Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Secure your SSH Keys! Motivation and practical implementation of a HSM-based approach securing private SSH-Keys

: Plaga, S.; Wiedermann, N.; Hansch, G.; Newe, T.

Josang, A.:
17th European Conference on Cyber Warfare and Security, ECCWS 2018 : Oslo, Norway 28 – 29 June 2018
Red Hook, NY: Curran, 2018
ISBN: 978-1-91121885-2
ISBN: 978-1-5108-6604-1
European Conference on Cyber Warfare and Security (ECCWS) <17, 2018, Oslo>
Fraunhofer AISEC ()

Reliable authentication of entities is the baseline for secure communications infrastructures and services. While traditional password authentication is still widely deployed, while alternatives based on asymmetric cryptography are also available and provide an increased level of security. On the client-side, however, secret keys are often unprotected. Although constantly updated workstations are considered to be trusted environments, security breaches such as Spectre or Meltdown raised doubts in platform integrity. The presented work introduces realistic attack vectors which can be employed to extract cryptographic keys from workstations. Consequently, Hardware Security Modules (HSMs) are introduced which provide secure storage as well as secure utilisation of private cryptographic keys. Due to the huge amount of possible application scenarios, the paper focuses on an application scenario based on the widely used Secure Shell (SSH) protocol. Demonstrating that an impro ved level of security is not necessarily directly linked to costs, a rough summary of interesting Commercial off the Shelf (COTS) devices is provided.