<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix">Hi - comments inline<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 2/29/2024 2:50 PM, Andres Pavez
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:FEF4E843-41C9-4060-8433-5E0FEBA83F7A@iana.org">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
font-size:10.0pt;
font-family:"Courier New";}p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}ol
{margin-bottom:0in;}ul
{margin-bottom:0in;}</style>
<div class="WordSection1">
<p class="MsoNormal">Hi Mike,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thales Luna USB G7 HSM is a standalone
hardware cryptographic module. The cryptographic module is
contained in its own enclosure that provides physical
resistance and tamper-evidence. Any tampering that might
compromise a module's security is detectable by visual
inspection of the physical integrity of a module.<o:p></o:p></p>
<p class="MsoNormal">Within the plastic enclosure, a hard opaque
epoxy covers the circuitry of the cryptographic module.
Attempts to remove this epoxy will cause sufficient damage to
the cryptographic module so that it is rendered inoperable.</p>
</div>
</blockquote>
<p><font color="#0000ff">My ideal is that damage to the
cryptographic module renders the key material unrecoverable and
its unclear that 'inoperable module ' ~= 'unrecoverable key
material'. From the description of the module, I would assume
that the key material is stored in persistent flash or similar
storage. It appears from the HSM description that an unpowered
unit has no means to wipe its persistent storage.</font></p>
<p><font color="#0000ff">Most similar systems (e.g. smart cards) do
something like encrypting the keys under a PUF or a per device
generated global key, but its possible that, with enough
dollars, an attacker could either cause the device to emit the
key, or make the key usable in some fashion. <br>
</font></p>
<p><font color="#0000ff">Other HSMs in the same field (e.g. the Luna
K7) support the erasure of this key encryption key on tamper.
I'm kind of curious why you settled on this model rather than
something with a bit more active protection. Here's the public
policy document related to the L3 certification.
<a class="moz-txt-link-freetext" href="https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf">https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp4090.pdf</a>.
Note that both the USB version above and this K7 talk about L3 +
EFP. Interestingly, EFP means different things to different
modules. <br>
</font></p>
<p><font color="#0000ff">I did see the offhand comment about
batteries being a single point of failure in the document you
pointed to below... that was the single comment about active
tamper. I hope the actual decision document spent more time on
tamper than this.<br>
</font></p>
<blockquote type="cite"
cite="mid:FEF4E843-41C9-4060-8433-5E0FEBA83F7A@iana.org">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The module is designed to sense and respond
to out-of-range temperature conditions as well as out-of-range
voltage conditions. The temperature and voltage conditions are
monitored in the power-on state. If the module senses an
out-of-range temperature or over voltage, the module will
reset itself, clear all working memory and log the event.</p>
</div>
</blockquote>
<p><font color="#0000ff">This is generic fuzzing protection. It's
good, sort of mandatory to be taken serious, but not unique.
Credit cards have this. Unclear from the Luna HSM website if the
module will zeroize itself under certain conditions.</font></p>
<blockquote type="cite"
cite="mid:FEF4E843-41C9-4060-8433-5E0FEBA83F7A@iana.org">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The module is accessed directly (i.e.,
electrically) over the USB interface. It also has an LCD
touchscreen for displaying system status.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It has a small internal backup battery
(3.6V) that is only used to power the module's real-time
clock.</p>
</div>
</blockquote>
<p><font color="#0000ff">Let's say the battery gives out in 5
years. Does this have any effect on the signing process? Does
the RTC of the HSM module feed into the signature process?
What functionality of the HSM, if any, is affected by the
presence or failure of the RTC.?<br>
</font></p>
<blockquote type="cite"
cite="mid:FEF4E843-41C9-4060-8433-5E0FEBA83F7A@iana.org">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The HSM will be stored in a Secure
Transport Mode (STM). a random string and a fingerprint of the
internal state of the module is output from the module. The
fingerprint is a SHA2-256 digest of the random string, module
CSPs, firmware, module configuration information, and
non-volatile memory. Only the HSM Security Officer (SO)
credential can put the module into STM and take it out of STM.</p>
</div>
</blockquote>
<p><font color="#0000ff">When in SecureTransportMode - are any of
the keys super-encrypted? E.g. if it's stored in STM, is the
key internally in a form that does not require decryption by the
CO credentials? In other words, is this a policy wrapper to the
key material or a cryptographic wrapper? </font></p>
<p><font color="#0000ff">What happens if the CO credentials are lost
or stolen? Are they kept with or near the HSM?</font></p>
<blockquote type="cite"
cite="mid:FEF4E843-41C9-4060-8433-5E0FEBA83F7A@iana.org">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Additionally, the HSM will be stored in a
Tamper-Evident Bag (TEB) inside of the safe.</p>
</div>
</blockquote>
<p><font color="#0000ff">That's useful. Are the TEBs serialized?
How and where are the serials recorded and is that record
immutable? What is the process for verifying the non-tamper
status of the bag?</font></p>
<p><font color="#0000ff">Thanks for the previous answers -
unfortunately they prompted the above questions. <br>
</font></p>
<p><font color="#0000ff">I have read the document whose link you
provided below... </font><br>
</p>
<p><font color="#0000ff">Later, Mike</font></p>
<p><font color="#0000ff"><br>
</font></p>
<blockquote type="cite"
cite="mid:FEF4E843-41C9-4060-8433-5E0FEBA83F7A@iana.org">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">More information about the analysis of the
HSM selection can be found here <a
href="https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.icann.org/en/system/files/files/hardware-security-module-replacement-2024-28feb24-en.pdf</a>
<o:p></o:p></p>
<p class="MsoNormal">This goes into detail outlining the
differences between the FIPS security levels, tamper
monitoring levels, etc.</p>
</div>
</blockquote>
<blockquote type="cite"
cite="mid:FEF4E843-41C9-4060-8433-5E0FEBA83F7A@iana.org">
<div class="WordSection1">
<p class="MsoNormal"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Responding to your specific questions:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is there an internal battery?<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:-.25in;mso-list:l0 level1 lfo1">Only the
small internal backup battery (3.6V) is used to power the
module's real-time clock.<o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Is it replaceable?<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:-.25in;mso-list:l0 level1 lfo1">No<o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">How often does this USB HSM need to be
plugged into power to maintain the internal battery?<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:-.25in;mso-list:l0 level1 lfo1">Doesn't
have an internal battery to power the cryptographic module.<o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">What happens if you leave it in a safe for
a year - or alternately, how long can the unit remain
unplugged before it wipes its keys?<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:-.25in;mso-list:l0 level1 lfo1">The keys
will remain in the HSM as long the HSM is not tampered.<o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">What's the lifetime of the battery before
replacement?<o:p></o:p></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoListParagraph"
style="margin-left:-.25in;mso-list:l0 level1 lfo1">There is
no battery to power the cryptographic module that needs
replacement.<o:p></o:p></li>
</ul>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Best regards,<o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal">--<o:p></o:p></p>
<p class="MsoNormal">Andres Pavez<o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal">Cryptographic Key Manager<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">On 2/29/24,
10:21, "ksk-rollover on behalf of Michael StJohns via
ksk-rollover" <<a
href="mailto:ksk-rollover-bounces@icann.org"
moz-do-not-send="true" class="moz-txt-link-freetext">ksk-rollover-bounces@icann.org</a>
on behalf of <a href="mailto:ksk-rollover@icann.org"
moz-do-not-send="true" class="moz-txt-link-freetext">ksk-rollover@icann.org</a>>
wrote:<o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">Hi -<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">The product
brief for the Luna USB G7 doesn't provide a lot of data.
The previous HSM provided level four hardware protection -
e.g. a tamper perimeter and the ability to zeroize the keys
if someone tried to decap the thing. That's almost entirely
dependent on having a constant power source - usually a
three stage line/battery/capacitor model.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">On the PCI
cards, there's a Li ion battery - a rather large one - on
the card just in front of the tamper covered HSM engine.
See <a
href="https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm"
moz-do-not-send="true" class="moz-txt-link-freetext">https://thalesdocs.com/gphsm/luna/7/docs/pci/Content/install/pci_hw_install/battery_replace.htm</a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in">The older luna
USB HSM had a battery compartment - I can't see one on the
images I've been able to find of the current one. It was
also a most Level 2 device with L3 security.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">My questions are
these: Is there an internal battery? Is it replaceable? How
often does this USB HSM need to be plugged into power to
maintain the internal battery? What happens if you leave it
in a safe for a year - or alternately, how long can the unit
remain unplugged before it wipes its keys? What's the
lifetime of the battery before replacement?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in">Later, Mike<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
</div>
<p class="MsoNormal" style="margin-left:.5in"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-left:.5in">On 2/28/2024
7:20 PM, James Mitchell via ksk-rollover wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal" style="margin-left:.5in">ICANN has
announced the schedule to generate the next KSK.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">Generating a new
KSK restarts the process announced last year, which was
suspended after it was identified that a supplier of key
equipment used to store the KSK (known as a Hardware
Security Module, or HSM) would be exiting the business
during the expected lifespan of the new KSK.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">The next KSK
will be generated on new Thales Luna USB G7 HSMs.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">The announcement
and information regarding the new HSMs is published at <a
href="https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.icann.org/en/announcements/details/icann-to-generate-new-dns-cryptographic-key-at-april-2024-ceremony-28-02-2024-en</a>.<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">James Mitchell<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in">IANA<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"><br>
<br>
<o:p></o:p></p>
<pre style="margin-left:.5in">_______________________________________________<o:p></o:p></pre>
<pre style="margin-left:.5in">ksk-rollover mailing list<o:p></o:p></pre>
<pre style="margin-left:.5in"><a
href="mailto:ksk-rollover@icann.org" moz-do-not-send="true"
class="moz-txt-link-freetext">ksk-rollover@icann.org</a><o:p></o:p></pre>
<pre style="margin-left:.5in"><a
href="https://mm.icann.org/mailman/listinfo/ksk-rollover"
moz-do-not-send="true" class="moz-txt-link-freetext">https://mm.icann.org/mailman/listinfo/ksk-rollover</a><o:p></o:p></pre>
<pre style="margin-left:.5in"><o:p> </o:p></pre>
<pre style="margin-left:.5in">_______________________________________________<o:p></o:p></pre>
<pre style="margin-left:.5in">By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (<a
href="https://www.icann.org/privacy/policy"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.icann.org/privacy/policy</a>) and the website Terms of Service (<a
href="https://www.icann.org/privacy/tos"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.icann.org/privacy/tos</a>). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.<o:p></o:p></pre>
</blockquote>
<p style="margin-left:.5in"><o:p> </o:p></p>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>