Last updated: 30 March 2018
Trustico’s SSL (Secure Sockets Layer) certificate and private key breach is certainly unique in the way it played out, but unfortunately, the type of breach is not. The problems surrounding SSL and TLS (Trusted Layer Security) private key security for SSL/TLS certificates have already been experienced in the larger PKI space where the security of a single private key can impact the trust placed in thousands, if not millions, of certificates in use cases such as code signing, database encryption and the Internet of Things (IoT).
In order to keep websites secure, organizations rely on SSL/TLS certificates to enable secure online transactions. Securing SSL/TLS keys and certificates means a secure website and ultimately a safe experience for customers. In the case of Trustico, an SSL Certificate Provider, it appears that the certificate private keys were archived so that they were available to the company’s CEO rather than being stored isolated and under the customer’s control. Furthermore, Trustico then emailed the SSL private keys to DigiCert, compromising 23,000 websites and customers.
It’s All About Control
The Trustico breach could have been avoided had customers been in control of their crypto keys. In this case, customers allowed Trustico to generate the private keys on their behalf, ultimately handing over control. With the Enterprise transitioning to the cloud, and the increase in “as a service” consumption, service providers are managing more and more responsibilities on behalf of customers, but the one thing that should never be handed over is control of those keys.
HSMs — A Proven Solution for SSL/TLS Private Key Security
Hardware Security Modules (HSMs) offer protection for digital credentials. By generating, storing and using your keys in the safe confines of an HSM you can ensure that you own your encryption keys, know their whereabouts at all times, and remain in control.
Here are the top 3 security tips an Enterprise can take to ensure they don’t end up in the same situation as Trustico, and confirm customer controlled protection of digital credentials:
1. Always generate your private keys in hardware: HSMs provide centralized, secure generation of SSL and TLS private keys, preventing their compromise by adding the assurance of hardware-secured FIPS (Federal Information Processing Standard) 140-2-validated key management, to secure websites. HSMs create a tamper-resistant environment to perform cryptographic processes, and act as a hardware root of trust be it on-premises, private, public, hybrid or multi-cloud.
2. Always store your private keys in hardware: tamper-resistant physical designs, coupled with strict operational policies, ensure that direct physical attacks and attacks from trusted insiders are negated. HSMs help you achieve regulatory compliance while reducing legal liabilities and eliminate the risks associated with storing private keys in a more vulnerable software repository.
3. Always use your private keys in hardware: by providing physical and logical isolation of key materials from the computers and applications that use them, HSMs make it almost impossible to extract key materials through traditional network attacks or software implementation flaws such as Heartbleed.
Gemalto SafeNet Luna HSMs
SafeNet Luna HSMs provide a centralized, multi-layered security approach to generating SSL/TLS private keys. This approach includes the secure generation of FIPS and Common Criteria-certified private keys with a strong entropy source, all within the safe confines of a high-assurance, hardware-secured FIPS 140-2-validated appliance.
Third-party HSM Validation
Given the burden of trust riding on SSL and TLS private key security, strict validation and certification standards have been implemented by various government bodies to provide base criteria for the evaluation of HSMs. The most common standards are the National Institute of Standards and Technology (NIST) FIPS 140-1/140-2 validation, and the multinational Common Criteria certification. Certification standards provide a starting point for good HSM design by providing objective, third-party evaluation of the efficacy of an HSM’s ability to protect private keys through stringent hardware, software, and operational design criteria.
Lesson Learned: Don’t Trust Others to Generate and Store Your SSL/TLS Private Keys
Due to the high stakes surrounding the security of SSL/TLS private keys and certificates, Enterprises alone are responsible for protecting the confidentiality, integrity, and availability of their own website and data. With such a great responsibility, it is crucial to always secure and control the SSL/TLS private keys that back SSL/TLS certificates.