Artículo de revista
Building a threshold cryptographic distributed HSM with docker containers
Fecha
2017Registro en:
2017 CHILEAN Conference on Electrical, Electronics Engineering, Information and Communication Technologies, CHILECON 2017 - Proceedings, Volumen 2017-January,
10.1109/CHILECON.2017.8229747
Autor
Muñoz, Caterina
Montoto, Francisco
Bustos Jiménez, Javier
Cifuentes, Francisco
Institución
Resumen
The Domain Name System (DNS) has evolved
to support the exponential growth of the Internet, by
relying heavily on a highly distributed infrastructure.
Nevertheless, trust between server must exist in order to
guarantee correct functioning of the system, which is prone
to attacks and errors. The Domain Name System Security
Extensions (DNSSEC) is the current extension of the DNS
system to provide security constrains to the query process.
DNSSEC key management main impact on DNS operation
has been the use of a monolithic equipment: Hardware
Security Modules.
A Hardware Security Module (HSM) is a specialized
hardware designed to protect keys against logical and
physical tampering or extraction, while providing secure
mechanisms to employ those keys in cryptographic operations
without ever exposing sensitive material. Unfortunately,
the high costs of most HSMs make them a
reasonable solution only for large corporations. Even then,
there is the risk of failures; provisions must then be taken
to replace or recover failed HSMs, further increasing the
overall cost of this technology.
We have presented a distributed signer system based
on threshold cryptography, called Poor Man’s Hardware
Security Module (pmHSM), which provides the signature
components of an HSM over inexpensive commodity
hardware to support the operational signing workflow of
DNSSEC. We did test our virtual pmHSM by using it
to support the operational signing workflow of DNSSEC.
Nevertheless, our solution did not used all the capabilities
of the PKCS11 API and it had a single point of failure.
Thus, we changed pmHSM’s architecture moving part
of it services to the client side and isolating the signer, replacing the previous compile-creation version of the
distributed signers for self-contained and easy to configure
containers. With this change, we aim to build a system
more extensible, usable, and more configurable to the users
needs.