1

I'm a noob in data security area and I'm working on PoC for an app for managing some files. Now these files might be anything from a leave of absence form to potentially confidential agreements. Being a noob I did advise my team that we should hire a security expert and/or have a security audit once PoC is complete.

The problem I want to store encrypted files in a decentralized manner. I'm using IPFS for that. But since the files are encrypted I need to store encryption keys securely.

Current solution I've implemented envelope encryption of encryption keys by means of using Hashicorp Vault and it's Transit Engine. So when a file is uploaded by the user a new encryption key (Data Encryption Key - DEK) is generated, the file is encrypted and encryption key is then sent over HTTPS to the machine hosting Vault and encrypted (with Key Encryption Key - KEK). DEK wrapped with KEK is then stored in a central database. I know about existence of HSMs but I don't have access to one at this moment. We do plan to use HSM in the future though (we plan to implement digital signatures, too). At the very least we'll probably move our key management infrastructure to Google Cloud KMS and use HSM level keys.

When a user registers in the app a new entity is created in Vault so that I can leverage ACLs to limit access to the KEKs (which are created per user) only to the specific user.

Questions

  1. First of all, do you think this scheme is secure?
  2. In case this scheme is ok, how much do you think HSM would add to security? (thinking about cost to benefit ratio)
  3. By default Vault's ACLs allow root user to access everything anyway. I would like to limit that so that only user can (after authenticating) access their KEK. How would you go around trust issues here?
  4. The KEKs are managed by us, but do you think there is a better way of doing that? I was thinking password-based key derivation but I'm not sure users would be ready for complications (in cases like forgetting their password).
Piotr Buda
  • 111
  • 1

1 Answers1

1

DEK and KEK are used everywhere and especially in cloud encryption so you are on the good way. You can read from : https://cloud.google.com/kms/docs/envelope-encryption?hl=en

HSM is used to secure the Master Key of Hashicorp Vault, so if you do not have it then you have to put physical procedure to store the Shamir based on the Master Key of Vault when you want to unseal/restore it. If you use an HSM then this key will be stored securely and Hashicorp Vault will be able to restore itself as the key is always available to it.

Edit2: You can use softHSM to simulate the behavior. I have setup a HashiCorp Vault + Utimaco hsm using pkcs#11 library and it works very well. Not sure if utimaco simulator is available to everybody.

Also HSM protects against physical attack, even if an physical hacker server where Vault runs then he will not have the keys and won't be able to restore Vault, he will require to have the HSM. A good reading from vault itself : https://www.vaultproject.io/docs/enterprise/hsm/behavior

Regarding 3. I would recommend to use least privileged and so indeed to restrict root permissions. I haven't used it but HCL like describe here : https://learn.hashicorp.com/tutorials/vault/policies

The quote says simplicity is the ultimate sophistication so keep it simple and then you will see

Edit : last but not least, while using encryption, reminds that if the key is lost then the data also.

Hope it helps

Valentin C.
  • 21
  • 2