In the second episode of the Star Wars franchise, Attack of the Clones, the Galactic Republic breeds a massive army of clone troopers to fight separatist forces. However, a compromised identity template is used to program the clones, and makes them later turn against their Jedi masters and the Republic. In the real world today, organizations use growing armies of machines for efficiency, productivity, agility and speed. Machines, including smart devices and applications, increasingly manage critical enterprise systems and data. Without a way to assign trusted identities, the legitimacy of machines and the integrity of the data they process cannot be validated, creating serious threats for organizations.
In this blog, and in an accompanying one by Paul Cleary from Venafi, titled “Identity Wars: Episode I – The Phantom Menace,” we explore the challenges that organizations face when orchestrating machine identities and how to mitigate risks.
Trusted identities
People and machines make up enterprise systems. To ensure trust, both must have trusted identities. People typically employ usernames, passwords, and tokens to identify themselves when seeking access to systems. Machines use keys and digital certificates. However, it is not difficult to forge or clone identities and enable rogue users and machines to impersonate their legitimate counterparts.
While for years organizations have spent millions protecting user (people) identities, they spend only a fraction protecting the identities of machines, even though they significantly outnumber people in the make-up of today’s enterprise systems. With the number of connected machines rapidly growing, organizations require automated life cycle orchestration of keys and certificates to establish machine identities. As demand for these identities increases, enterprises need tools to enable the secure orchestration of the keys and certificates throughout their lifecycles.
Attack scenarios
As enterprises embrace digital transformation and its innovative services through the deployment of interconnected Internet of things (IoT) machines, they quickly recognize the need to orchestrate an exponentially growing volume of machine identities. Securing this process is the first step in ensuring that devices and applications are authentic and authorized to be part of the ecosystems delivering new services. Interconnected and distributed ecosystems have also increased the number of attack vectors that can be exploited. These may compromise not only machine identities, but also the software and firmware that run in these machines. To safeguard from these vulnerabilities, and protect the confidentiality and integrity of the data that machines collect, organizations face an increasing need for robust cryptographic keys and key protection across the enterprise.
Keys that are generated and stored in software can be susceptible to file and memory scraping, and can be subject to side-channel attacks that exploit the inherent internal operation of the systems. When enterprises orchestrate their SSL/TLS certificates and SSH keys—as well as their code signing, mobile and IoT certificates—it is critical that these keys be produced with high entropy random number generators, and that they be given the strongest protection throughout their lifecycle.
Root of trust
Keys and certificates underpin the security of cryptographic systems. A compromised signing key can enable an attacker to issue rogue certificates to users and machines that would appear—and be validated—as being legitimate. For this reason, keys establish the root of trust, and protecting them is fundamental.
Generating keys in a hardware security module (HSM) addresses these risks by producing strong FIPS-compliant signing keys with maximum entropy, using random number generation and secure hardware protection. HSMs are specialized, hardened devices designed especially for the purpose of generating and protecting underpinning cryptographic keys.
Way forward
Just as the Republic needed to trust the identities of its clones, organizations today need to trust the identities of increasing numbers of machines conducting critical business. Venafi and Entrust have joined forces to help address the machine identity protection challenge. Venafi’s fast, automated orchestration of machine identities leverages the strong hardware-based security provided by Entrust nShield HSMs. The Venafi Trust Protection Platform delivers key and certificate orchestration with key pairs securely maintained by the Entrust nShield HSM, deployed on-premises or as a service. With enforced security policies and workflow controls, customers improve their security posture, maximize availability, increased efficiencies, and ensure compliance. The integrated solution ensures the trustworthiness of critical systems and secures the data upon which enterprises depend.
To learn more, download our solution brief and stay tuned for more episodes of this saga. In the next blog series, we will explore security considerations for producers and consumers of machine identities.