How secure is SSL private key in AWS ELB service?

Question

We host a cluster of microservices on AWS. The cluster has a public-facing gateway that uses an Elastic Load Balancer to terminate SSL traffic. The certificate is issued by AWS Certificate Manager (ACM).

One of our clients is concerned about the wildcard: they say that in the unlikely but not impossible event of leaking the SSL private key, the attacker could create a website with an arbitrary subdomain using this certificate.

While this is certainly true, the question is how likely is this to happen? I've read ACM Private Key Security by AWS, which explains how the private key is stored and handled. It is stored in KMS, which is sufficiently secure, as it stores all cryptographic keys in certified HSMs (this is explained in KMS Cryptographic Details whitepaper). However, I couldn't find any information about the security of ELB service, who gets the decrypted SSL private key as a service, integrated with ACM. Is there any official documentation from AWS on it or any other reasoning on why this approach is secure enough?

Of course, the concern could be resolved by replacing the wildcard a fixed list of FQDNs, but it would create unwanted maintenance overhead in case a subdomain is added or removed (this happens quite often).

If AWS certs got stolen that way, your client concerns would be the least of your worries — Felipe Pereira, Jan 10 '19 at 15:23
I wholeheartedly agree with you, but I need something more formal to respond :) — Vlad Nikiforov, Jan 10 '19 at 23:21
If you can't find a nice quote from the documentation, maybe @colmmacc on twitter can help you. — Z.T., Feb 04 '20 at 16:56

score 0 · Answer 1 · answered Jan 10 '19 at 15:46

The risk of *.domains is common in situations where HSMs are not being leveraged. Any other solution is storing the private key on a hard disk which can be recovered through a multitude of means; even when the OS GUI indicates it is not possible. However, that's not how you have your system configured which is awesome.

HSMs are a oneway certificate management solution. You can generate keys within the HSM and you can ask for signing from HSMs but you cannot retrieve your key from the HSM. Even better, a physical attacker cannot even produce a credible threat against an HSM as they are designed to literally fry themselves if any physical tampering is attempted. I have known some that were designed to fry if the ground shook to hard.

As such, a *.domain key within an HSM is very secure. Your private key will always be protected and cannot be exposed. The only known attack against a private key would be if the HSM happens to be running a known impacted infeneon random generator chip. You could even test your pubic key here to determine if your private key is at risk:

https://keychest.net/roca#/

For what its worth, I highly doubt Amazon would keep any HSMs in rotation that were known to contain a vulnerability that totally defeats the HSM purpose. It would not be a good business model for the world's premier cloud solution.

In summation, because you are using an HSM to generate and store your key, your SSL key is safe. However, if you chose to generate your own key off of the HSM for any purpose, you may risk theft of your key and allow attackers to create an approved sub domain as you were initially warned.

How secure is SSL private key in AWS ELB service?

1 Answers1