Editors note Following several requests we’re considering making our PIHSM available, and we’re trying to gauge interest. So if you’re interested, let us know and we’ll see what we can do for you.
For our main demonstration, we’ll be showing how you can use our Cryptosense Analyzer to audit, configure and secure an HSM interface. To simulate the variety of PKCS#11 HSMs on the market, we built our own HSM from a Raspberry Pi, which we call the PiHSM. Designing and building the PiHSM was kind of fun and this blog post shows how we did it.
The main idea is to have a PKCS#11 daemon on the Raspberry Pi and access it from the network. The daemon can be configured, so that our visitors can play with the PiHSM to try and find safe configurations, i.e. ones for which Cryptosense Analyzer cannot find any attacks.
This architecture raises several questions:
- what software should run on the PiHSM to provide a PKCS#11 interface?
- how should Cryptosense Analyzer connect to the PiHSM?
- how can the user configure the PiHSM?
Opencryptoki provides an open-source PKCS#11 simulator. We were able to compile and run it on the PiHSM. To simulate configuration options, we modified Opencryptoki to have a number of boolean flags that change its behavior. The boolean flags are read from an environment variable.
For instance, we made it possible to prevent the use of C_CreateObject, which allows an attacker to import his own keys. Obviously this alone is not enough to prevent all attacks; only a few combinations of our flags result in a safe device.
The next issue is: how can applications running outside the PiHSM access Opencryptoki, which is inside the PiHSM? PKCS#11 applications load PKCS#11 drivers (DLLs). How those drivers speak with the device is vendor-specific.
We engineered a PKCS#11 client DLL which transfers each PKCS#11 call
through the network to a server. The server executes the call using
a local PKCS#11 DLL and transfers the result back to the client. The
client DLL reads this result and returns it to the application.
Our remote PKCS#11 software would work with any P11 DLL, but we’ll be using it to communicate with Opencryptoki using the Opencryptoki DLL.
We want the PiHSM to be standalone. Once we power it on, we should not
need a keyboard or a screen or even an SSH connection. This makes it more… HSM-like. It is a black box. But we still need to be able to change the configuration options.
Our first idea was to connect some buttons to the GPIO port:
but we eventually settled for an LCD screen from Adafruit. The screen
is mounted on a plate with 5 buttons. It is natural to use 4 of those
buttons as arrows to navigate in a menu.
The LCD requires some soldering. Interestingly, the Adafruit
assembly guide says “We’re almost done” after the 29th soldered pin.
Well there are “just” 90 other pins left to solder after that.
Here is a picture of the LCD screen:
It nicely plugs into the GPIO port of the Raspberry Pi. The result is
Configuring the PiHSM
After the LCD screen was soldered I of course immediately wanted to
play with it. The LCD comes with a Python script which demonstrates
how to print characters and read the buttons. From there, it was quite
easy to write a daemon. This daemon lets the user navigate in a menu
on the LCD screen to change the configuration. From the menu, one can
also restart Opencryptoki and our remote PKCS#11 server to apply the
changes, and one can shutdown the PiHSM.
I made sure to choose nice background colors to take advantage of the
RGB LED of the LCD. If a flag is on, the background is green:
If it is off, the background is red:
Come to the conference if you want to see more colors!
We have a working PiHSM! The main drawback is performance. For our demo, we’ll mostly be using symmetric keys as RSA key generation and private key operations take too long, but this still allows us to demonstrate the power of the Analyzer.
Don’t be fooled by the PiHSM LCD screen which states that it is the “most secure HSM”. It wouldn’t resist any physical attacks. But it is much easier to fly from Paris to San Francisco with our PiHSM than with an actual HSM.
To find out more about the Cryptosense approach to securing PKCS#11, read our free PKCS#11 security whitepaper.