Secure your SSH Keys! Motivation and practical implementation of a HSM-based approach securing private SSH-Keys

Sven Plaga, Norbert Wiedermann, Gerhard Hansch, Thomas Newe

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Reliable authentication of entities is the baseline for secure communications infrastructures and services. While traditional password authentication is still widely deployed, while alternatives based on asymmetric cryptography are also available and provide an increased level of security. On the client-side, however, secret keys are often unprotected. Although constantly updated workstations are considered to be trusted environments, security breaches such as Spectre or Meltdown raised doubts in platform integrity. The presented work introduces realistic attack vectors which can be employed to extract cryptographic keys from workstations. Consequently, Hardware Security Modules (HSMs) are introduced which provide secure storage as well as secure utilisation of private cryptographic keys. Due to the huge amount of possible application scenarios, the paper focuses on an application scenario based on the widely used Secure Shell (SSH) protocol. Demonstrating that an improved level of security is not necessarily directly linked to costs, a rough summary of interesting Commercial off the Shelf (COTS) devices is provided.

Original languageEnglish
Title of host publicationProceedings of the 17th European Conference on Cyber Warfare and Security, ECCWS 2018
EditorsAudun Josang
PublisherCurran Associates Inc.
Pages370-379
Number of pages10
ISBN (Electronic)9781911218852
Publication statusPublished - 2018
Event17th European Conference on Cyber Warfare and Security, ECCWS 2018 - Oslo, Norway
Duration: 28 Jun 201829 Jun 2018

Publication series

NameEuropean Conference on Information Warfare and Security, ECCWS
Volume2018-June
ISSN (Print)2048-8602
ISSN (Electronic)2048-8610

Conference

Conference17th European Conference on Cyber Warfare and Security, ECCWS 2018
Country/TerritoryNorway
CityOslo
Period28/06/1829/06/18

Keywords

  • Hardware security module (HSM)
  • Security awareness
  • SSH key
  • Trusted platform module (TPM)

Fingerprint

Dive into the research topics of 'Secure your SSH Keys! Motivation and practical implementation of a HSM-based approach securing private SSH-Keys'. Together they form a unique fingerprint.

Cite this