Tuesday, February 03, 2009

Building a HSM_RKM for PKI

This is my final year project and I would like to give an introduction to the project through this post. The project is about building a Hardware secured, Root Key Manager for a Public Key infrastructure which operates off line. Root Key Manager is the system which provides keys to the top node(Root CA) of the PKI. The security of these keys are vital to maintain the trust of whole PKI. Therefore we need to secure the RKM in various ways. Currently there are systems which provides the functionality to some extent. But the problem with the available systems are, they cost huge amount of money and they aren't open to public since they are properitery. The Goal of this project is to built a system which is low cost and open for academia for further extentions and studying purposes. The project is supervised by Dr. Chandana Gamage.

The initial system requirement
  • Access to the HSM-RKM must be controlled via a two-factor
    authentication mechanism
  • Should provide output of the HSM-RKM through a portable external
    interface such as a USB-Flash-ROM memory device
  • Generate the root key pair and securely store the private key
    within the HSM-RKM and output the public key through the external
  • Generate a limited number of other key pairs and securely store
    the private keys within the HSM-RKM and output the public keys
    through the external interface
  • Self-certify the root-key public key certificate
  • Certify any other public key certificate input through the
    external interface
  • The HSM-RKM must be of suitable dimension and construction to be
    securely stored in a safe
I'm going to use this post to comment on the progress and changes of the project work hereafter.