TY - GEN
T1 - Secure your SSH Keys! Motivation and practical implementation of a HSM-based approach securing private SSH-Keys
AU - Plaga, Sven
AU - Wiedermann, Norbert
AU - Hansch, Gerhard
AU - Newe, Thomas
N1 - Publisher Copyright:
© 2018 Curran Associates Inc. All rights reserved.
PY - 2018
Y1 - 2018
N2 - Reliable authentication of entities is the baseline for secure communications infrastructures and services. While traditional password authentication is still widely deployed, while alternatives based on asymmetric cryptography are also available and provide an increased level of security. On the client-side, however, secret keys are often unprotected. Although constantly updated workstations are considered to be trusted environments, security breaches such as Spectre or Meltdown raised doubts in platform integrity. The presented work introduces realistic attack vectors which can be employed to extract cryptographic keys from workstations. Consequently, Hardware Security Modules (HSMs) are introduced which provide secure storage as well as secure utilisation of private cryptographic keys. Due to the huge amount of possible application scenarios, the paper focuses on an application scenario based on the widely used Secure Shell (SSH) protocol. Demonstrating that an improved level of security is not necessarily directly linked to costs, a rough summary of interesting Commercial off the Shelf (COTS) devices is provided.
AB - Reliable authentication of entities is the baseline for secure communications infrastructures and services. While traditional password authentication is still widely deployed, while alternatives based on asymmetric cryptography are also available and provide an increased level of security. On the client-side, however, secret keys are often unprotected. Although constantly updated workstations are considered to be trusted environments, security breaches such as Spectre or Meltdown raised doubts in platform integrity. The presented work introduces realistic attack vectors which can be employed to extract cryptographic keys from workstations. Consequently, Hardware Security Modules (HSMs) are introduced which provide secure storage as well as secure utilisation of private cryptographic keys. Due to the huge amount of possible application scenarios, the paper focuses on an application scenario based on the widely used Secure Shell (SSH) protocol. Demonstrating that an improved level of security is not necessarily directly linked to costs, a rough summary of interesting Commercial off the Shelf (COTS) devices is provided.
KW - Hardware security module (HSM)
KW - Security awareness
KW - SSH key
KW - Trusted platform module (TPM)
UR - http://www.scopus.com/inward/record.url?scp=85050797563&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85050797563
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 370
EP - 379
BT - Proceedings of the 17th European Conference on Cyber Warfare and Security, ECCWS 2018
A2 - Josang, Audun
PB - Curran Associates Inc.
T2 - 17th European Conference on Cyber Warfare and Security, ECCWS 2018
Y2 - 28 June 2018 through 29 June 2018
ER -