Smartkey Overview

Whenever we write applications, we need to keep our _secrets_ in a single central secure place. These secrets can be your password to your database, your api key, or your cryptographic keys used for signing messages. There are two major reasons why we want to do this. The first one is we want these secrets to be fetched by multiple instances of the application from a single place, instead of duplicating or hardcoding them in the application. This secure place may be a keystore stored in a directory in a file server, but making it reachable across different environments, specially when dealing with software development in the cloud, ultimately becomes a challenge. Nowadays, this is implemented as a service, where it expose endpoints easily accessible to applications for fetching the secrets themselves. Aside from key access, these type of services often offer key management solutions such as key rotation and key revocation. These solutions are sometimes referred as key management services. And most of the time they also provide simple cryptographic operations like encryption and message signing, removing the burden of doing crypto operations from the application, as well as making the operations more secure. We will talk about it later why it is more to do crypto operations inside a secure service than doing them in your application.

Then next major reason is obviously security. How do you secure the secrets from attackers? A simple way is to put the secrets in a password protected keystore. But even if the password is strong enough, the system is unable to avoid sidechannel attacks. And the problem with keystores is they do not scale well, specially if you are going to create a service that would cater potentially millions of secrets or keys. Thus you put the keystore or keys themselves in a modern secure database. This solves the scalability but it won't address side channel attacks, particularly memory timing attacks. A timing attack watches data movement into and out of the CPU or memory on the hardware running the cryptosystem or algorithm. Simply by observing variations in how long it takes to perform cryptographic operations, it might be possible to determine the entire secret key. Such attacks involve statistical analysis of timing measurements and have been demonstrated across networks.

Intel SGX is a feature of modern Intel CPU processors that offers additional protection to your applications running on these CPU. It creates a special area in your RAM called enclave, and applications accessing the protected RAM for doing crypto operations will have more protection against not only side channel attacks, but also from unauthorized illegal RAM access. It is also a cheaper and off the shelf solution compared to hardware security modules, expensive machines dedicated to store and manage keys. Intel SGX at the time of this writing provides a set of API in C/C++ language, and Fortanix and Baidu both released a third party API in Rust programming language. So if your machine supports Intel SGX, you can immediately start writing code that uses the enclave or even code that runs inside the enclave.

Smartkey is a key management as a service that exploits Intel SGX for running actual cryptographic operations. It also supports quorums, key rotation, access roles, and many other first class key management features. Visit https://support.smartkey.io/ for more information.

Comments

Post a Comment

Popular posts from this blog

The Sidetree Protocol

Blockchain scalability is a non-trivial problem, but there is now a promising strategy for scaling blockchain-based systems known as ‘Layer 2’ protocols, or L2s, for short (example: Bitcoin’s Lightning Network). L2s achieve scalability through deterministic processing and transaction schemes that take place ‘above’ the blockchain, with zero or minimal consensus requirements beyond small points of interaction with the underlying chain. For decentralized identity to become a reality, it requires a system that operates at massive scale, while still delivering on important features, such as deterministic state resolution and differential persistence. Using blockchains for anchoring and tracking unique, non-transferable, digital entities is a useful primitive, but the current strategies for doing so suffer from severely limited transactional performance constraints. Sidetree Entities is a Layer 2 protocol for anchoring and tracking entities across blockchains. Sidetree Enities, and nod...
Read more

On the IoT Exchange - DID integration

One of the challenges of introducing Decentralized Identifiers (DID) into Internet of Things (IoT) is the proprietary nature of the IoT ecosystem. Most IoT devices use proprietary technology. The ideal way of integrating DIDs is to put the keys and some cryptographic operations directly into the device. The assumption here is (1.) the manufacturer themselves can either generate and embed the keys from a secure or "offline" environment or (2.) manufacturer can embed cryptographic logic into the device and the device would generate the keys themselves, given that the device has enough power to execute the operations. If we are going create a service from DIDs and we do not have any access to the device manufacturing process, we may need to generate and maintain the keys elsewhere, but we need to make sure the pathway from that "elsewhere" to the device is _secure_, and how that secured pathway is implemented is *out* of the scope of this post. That "elsewher...
Read more