11

As per PCI-DSS requirements, we have to use either HSM (Hardware Security Module), or Key Server to store the KEK (Key Encryption Key).

If I'm storing encrypted DEK (Data Encryption Key) in an App Server, how can I securely store the KEK which encrypts the DEK?

The two options:

  • If I decide to use a Key Server, then if someone hacks the App Server, he could easily gain access to the Key Server. So how to protect my Key Server?

  • If HSM is used for storing the KEK, then if someone hacks my app server, can they hack my HSM too?

Which of the two would be a more secure way, HSM or a Key server?

TildalWave
  • 10,801
  • 11
  • 45
  • 84
nathi
  • 129
  • 1
  • 4
  • Possible duplicate: http://security.stackexchange.com/questions/52236/how-to-implement-pci-dss-requirement-3-5-2/52239#52239 – kiBytes Mar 03 '14 at 10:21
  • @kiBytes I saw that question. But I want to know how to protect key server or HSM? Is that easy to compromise key server or HSM? – nathi Mar 03 '14 at 10:23
  • So, is it your question "how can I protect a server?"? if so the HSM thing is incidental, isn't it? – kiBytes Mar 03 '14 at 10:25
  • @kiBytes I also want to know which is the best way and how to protect it? Someone says HSM is more protective, but how do they say that it is more secure? – nathi Mar 03 '14 at 10:28
  • nathi - can you clarify which question you want answered. And asking for 'best' is not going to work here. You need to state the problem you are trying to solve, so we can help. – Rory Alsop Mar 03 '14 at 11:00

2 Answers2

7

The point of a key server or HSM is to isolate the application from the storage (and potentially usage) of the key. Ideally, you would want to offload and rate limit all cryptography operations to the HSM or Key Server so that the application never has access to the decryption key.

This allows you to do intrusion detections such as rate limits and such to prevent bulk decryption of records if the application server is compromised. The attacker could still queue up records to be passed through the HSM or Keyserver for decryption, however the spike in the rate of requests would start throwing up red flags that a compromise may have occurred.

Either could potentially be more secure since both provide the same type of isolation. A key server provides a higher degree of physical isolation, but depending on implementation, the complexity may leave a larger attack surface. HSMs on the other hand are simpler, but also local. Either way, if properly implemented, only a vulnerability in the interfaces themselves should allow the key to leak.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
1

HSM is built for securing keys and their management but also their physical storage. If someone stole your HSM he must hold the administration cards to manage it and retrieves keys (credentials to access keys).

Key Server is a basic server, if it is stolen then by looking into the hard disk then you will retrieve the keys.

Also, a HSM is built to isolate logicially the keys, meaning even if your application server has been stolen and credentials to use the keys is compromised, all other keys for all other domains/application are not compromised.

Also, an HSM is based on a restricted hardware, with an audited software that has very restricted features to reduce surface of vulnerabilities.

In addition, HSM uses a cryptographic card that owns a real PRNG (pseudo random number generation) meaning keys are unpredicatble and more robust.

Regarding isolation, an HSM must be stored in a separated VLAN in order to restrict access to server that needs to access HSM only. HSM can be used either in local for a dedicated server (like PCIe card), but also on network using LAN appliances.

For me, HSM is the only recommended way to manage keys. Hope it helps

Valentin C.
  • 21
  • 2