|
Home > |
|---|
The following table outlines the key differences between PED and password authentication.
| Feature | Password-authenticated HSM | PED-authenticated HSM |
|---|---|---|
| Ability to restrict access to cryptographic keys |
•knowledge of Partition Password is sufficient •for backup/restore, knowledge of partition domain password is sufficient |
•ownership/possession of the black PED Key is mandatory to modify keys, gray PED Key to use without modifying •for backup/restore, possession of both black and red PED Keys is necessary •the Crypto User role is available to restrict access to usage of keys, with no key management •option to associate a PED PIN (something-you-know) with any PED Key (something you have), imposing a two-factor authentication requirement on any role |
| Dual or Multi-person Access Control |
•not available |
•Mof N (split-knowledge secret sharing) requires "M" different holders of portions of the role secret, in order to authenticate to an HSM role - can be applied to any, all, or none of the administrative and management operations required on the HSM •prevents unilateral action by a single actor |
| Key-custodian responsibility |
•linked to password knowledge, only |
•linked to partition password knowledge, •linked to black PED Key(s) ownership |
|
Roles limited to: •Appliance admin (Luna SA only) •HSM Admin (SO) •Partition SO •Partition Crypto Officer •Partition Crypto User |
Available roles: •Appliance admin •HSM Admin (Security Officer) •Domain (Cloning / Token-Backup) •Secure Recovery •Remote PED •Partition Owner (or Crypto Officer) •Crypto User (usage of keys only, no key management) for all roles, two-factor authentication (selectable option) and MofN (selectable option) |
|
| Two-factor authentication |
•not available |
•physical PED Key per role •optional to impose requirement for PED PIN (multi-digit code input at PED keypad), different for each role, can also be different for each legitimate copy of a PED Key |
| Two-factor authentication for remote access |
•not available |
•Remote PED and orange (Remote PED Vector) PED Key deliver highly secure remote management of HSM, including remote backup |
| Location | Authentication can be input locally, or from a remote terminal (RDP, SSH, etc.) | Authentication requires local physical connection, or pre-configured Remote PED link |
| Security and Handling Advantage |
•Easy/quick to change if/when necessary (for personnel change, suspected compromise, etc.). •Can comply with an organization's password-aging policy without hardship. |
• No written record of a complicated password, that might be compromised. •Access and handling of physical devices (PED Keys) can be tracked and controlled (who has, when used, etc.). •Duplication and promulgation can be prevented by physical security measures. •If PED PIN option is used, easy to block view of PED keypad input from bystanders or cameras. •If PED PIN option is used, no exposure of PED PINs outside the PED (does not exist on a bus, is not sent over any communication channel). |
| Security and Handling Disadvantage |
Password vulnerable to •watchers (or cameras) observing password being typed) •secure PWs are obscure and must be written; record must be securely stored •difficult to know who might have seen or been told a password |
•Requires hands-on, physical action by personnel to perform changes of authentication secrets (in case of compromise or in conformance with organizational policy). •Scheduled/mandated "password-change" cycles in an organization can be logistically intensive when HSMs share PED Key secrets. |
| Separation of roles | Not possible to enforce unless secret holders are never allowed to meet or communicate. | Physical and procedural control of physical PED Keys and their handling enforces separation of roles. |