Failed Login Attempts

The consequences of multiple failed login attempts vary by role, depending on the severity of the security risk posed by that role being compromised. This is a security feature meant to thwart repeated, unauthorized attempts to access your cryptographic material.

NOTE   The system must actually receive some erroneous/false information before it logs a failed attempt, like an incorrect password -- if you merely forget to insert a PED key, or inserted the wrong color key, that is not counted as a failed attempt. You must insert an incorrect PED key of the correct type, or enter an incorrect PED PIN or challenge secret, to fail a login attempt.

>Failed HSM Logins

>Failed Partition Logins

>Failed Domain or RPV Authentication

Failed HSM Logins

At the HSM level, multiple failed logins have the following consequences:

HSM Security Officer

If you fail three (3) consecutive HSM SO login attempts, application partitions are destroyed, the HSM is zeroized and all of its contents are rendered unrecoverable. The number is not adjustable. As soon as you authenticate successfully, the counter is reset to zero.

Auditor

If you fail ten (10) consecutive Auditor login attempts, the Auditor role is locked out for ten minutes.

Failed Partition Logins

At the application partition level, multiple failed logins have the following consequences:

Partition Security Officer

If you fail ten consecutive Partition SO login attempts, the partition is zeroized and all cryptographic objects are destroyed. The Partition SO must re-initialize the partition and Crypto Officer role, who can restore key material from a backup device.

Crypto Officer

If you fail ten consecutive Crypto Officer login attempts, the CO and CU roles are locked out. The default lockout threshold of 10 is governed by partition policy 20: Max failed user logins allowed, and the Partition SO can set this threshold lower if desired (see Partition Capabilities and Policies). Recovery depends on the setting of HSM policy 15: Enable SO reset of partition PIN:

>If HSM policy 15 is set to 1 (enabled), the CO and CU roles are locked out. The Partition SO must unlock the CO role and reset the credential (see Resetting the Crypto Officer or Crypto User Credential).

>If HSM policy 15 is set to 0 (disabled), the CO and CU roles are permanently locked out and the partition contents are no longer accessible. The Partition SO must re-initialize the partition and the Crypto Officer role, who can restore key material from a backup. This is the default setting.

CAUTION!   If this is not the desired outcome, ensure that the HSM SO enables this destructive policy before creating and assigning partitions to clients.

Crypto User

If you fail ten consecutive Crypto User login attempts, the CU role is locked out. The default lockout threshold of 10 is governed by partition policy 20: Max failed user logins allowed, and the Partition SO can set this threshold lower if desired (see Partition Capabilities and Policies). The Crypto Officer must unlock the CU role and reset the credential (see Resetting the Crypto Officer or Crypto User Credential).

Failed Domain or RPV Authentication

If you fail an attempt to authenticate a cloning domain or Remote PED Vector, the consequences are less severe:

Domain

The operation fails. Usually this would be an attempt to back up or restore partitions. Reattempt with the correct domain authentication secret.

Remote PED Vector

The Remote PED setup operation fails. Reattempt with the correct RPV authentication secret (orange PED key).


Customer Support Portal

SafeNet Luna PCIe HSM 7.3 Product Documentation  13 December 2019  Copyright 2001-2019 Thales. All rights reserved.