0

We are planning to deploy HSM with our application. The solution we are thinking is :

  • Mobile applications talks to server application,
  • Server application talks to HSM for authentications, encryption, decryption

Clients are mobile application(Android, J2ME etc.) which communicates with server application. Every transaction from mobile application to server and vice-versa have to secured through encryption. Currently what we do is (without HSM), on client registration we generate a symmetric key and permanently store onto mobile device, server and then encrypted conversation goes on.

Now, we want to do employ session keys. No permanent symmetric key. The flow we have thought for key generation and distributions:

  1. On client registration, mobile app generates a public-private key pair and sends CSR(Certificate Request) to server
  2. HSM through Server signs certificate with it's root private key, sends signed certificate and it's own certificate back to client. Here, we may consider storing public keys for each client in HSM.
  3. On start of each session, client would be given a session key wrapped in it's public key. We would be storing session key temporary on HSM against each client for encryption decyption.

Is it looking fine ? Can anyone suggest what's standard for such kind of scenario?

Martin Thorsen Ranang
  • 143
  • 9
Ravi Khakhkhar
  • 59
  • 1
  • 6

2 Answers2

2

I don't understand the advantage of using certificates here. I think one solution for your problem is to deliver your mobile app with the public key of your server. The client and server can then establish a session key as follows:

  1. Client encrypts a random nonce with the server's public key.
  2. The server can decrypt this nonce wih its private key.
  3. Client and server can now derive a session key from the nonce.

Don't forget to use something like a MAC to ensure integrity of the ciphertexts. Without it an attacker could manipulate the ciphertext which could be decrypted to plausible plaintext.

DanielE
  • 701
  • 4
  • 10
2

It's not clear what actually do you want to protect using HSMs. Don't just use them for the sake of using them.

Generating client certificates on-demand is not really providing any security in your flow. If you want to ensure trustworthiness of a client, you need to have pre-installed certificates on clients which you can verify on a connection.

In a typical scenario, generally you would like to use HSM to protect server private keys. I think for your needs, any SSL connection between the client and the server, with the server private keys stored on HSM will serve the purpose. You can add client-authentication and what-not based on your needs.

There's no security advantage in storing public keys on HSM, they are PUBLIC keys. There's no huge advantage in trying to secure session keys on HSM. They exist for only a session.

esmeagol
  • 21
  • 2