Hi Mike,

 

Thales Luna USB G7 HSM is a standalone hardware cryptographic module. The cryptographic module is contained in its own enclosure that provides physical resistance and tamper-evidence. Any tampering that might compromise a module's security is detectable by visual inspection of the physical integrity of a module.

Within the plastic enclosure, a hard opaque epoxy covers the circuitry of the cryptographic module. Attempts to remove this epoxy will cause sufficient damage to the cryptographic module so that it is rendered inoperable.

My ideal is that damage to the cryptographic module renders the key material unrecoverable and its unclear that 'inoperable module ' ~= 'unrecoverable key material'.  From the description of the module, I would assume that the key material is stored in persistent flash or similar storage.  It appears from the HSM description that an unpowered unit has no means to wipe its persistent storage.

Most similar systems (e.g. smart cards) do something like encrypting the keys under a PUF or a per device generated global key, but its possible that, with enough dollars, an attacker could either cause the device to emit the key, or make the key usable in some fashion. 

Other HSMs in the same field (e.g. the Luna K7) support the erasure of this key encryption key on tamper.  I'm kind of curious why you settled on this model rather than something with a bit more active protection.  Here's the public policy document related to the L3 certification.  https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf. Note that both the USB version above and this K7 talk about L3 + EFP.  Interestingly, EFP means different things to different modules.  

I did see the offhand comment about batteries being a single point of failure in the document you pointed to below... that was the single comment about active tamper. I hope the actual decision document spent more time on tamper than this.

 

The module is designed to sense and respond to out-of-range temperature conditions as well as out-of-range voltage conditions. The temperature and voltage conditions are monitored in the power-on state. If the module senses an out-of-range temperature or over voltage, the module will reset itself, clear all working memory and log the event.

This is generic fuzzing protection.  It's good, sort of mandatory to be taken serious, but not unique.  Credit cards have this. Unclear from the Luna HSM website if the module will zeroize itself under certain conditions.

 

The module is accessed directly (i.e., electrically) over the USB interface. It also has an LCD touchscreen for displaying system status.

 

It has a small internal backup battery (3.6V) that is only used to power the module's real-time clock.

Let's say the battery gives out in 5 years.  Does this have any effect on the signing process?   Does the RTC of the HSM module feed into the signature process?   What functionality of the HSM, if any, is affected by the presence or failure of the RTC.?

 

The HSM will be stored in a Secure Transport Mode (STM). a random string and a fingerprint of the internal state of the module is output from the module. The fingerprint is a SHA2-256 digest of the random string, module CSPs, firmware, module configuration information, and non-volatile memory. Only the HSM Security Officer (SO) credential can put the module into STM and take it out of STM.

When in SecureTransportMode - are any of the keys super-encrypted?  E.g. if it's stored in STM, is the key internally in a form that does not require decryption by the CO credentials?  In other words, is this a policy wrapper to the key material or a cryptographic wrapper?  

What happens if the CO credentials are lost or stolen?  Are they kept with or near the HSM?

 

Additionally, the HSM will be stored in a Tamper-Evident Bag (TEB) inside of the safe.

That's useful.  Are the TEBs serialized?  How and where are the serials recorded and is that record immutable?  What is the process for verifying the non-tamper status of the bag?

Thanks for the previous answers - unfortunately they prompted the above questions. 

I have read the document whose link you provided below...

Later, Mike

 

More information about the analysis of the HSM selection can be found here https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf

This goes into detail outlining the differences between the FIPS security levels, tamper monitoring levels, etc.

 

Responding to your specific questions:

 

Is there an internal battery?

• Only the small internal backup battery (3.6V) is used to power the module's real-time clock.

 

Is it replaceable?

• No

 

How often does this USB HSM need to be plugged into power to maintain the internal battery?

• Doesn't have an internal battery to power the cryptographic module.

 

What happens if you leave it in a safe for a year - or alternately, how long can the unit remain unplugged before it wipes its keys?

• The keys will remain in the HSM as long the HSM is not tampered.

 

What's the lifetime of the battery before replacement?

• There is no battery to power the cryptographic module that needs replacement.

 

Best regards,

--

Andres Pavez

Cryptographic Key Manager

 

On 2/29/24, 10:21, "ksk-rollover on behalf of Michael StJohns via ksk-rollover" <ksk-rollover-bounces@icann.org on behalf of ksk-rollover@icann.org> wrote:

 

Hi -

 

The product brief for the Luna USB G7 doesn't provide a lot of data.  The previous HSM provided level four hardware protection - e.g. a tamper perimeter and the ability to zeroize the keys if someone tried to decap the thing.  That's almost entirely dependent on having a constant power source - usually a three stage line/battery/capacitor model.

 

On the PCI cards, there's a Li ion battery - a rather large one - on the card just in front of the tamper covered HSM engine.  See https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm

 

The older luna USB HSM had a battery compartment - I can't see one on the images I've been able to find of the current one.  It was also a most Level 2 device with L3 security.

 

My questions are these: Is there an internal battery? Is it replaceable? How often does this USB HSM need to be plugged into power to maintain the internal battery?  What happens if you leave it in a safe for a year - or alternately, how long can the unit remain unplugged before it wipes its keys?  What's the lifetime of the battery before replacement?

 

Later, Mike

 

 

 

 

On 2/28/2024 7:20 PM, James Mitchell via ksk-rollover wrote:

ICANN has announced the schedule to generate the next KSK.

 

Generating a new KSK restarts the process announced last year, which was suspended after it was identified that a supplier of key equipment used to store the KSK (known as a Hardware Security Module, or HSM) would be exiting the business during the expected lifespan of the new KSK.

 

The next KSK will be generated on new Thales Luna USB G7 HSMs.

 

The announcement and information regarding the new HSMs is published at https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en.

 

James Mitchell

IANA

 

_______________________________________________

ksk-rollover mailing list

ksk-rollover@icann.org

https://mm.icann.org/mailman/listinfo/ksk-rollover

_______________________________________________

By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.