|
Home > |
|---|
The HSM recognizes a number of tamper conditions (including over/under-temperature, physical interference, etc.), and allows you to choose how those are treated. The options range from simple reporting of an event in the HSM log, to temporarily (or even "permanently") disabling the HSM. In addition, the tamper function has been expanded to include Secure Transport Mode (STM) for ultimate security when shipping or storing your Luna HSMs. The advanced tamper features and ability to set STM are reserved for PED-authenticated Luna HSMs.
The use of purple PED Keys is optional unless your security policy dictates that tamper events must require a response from the HSM Admin.
The use of Secure Transport Mode (STM) is optional unless your security policy dictates that level of preparation before shipping or storage of the HSM.
If you wish to invoke Secure Transport Mode before shipping (or storing) a Luna SA HSM, you must enable the Secure Recovery Key (SRK). The SRK moves one of the two recovery splits (secure recovery vector or SRV, used to recover the Master Tamper Key in case it is destroyed by a tamper event or by STM ) out of the HSM and imprints it onto a purple PED Key.
Those actions are described in detail elsewhere.
Due to its nature, the purple PED Key (and its contained secret) behaves differently, in some respects, than all the other PED Keys.
•You choose to use this feature to enhance security during shipments or to enforce certain responses in case of physical tampering of the Luna SA (once again, it is optional - you can use all other features of the HSM without ever invoking a purple PED Key). You must put safeguards in place to ensure that the SRK does not go missing - without the purple PED Key, you cannot recover from STM or a tamper event, and must ship the HSM back to SafeNet for remanufacture.
•One of the safeguards that you can use is to make copies of the SRK at the time it is generated (*). If one of the copies is lost or destroyed, you can still recover the HSM.
•Another safeguard might be to extract the SRV onto multiple SRK splits (M of N greater than 1) rather than just one. If one of the N splits is lost or destroyed, you can still recover the HSM if you can locate quantity M of the remaining splits.
•As a safeguard against loss of the purple key in shipment, you do not need to ship the SRK to the site where the HSM is being installed. You can use Remote PED to perform the recovery from Secure Transport Mode.
Unlike all other PED Keys, the purple PED Key cannot be duplicated via Luna PED's stand-alone duplication facility in the PED's Admin menu. If you attempt to do so, the PED insists that the source key you have presented is blank, and does not continue. Therefore, if you expect to need more than one copy of the SRK, you must make those duplicates when the SRK is created - either at hsm srk enable or at hsm srk keys resplit.