A lot of deployment of Active Directory Certificate Services is never deployed with an Hardware Security Module (HSM). Now this does not have to be a problem depending on the use of the issued certificates. In some deployments however it can be a serious security risk not to incorporate a HSM into the design.
What is a Hardware Security Module
A HSM is a computing device which can generate, store and safeguard digital keys. For
example private keys of certificates. Usually these devices come in the form of an appliance or a PCI card. There are some examples of USB type HSM to be found. Since these devices almost always fulfill apparently a critical role within an security solutions they are typically certified to recognized standards such as Common Criteria and FIPS 140. Furthermore, a lot of these devices have tampering protection which can go as far as deleting all information stored in the HSM when tampering is detected.
Why would you require an HSM.
A Couple of years back there was a problem with a public certificate provider. There was a breach where apparently the root certificate was stolen and false certificates where being issued to services that weren’t to be trusted but appeared trusted at the time. To say this was a bad thing isn’t even scratching the surface.
Using an offline Root Certificate Authority (CA) can be a great help in keeping the certificate chain safe, but remember that on issuing CA ’s without a HSM an account with administrator privileges will be able to issue certificates. He will also be able to export a certificate with the private key, and even make that exportable. Thus creating a certificate that, in theory, can be used anywhere without any control over it.
An HSM stores and guards the private key, so even if someone with an administrator account logs onto an issuing or even a root CA, he or she (yes, she…) need to unlock the HSM first before they can issue a certificate. You can even set up the HSM to require more that identity set to unlock it. This will ensure that no one person can go and create certificates.
For an organization to validate their need for the use of HSM’s the following question is important:
What would be the cost of the worst case scenario when your Public Key Infrastructure was compromised?
If the number from that question was higher then say the price of an HSM wouldn’t that make a compelling argument to use HSM’s?
If your organization makes use of a PKI (or any cryptography) for any security reason I would recommend a HSM. Even if it’s just to make sure the private key of your only root CA never leaves the datacenter.
Are there alternatives
There aren’t really alternatives. The only alternative you have is an offline network. You will know all the data is in that network and can’t get out. You will also need to lock down things like USB ports and such to prevent any form of data going in or out of it. Everything considered it’s sound like a crappy solution to me.
Fortunately HSM’s don’t need to be super expensive. You can go from €50 to €50000 when
HSM’s are considered. Off course the more expensive they are the more powerful their cryptographic capabilities become. For simply hardening your security of you CA in a small organization a USB solution may suffice.
Legislation
I am not an expert on the subject of law enforcement. But considering the recent case of the FBI versus Apple there might be some legislation considering encryption. It is a good thing to keep in mind that you want to check you are not breaking the law by accident but on purpose.
Concluding
If you use a form of cryptography for security solutions within your organization please consider hardening security with a Hardware Security Module. I do not want to exaggerate but in some cases a compromised security solution such as a Public Key Infrastructure can even compromise the safety off peoples lives.
Keep your environment safe, lives may depend on it 😀