the original publisher of the data ever seeing this, or being able to detect and correct this.
Stealing keys will lose trust in the publisher, where access to the unsigned zone data "only" affects the (technical) data that the publisher is able to detect and correct easily.
Technical Policy Advisor SIDN
Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands
P: +31 26 3525500 F: +31 26 3525505 M: +31 6 23368970
mailto:antoin.verschuren at sidn.nl xmpp:antoin at jabber.sidn.nl http://www.sidn.nl/
> -----Original Message-----
> From: opendnssec-user-bounces at lists.opendnssec.org [mailto:opendnssec-
> user-bounces at lists.opendnssec.org] On Behalf Of Ville Mattila
> Sent: Tuesday, October 27, 2009 9:09 AM
> To: opendnssec-user at lists.opendnssec.org
> Subject: [Opendnssec-user] Why protect keys with a hardware HSM?
> Importance: Low
> Why should one bother setting up a hardware HSM for OpenDNSSEC signer
> to protect zone/key signing keys?
> Consider attacker trying to forge a signed zone. He gains root privileges
> on OpenDNSSEC signer host and modifies the incoming yet-unsigned zone
> data before the records are fed to HSM for signing. Thus root access
> (and the user processing incoming unsigned zone) on OpenDNSSEC signer
> host must be secured very carefully regardless of whether one is using
> hardware or software HSM. Right?
> Keys must, of course, be well protected and hardware HSM does that
> better than software (because of far more restricted physical/software
> access methods?). But what are the signing keys in general good for
> from attackers point of view? Use them for poisoning a resolvers cache
> with e.g. the well known Kaminsky method? Anything else?
> Ville Mattila, System Specialist, Funet network, CSC
> PO Box 405, FIN-02101 Espoo, Finland, fax +358 9 457 2302
> CSC is the Finnish IT Center for Science, http://www.csc.fi/, email:
> ville.mattila at csc.fi
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
More information about the Opendnssec-user