This is my final year project and I would like to give an introduction to the project through this post. The project is about building a Hardware secured, Root Key Manager for a Public Key infrastructure which operates off line. Root Key Manager is the system which provides keys to the top node(Root CA) of the PKI. The security of these keys are vital to maintain the trust of whole PKI. Therefore we need to secure the RKM in various ways. Currently there are systems which provides the functionality to some extent. But the problem with the available systems are, they cost huge amount of money and they aren't open to public since they are properitery. The Goal of this project is to built a system which is low cost and open for academia for further extentions and studying purposes. The project is supervised by Dr. Chandana Gamage.The initial system requirement- Access to the HSM-RKM must be controlled via a two-factor
authentication mechanism
- Should provide output of the HSM-RKM through a portable external
interface such as a USB-Flash-ROM memory device
- Generate the root key pair and securely store the private key
within the HSM-RKM and output the public key through the external
interface
- Generate a limited number of other key pairs and securely store
the private keys within the HSM-RKM and output the public keys
through the external interface
- Self-certify the root-key public key certificate
- Certify any other public key certificate input through the
external interface
- The HSM-RKM must be of suitable dimension and construction to be
securely stored in a safe
I'm going to use this post to comment on the progress and changes of the project work hereafter.
