Crypto Hypervisor:
A Secure Platform for Encryption that Fits the
Cloud Model
Insert Your Name
Insert Your Title
Insert Date
Who We Are
Trusted to protect the world’s most sensitive data for
the world’s most trusted brands.
We protect the most
money that moves in
the world, $1 trillion
daily.
We protect the most digital
identities in the world.
We protect the most
classified information
in the world.
FOUNDED
OWNERSHIP
1983
Private
REVENUE
GLOBAL FOOTPRINT
~330m
+25,000
Customers in
100 countries
EMPLOYEES
ACCREDITED
+1,400
Products certified
to the highest
security standard
In 25 countries
A Hardware Security Module is…
…a dedicated Hardware crypto
processor…
…designed for Hardware protection
of the crypto key lifecycle…
…validated to be secure by third
parties…
…a “Trust Anchor”…
Crypto Hypervisor uses Hardware Security
Modules as the hardware platform
Dynamic Crypto Resource
Crypto Hypervisor
Hardware Security Module
4
Crypto Hypervisor Extends the Capability of HSMs to
Fit the Cloud Model
NIST1 Cloud Definition of
Essential Characteristics
Legacy
HSMs
NIST1 Cloud Definition of
Essential Characteristics
Crypto
Hypervisor
On-Demand Self-Service
No
On-Demand Self-Service
Yes
Rapid Elasticity
No
Rapid Elasticity
Yes
Measured Service
Yes
Broad Network Access
Yes
Resource Pooling
Yes
Multi-Tenancy2
Yes
Measured Service
Broad Network Access
Resource Pooling
Multi-Tenancy2
1.
2.
Some
Yes
Some
No
National Institute of Standards and Technology
Multi-Tenancy is an essential characteristic added by the Cloud Security Alliance
5
Crypto Hypervisor:
Designed for operational cloud model
1
On-demand
crypto delivery
6
Apps can now
migrate to cloud
2
Self-service
portal for users
5
Part of “New
VM Rollout
Process”
3
New crypto services
spin up easily
4
Encryption now a
cloud enabler
6
Three things to know about Crypto Hypervisor
Built for the cloud
• Shared resource pooling, rapid elasticity and multitenancy
• Can reduce capital costs up to 95%
Lower TCO
• Take advantage of virtualization
• Deliver high-assurance cryptographic resources in a
fraction of the time
• 5 minutes, not 5 hours
Centralized control
• Strong auditing capabilities
• Compliance in the Cloud
• Ensure enterprise-wide consistency of crypto policy
7
Use Case: Enterprise
BEFORE:
 Encryption protects many apps
 Islands of encryption
 Problems:
 Costly
 Complex mgmt/admin
 Requires expertise to deploy
crypto
 New encrypted app rollout is
inefficient
DNSSEC
SSL
© SafeNet Confidential and Proprietary
Database
Email
AFTER CHv:
 CHv: platform for all encryption
 Consolidated to CHv-managed virtual
HSMs
 Benefits:
 Cost savings (hardware)
 Simplified mgmt/admin
 Policies enforced consistently
 New encrypted app rollout is fast
(minutes vs. hours)
Code Sign
8
Solution Highlights
 Host Trust Link (HTL) securely binds virtual applications to dynamic crypto
resources
 Prevents Stolen VM from Accessing Critical Assets
 Crypto Command Center



Simplifies HSM management, through Abstraction of HSM Hardware
Publish Catalogs for on-demand service
Separation of roles/responsibilities in multi-tenancies
 Built on proven platform



Availability: Five 9’s uptime, robust high availability
Validated Security: FIPS 140-2 Level 3 and CC EAL 4+
HW Trust: Keys remain in Hardware!
 Who/What/When Auditing and Logging

Configurable based on your Organizational needs
 Control: Unique Roles for Security in Multi-tenant Environments.

System administrators: manages physical devices (appliances, expansion cards,
etc.), and provision access to resource catalogues for users.

Consumer/User: manage crypto applications that consume crypto services. Own their
HSM resource when ‘leased’.
9
What’s in the Crypto Hypervisor
SafeNet Luna SA 5.2
HSM
Crypto Command Center Bundle
Includes:
• Crypto Command Center Software
• SafeNet Luna G5
• Local PED II
• PED II Keys
Crypto Command Center
SafeNet PED II
SafeNet Luna G5
Feature: Crypto Command Center
11
What is Crypto Command Center?


System (SW) to automate the provisioning of HSM resources
Abstracts the management of HSMs from the end user

Administrators
•
•
•
•
•

Consumers/Users
•
•
•
•

Manage the crypto for your company
Manage the physical HSM devices
Determine what crypto services are offered
Create a catalog of services for end users
Manage who has access to those services
Manage crypto applications that consume crypto services
Own their HSM resource when ‘leased’
Request and release use of HSM resources from catalogues
Always in control of their keys!
Implements REST-ful API or GUI (web based) interfaces (Next Release)
12
Why Use Crypto Command Center?

Trust
•

Save Money
•

Remove the Management burden
from your Application owners
Scale
•

Leverage the HSM resources to
their Fullest
Ease of Use
•

Centralize your Organizations
Cryptographic Trust
HSM Infrastructure that Scales as
your demand grows
Enforce policy and Governance
•
Provide Cryptographic Trust
Anchors that enforce centralized
corporate policy and governance
13
Crypto Hypervisor Enables Crypto as a Service
either on Premise or in the Cloud!
Consumer
Crypto Admin
Crypto
Command
Center
SSH
Crypto
Application
+
Luna Client
Luna SA
Device Pool
Feature: Host Trust Links
15
Host Trust Link
 What is it?
• “Host Trust Link”
• Works on Virtual Machines and traditional OS systems
 Why Use it?
• Trust
• Virtual Machines are meant to be portable
• HTL protects against a Stolen VM accessing your HSM
resources
• Ease of Use
• Built into HSM client registration process
16
VM is Stolen…VMs with “HTL” Host Trust Link
•
•
•
•
Prevents theft of an at-rest VM image
Connection to the SA is authorized by a one-time token
Includes a step counter that must sync with the SA
NTLS depends on an active HTL connection
HSM Client VM
NTLS
X
Access Denied
Luna SA
Today:
• Stolen VM will not be granted access to
SA partition
• Stolen image does not have OTT,
required to establish HTL Link
Feature: Secure Audit Logs
18
Why log?
 Want to be able to Audit all HSM operations
• Who/What/When?
• Was the operation a Success or Failure?
 Want to ensure the Origin of the logs
• Messages come from this HSM
 Want to ensure the Integrity of the logs
• No Alterations
• No Deletions
• No Truncation
Meet Audit and Compliance Mandates
© SafeNet Confidential and Proprietary
19
What Gets Logged – Categories
 Critical
• Tamper, HSM init, Audit init, Zeroize
• Always logged
 HSM Management
• change password, create challenge, change policies
 HSM Access
• Login/Logout
 Key Management
• key creation/deletion
 Key Usage
• use of key for crypto ops (‘First Use Only’ flag)
 External
• CA_LogExternal API messages
 Log Management
• Log management related commands (import/export secret, verify)
© SafeNet Confidential and Proprietary
20
Audit Logging
 Time used for log is UTC
 Audit role has ability to sync time (manually) between
the HSM and CLIENT
 Syslog server can be used
• UDP or TCP supported
• Port can be customized
21
Performance Impact
 Logging requires crypto operations
• Logging serializes command execution
• HMAC calculation
 Tradeoff – performance vs. amount logged
 Reduce impact
• Only log necessary data
• “First Use” modifier for key usage logging
© SafeNet Confidential and Proprietary
22
Other Features
23
Common Client
 Common Client For SA/PCI-E/G5
• One install package
• Choose products/features
• Including remote PED and remote Backup
• Choose APIs
• PKCS#11, Java, JCProv, Microsoft CSP,KSP
• Choose Production or Development
• SDK and samples
24
Common Client
 Enhanced OS Support
•
•
•
•
•
Windows 2008R2, 2012
Linux (RedHat 5, 6, SUSE 10, 11, Debian 6)
Solaris 10,11
AIX 6.1, 7.1
HP-UX 11iv3 (11.31)
25
Remote Backup – High Level Architecture
Client Server
Luna
CM
1 SSH
Crypto
App
System Admin
PED
Server
4
2
3
1. SSH/RDP to Client
2. Setup rPED to SA and
Login to Partition
3. Setup rPED to RBS
4. Lunacm>par backup
Remote
Backup
Server
PED
Client
RBS
Backup
HSM
26
Other
 JCProv
• Java-PKCS#11 API
 Upgradable PED
• Any PED with FW 2.4.0-3 can be upgraded
• Need to upgrade for Audit logging
• Can’t change between Local and Remote PED
27