Entrust nShield Security Manual
  1. Manuals
  2. Brands
  3. Entrust Manuals
  4. Security System
  5. nShield
  6. Security manual

Entrust nShield Security Manual

Hide thumbs Also See for nShield:
Table of Contents

Advertisement

Quick Links

Download this manual
nShield®
Security Manual
12.80
17 Nov 2021

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the nShield and is the answer not in the manual?

Questions and answers

Related Manuals for Entrust nShield

Summary of Contents for Entrust nShield

  • Page 1 Security Manual 12.80 17 Nov 2021...

  • Page 2: Table Of Contents

      ......5.5. Configuring the nShield Connect to use a client   ..........
  • Page 3 ....... . . 8.3. nShield Solo XC physical security controls  ...
  • Page 4 ......... 12.1. nShield Connect and nShield Solo  ...

  • Page 5: Introduction

    This guide provides advice to you on the secure operation of the product. It identifies procedural measures that should be deployed to support the secure operation of the nShield. The guidance should be used in the development of your Security Operating Procedures for your systems incorporating the nShield.

  • Page 6: Product Selection

    User Guides documents provide guidance on how to implement the controls discussed in this Manual. 1.6. Related documents • nShield Solo, nShield Solo XC and nShield Edge User Guide (specific to the operating environment: Linux and Windows) nShield® Security Manual...

  • Page 7: Reference Documents

    • nShield Connect User Guide (specific to the operating environment: Linux and Windows) • CodeSafe Developer Guide • nShield Connect Physical Security Checklist • nShield Connect XC Installation Guide • nShield Edge Installation Guide • nShield Connect Installation Guide • nShield nToken Installation Guide •...

  • Page 8: Supply And Transportation

    • nShield Solo and nShield Solo XC: Examine the epoxy resin security coating (after removing the metal lid on nShield Solo XC) of the module for obvious signs of damage. • Smart card reader: Examine the smartcard reader for signs of tamper and ensure it is directly plugged into the module or into the port provided by any appliance in which the module is integrated and the cable has not been tampered with.
  • Page 9 Physical Security. Review the nShield Connect’s tamper log for tamper alerts. • See Physical Security for further guidance on the management of physical mechanisms provided to protect the product. If a tamper is suspected then the unit must be quarantined to investigate the incident.

  • Page 10: Environment

    3. Environment 3.1. HSM function and architecture The nShield HSMs perform encryption, digital signing and key management on behalf of an extensive range of commercial and custom-built applications including Public Key Infrastructures (PKIs), identity management systems, application-level encryption and tokenization, SSL/TLS, and code signing.

  • Page 11: Hsm Environment Controls

    FIPS 140-2 Level 2 and 3 approved. The nShield HSM is used to protect sensitive keys, data and optionally applications. It can only operate securely if its environment provides the procedural security that it requires and if its security enforcing functions are utilized appropriately.
  • Page 12 The HSMs must be protected with surge protection equipment. To keep track of the nShield HSM and any card readers in your environment and aid any investigation in the event of loss, an asset id should be assigned to the product and a record of the nShield HSM and any card readers description, serial number and location be entered against the asset id in an asset register.

  • Page 13: Commissioning

    4. Commissioning The commissioning process covers installing and configuring an nShield HSM for live operation. The commissioning process must be conducted by authorized individuals in a secure environment as described in HSM environment controls. 4.1. Preparation Prior to commissioning: • Perform a threat analysis of your deployment environment or use an existing threat analysis.

  • Page 14: Hardware

    HSM for more information about checking and changing the mode of an HSM. You can set the physical mode override jumper switch on the circuit board of the nShield Solo to the ON position, to prevent accidental operation of the Mode switch. If this override jumper switch is on, the nShield Solo ignores the position of the Mode switch.
  • Page 15 Information Base (MIB) with any community string. There is no default write access to any part of the MIB. The few Object Identifiers (OIDs) in the nShield MIB that are writable (should write access be enabled) specify ephemerally how the SNMP agent presents certain information.

  • Page 16: Date And Time

    4.5.2. Set the nShield Connect date and time Set the nShield Connect date and time using an accurate trusted local time source as part of the commissioning process. This must be set as early in the commissioning process as possible.

  • Page 17: Nshield Connect And Client Configuration

    (this is the default setting). 4.6.1.1. IPv6 Compliance A sub-menu in the nShield Connect front panel menu permits you to select an IPv6 compliance mode for an nShield Connect. Compliance with USGv6 or IPv6 ready can be selected.
  • Page 18 Impath resilience that are specific to the nShield Connect. By default Impath resilience is turned on with a timeout of 1 week. This enables clients to reconnect in the event of network errors.
  • Page 19 Connect. It is strongly recommended that the utility is used with the ESN and HKNETI options filled in. This content must be obtained from the nShield Connect’s nethsmenroll front panel.
  • Page 20 IP address being spoofed by an attacker. 4.6.8. Configuring the serial console The serial console on the nShield Connect is enabled by default and can be disabled from the front panel. Regardless of the serial console being enabled or disabled, factory resetting an nShield Connect will re-enable the serial console.

  • Page 21: Logging And Debugging

    Please see the User Guides for information on how to operate these functions. 4.7.1. Set up logging Once the time has been set, your logging requirements should be identified and implemented. Logs are available on nShield platforms: Type of Log Purpose and configuration nToken Edge...
  • Page 22 4.7.2. Audit Log Only the Audit Log originates in the nShield Solo HSM (including the nShield Solo HSM nShield® Security Manual 22 of 90...
  • Page 23 User Guide for your HSM for further information on Audit Logging Verification. • Prior to shutting down the nShield Connect, a delay of at least 17 minutes should be made after the final log messages has been dispatched to the SIEM to ensure that the outstanding integrity verification message for those log messages is dispatched.

  • Page 24: Configure Access Control

    4.7.5. nToken, nShield Edge and nShield Solo hardserver logs For nToken, nShield Edge and nShield Solo products the hardserver logs are stored in the associated host platform and do not have an integrity mechanism applied to the logs.

  • Page 25: Configure Security World

    Security World options are highly configurable at the time of creation but, so that they will remain secure, not afterwards. For this reason, we recommend that you familiarize yourself with Security World options, especially those required by your particular nShield® Security Manual 25 of 90...

  • Page 26: Remote Services

    4.10. Remote services 4.10.1. Remote Administration Service (RAS) To use Remote Administration with nShield Connects, the RAS must be installed on a client, which may also be the RFS. The client must allow privileged connections. To use Remote Administration with nShield Solo(s), the RAS must be installed on the host where the hardserver and nShield Solo(s) reside.

  • Page 27: See

    SEE machine. See the CodeSafe Developer Guide for more details. 4.11.1. Security World SEE options You must configure SEE options if you are using the nShield SEE. If you do not have SEE installed, the SEE options are not applicable.
  • Page 28 However, in FIPS Level 2 and Level 3 Security Worlds an option is available during Security World initialization to control access to RTC operations by means of an ACS. A threat analysis can determine if access to the RTC requires ACS authorization. nShield® Security Manual 28 of 90...

  • Page 29: Access Control

    ACS. 5.1.2. Application key access control The Security World and nShield HSM provide the facility for different levels of application key protection. There are three levels of application key protection: • Module protection ◦...
  • Page 30 HSM (or connected to an nShield Connect) which is initialized with the same Security World that was used to create these keys.

  • Page 31: Security World Access Control Guidance

    NSO-timeout. The NSO-timeout is the maximum time that can elapse between ACS quorum authorization, and reauthorization being required. This is only normally relevant when the last administrator card of the nShield® Security Manual 31 of 90...
  • Page 32 The setting of this value will depend on the administrative tasks that the ACS quorum will authorize to be performed in the Security World, and the results of the threat analysis for the nShield administrators/ACS quorum. The following is general guidance for NSO-timeout setting. Refer to your own security policy to determine what value is acceptable: •...
  • Page 33 If this option is selected then access to application keys is protected by a softcard logical token and an associated pass phrase. The password policy used in accessing the softcards should be stated in the customer’s Security Procedures. See Logical token pass nShield® Security Manual 33 of 90...
  • Page 34 The warning message can only be enabled during Security World creation. The process for managing forgotten pass phrases should be set out in your security procedures. The lifecycle for pass phrases will be determined by your threat analysis and the resulting Security Policy. nShield® Security Manual 34 of 90...
  • Page 35 This is disabled by default during Security World recreation. Lost or damaged cards should be replaced as you discover the loss or damage to prevent a potential scenario where a quorum of cards are not available to authorize operations. nShield® Security Manual 35 of 90...
  • Page 36 HSM. The keys protected by this card are removed from the memory of the HSM as soon as the card is removed from the smart card reader. This mode is more secure as the user directly controls key usage.

  • Page 37: Application Keys

    OCS. 5.3. Application keys When you generate an nShield key (or create it from imported key material), that key is associated with an Access Control List (ACL). This ACL prevents the key from being used for operations for which it is unsuited, and can enforce requirements that certain tokens be presented, before the key can be accessed.

  • Page 38: Nshield Connect Front Panel

    • Specific parameters used for the wrapping/de-encapsulation mechanism. 5.4. nShield Connect front panel In the case of the nShield Connect, HSM configuration can occur through the front panel. You can control access to the menus on the unit and the Power button on the front panel by using System >...

  • Page 39: Role Holder Lifecycle Guidance

    5.6.1.2. Linux user privileges Maintaining the integrity of your system against deliberate or accidental acts can be enhanced by appropriate use of (OS) user privileges. There are three levels of user: • Superuser nShield® Security Manual 39 of 90...
  • Page 40 Remote Administration Cards can only be supplied by  Entrust. • Never insert a smart card used with nShield HSMs into a smart card reader you do not trust • Never connect a smart card reader you do not trust into your HSM •...
  • Page 41 • Use a strong pass phrase, see Logical token pass phrase guidance. nShield® Security Manual 41 of 90...

  • Page 42: Operation

    Installation Guide with any available patches should be installed. 6.2. Set the RTC time Set the nShield Edge, nShield Solo and nShield Connect RTC using an accurate trusted local time source at regular intervals to mitigate any clock drift.
  • Page 43 OCS are vulnerable. Therefore, a threat analysis should identify the additional logical and physical controls required to protect the loss of one card. nShield® Security Manual 43 of 90...

  • Page 44: Nvram Key Storage

    6.5. RFS – configuring auto push The auto push feature allows updating nShield Connect’s configuration remotely, that is, without access to the front panel of the nShield Connect. Therefore, anyone with access cfg- to the designated client can change the nShield Connect configuration using the pushnethsm utility.

  • Page 45: Preload Utility

    • Malicious insider threat: A privileged user of the client platform is untrusted, and could bypass security controls that may lead to compromising the security of other users on that client platform. nShield® Security Manual 45 of 90...

  • Page 46: Discarding Keys

    6.12. Replacing the ACS Replacing the ACS modifies the world file. In order to use the new ACS on other machines in the Security World, you must copy the updated world file to all the machines nShield® Security Manual 46 of 90...

  • Page 47: Firmware Upgrade

    NVRAM-backup utility to backup your data first. 6.14. Enabling and disabling remote upgrade You can enable or disable the ability to remotely upgrade an nShield Connect. If remote upgrade is not required this option must be disabled.
  • Page 48 It should also be noted that during the procedure of migrating keys to a v3 Security World, when the migrated keys are outside the nShield HSM’s protected boundary, these keys are always encrypted with keys of >112 bits security strength.

  • Page 49: Key Management

    FIPS 140-2 Level 3 (FIPS DLf3072s256mAEScSP8 128 bits approved mode 00131Ar1 enforced) Unrestricted (default) DLf3072s256mAEScSP8 No (see note 1) 128 bits 00131Ar1 Common Criteria CMTS DLf3072s256mAEScSP8 128 bits (see note 2) 00131Ar1 nShield® Security Manual 49 of 90...
  • Page 50 Therefore, the industry standard minimum security strength is considered to be 112 bits today. nShield® Security Manual 50 of 90...

  • Page 51: Application Keys Algorithms And Key Sizes

     (as this will select a 3072 bit DSA KML). See Configuring a client to communicate with an nShield Connect for details. 7.3. Application keys algorithms and key sizes Depending on the application library used, a range of cryptographic algorithms are available for selection.

  • Page 52: Generating Random Numbers And Keys

    World. 7.5. Generating random numbers and keys The nShield HSM includes a certified random number generator that uses a hardware based source of entropy. This provides greater security than a random number generator that uses a non-hardware based source of entropy that is typically provided by general purpose computers.

  • Page 53: Key Import

    In terms of cryptoperiods (see above) keys that have reached the end of the cryptoperiod and therefore no longer exist on the nShield HSM may still exist on backups. If feasible then the backup data should also be deleted. However, if the backups have to be maintained for operational, resilience, or audit reasons, then ensure that the relevant procedural controls are implemented to mitigate attacks on retired keys.

  • Page 54: Nshield Pkcs #11 Library

    Security configuration guidance for using unlimited strength JCE jurisdiction policy files and the correct preference order for nShield in the Java security configuration file is provided in-situ in the User Guide. See the Installing the nShield JCA/JCE CSP in the User Guide for your HSM for details.
  • Page 55 Key security sections in the User Guide for your HSM for details. 7.10.3. nShield PKCS #11 library environment variables Security configuration guidance for various variables is provided in-situ in the User Guide. See the nShield PKCS 11 library environment variables_ section in the User Guide for your HSM for details. nShield® Security Manual...

  • Page 56: Physical Security

    The nShield Solo+ uses Tamper Resistance and Tamper Evident physical security controls to protect sensitive security parameters within the unit: The nShield Solo+ card is covered in an epoxy encapsulant to resist and provide evidence of tamper attempts. Tamper inspection for procedural control guidance required to maintain and manage tamper evident security controls.

  • Page 57: Nshield Solo Xc Physical Security Controls

    If the source of the tamper cannot be discovered, then the HSM should be considered to be in a compromised state and will have to either be destroyed or returned to Entrust for secure destruction. See Decommission and Disposal for further information.

  • Page 58: Nshield Connect Physical Security Controls

    There is a removable lid on top of the nShield Connect, protected by the security seal and tamper detection switches. To prevent the insertion of objects into the nShield Connect, tamper resistant baffles are placed behind vents.
  • Page 59 Movements/vibrations, or replacing the fan tray module or a PSU, does not activate the tamper detection functionality. 8.4.1.1. nShield Connect lid is closed If the nShield Connect is powered, a tamper event has occurred, and the lid is closed, the following message is displayed on screen: ** TAMPER DETECTED ** Consult User Guide.
  • Page 60 8.4.1.2. nShield Connect lid is open If the nShield Connect is powered, a tamper event has occurred, and the lid is open, the following message is displayed on screen: ** TAMPER DETECTED ** Unit lid is open...
  • Page 61 For information about the appearance of intact and damaged security seals, see the Physical Security Checklist. 2. Check that the metal lid remains flush with the nShield Connect chassis. Metal lid in the correct position: Metal lid in an incorrect position (pulled back): nShield®...
  • Page 62 3. Check all surfaces — the top, bottom and sides of the nShield Connect — for signs of physical damage. 4. Check that there are no signs of physical damage to the vents, including attempts to insert objects into the vents.

  • Page 63: Nshield Card Readers

    3. You are asked to confirm the change. Press the right-hand navigation button again. Tamper responsiveness is disabled and the unit is reset to a factory state. To restore the key data and reconnect the nShield Connect to the network you must present a quorum of the ACS.

  • Page 64: Audit

    Guidance on how to respond to a missing ACS and OCS cards can be found in Security Incident and Response. 9.3. Logs Logging and debugging identifies the types of log available across the different nShield nShield® Security Manual 64 of 90...

  • Page 65: Audit Logging

    The Auditor should inspect the logs to: • Identify missing logs • Verify the integrity of logs up to the trusted root • Identify log entries that are a cause for concern. nShield® Security Manual 65 of 90...

  • Page 66: Audit Logging Time

    Connect clock and RTC. If NTP is enabled then the nShield Connect clock will synchronize to that. Both clock times will appear in the Audit Log and in other logs listed Logging and debugging.

  • Page 67: Support And Maintenance

    • The PSUs • The fan tray module. Replacing a PSU or fan tray module does not affect FIPS 140-2 validations for the nShield Connect, or result in a tamper event. However, in the very rare event that a PSU or fan tray module requires replacement, contact Support before carrying out the replacement procedure.

  • Page 68: Solo Xc Fan And Battery Maintenance

    For more information about replacing either a PSU or the fan tray module, see the Installation Sheet that accompanies the replacement part or the Physical Security chapter of the Connect User Guide. Breaking the security seal or dismantling the nShield Connect voids  your warranty cover, and any existing maintenance and support agreements.

  • Page 69: Troubleshooting

    10.6. Troubleshooting In the event of problems with the nShield HSM refer to either: • The Troubleshooting chapter in the Connect Installation Guide and the Logging, debugging and diagnostics appendix in the Connect User Guide. • The Checking the installation and the Status indicators chapters in the Solo Installation Guide and the Logging, debugging and diagnostics appendix in the Solo User Guide.

  • Page 70: Security Incident And Response

    • Triggering of tamper evident or response functions in the HSM • Physical non availability of HSM, card reader, card sets, client application, %NFAST_KMDATA% folder contents, nShield Connect config file, SIEM collector data, backup data • Logical non availability of HSM, card reader, card sets, client application,...

  • Page 71: Security Incident Impact And Response

    Note that erasing the ACS will prevent a lost/stolen backup being reloaded on to a new HSM. 11.3.2. Compromised Key or Secret: Attacker has subverted memory of Impact Application key is compromised and must not be used: • OCS protected application keys nShield® Security Manual 71 of 90...
  • Page 72 Create replacement application keys under new softcards. 11.3.4. Compromised Key or Secret: A quorum of OCS cards is compromised Compromise Type Lost or stolen Impact The application keys protected by the OCS are under the control of the attacker nShield® Security Manual 72 of 90...
  • Page 73 If the ACS cards are subsequently recovered they should be either erased or destroyed. Create replacement application keys. 11.3.6. Compromised Key or Secret: Soft KNETI Compromise Type Attacker has subverted client memory Impact KNETI is compromised and must not be used nShield® Security Manual 73 of 90...
  • Page 74 • On Windows, it is stored in: C:\ProgramData\nCipher\Key Management Data\hardserver.d\. • On Linux, is stored in /opt/nfast/kmdata/hardserver.d/. Destroy the nToken as its integrity can no longer be guaranteed. Configure a new nToken to communicate with an nShield Connect. nShield® Security Manual 74 of 90...
  • Page 75 Connect. Destroy the nShield Connect as its integrity can no longer be guaranteed. Configure a new nShield Connect to communicate with a client. 11.3.9. Compromised Key or Secret: Soft KNETI...

  • Page 76: Deleting A Security World

    You can re-initialise an HSM to use a new Security World if, for example, you believe that your existing Security World has been compromised. This must be done for all HSMs that hosted the old Security World, however: nShield® Security Manual 76 of 90...

  • Page 77: Module Failure

    You must reformat, reuse or destroy the smart cards from a deleted Security World’s ACS. If these cards are not overwritten or destroyed, then an attacker with these smart cards, a copy of your data (for example, a weekly backup) and access to any nShield HSM can access your old keys.

  • Page 78: Decommission And Disposal

    5. Entrust will accept the return of decommissioned HSMs for secure destruction. 12.1.1. Recycling and disposal information For recycling and disposal guidance, see the nShield product’s Warnings and Cautions documentation. nShield® Security Manual 78 of 90...
  • Page 79 (for example, a weekly backup) and access to any nShield HSM can access your old keys. • The OCS can only be erased on the Security World that it was created for. Therefore, ensure that the OCS is erased as a final step before the HSM is decommissioned.

  • Page 80: Appendix A: Abbreviations

    Intrusion Prevention System IPvX Internet Protocol version (where X is the version number) JCA/JCE Java Cryptography Architecture/ Java Cryptography Extension Cryptographic Service Provider Light Emitting Diode NIST National Institute of Standards and Technology Network Time Protocol nShield® Security Manual 80 of 90...
  • Page 81 Secure Execution Engine SIEM Security Information and Event Management SNMP Simple Network Management Protocol Secure Shell Trusted Verification Device User Interface Universal Serial Bus Virtual Private Network WEEE Waste Electrical and Electronic Equipment   nShield® Security Manual 81 of 90...

  • Page 82: Appendix B: Glossary

    Security World keys, including , the key-recovery key, and the recovery authorization keys. Each card contains one share from each token. The ACS is created using the well-known module key so that it can be loaded onto any nShield module. See also Security...
  • Page 83 (DSA) is a digital signature mechanism approved by NIST for use with US Government messages that are Secure but not Classified. The implementation of the DSA used by nShield modules has been validated by NIST as complying with FIPS 186.
  • Page 84 Edwards-curve DSA; a Digital Signature Algorithm (DSA) which uses a variant of Schnorr Signature based on Twisted Edwards curves. nShield software supports the Edwards 25519 curve and its prehash variant, Ed25519ph. The context variant, Ed25519ctx, is not supported. Keys generated using the Ed25519 algorithm can be used for both Ed25519 and Ed25519ph signature operations.
  • Page 85 This notation indicates a fixed length result that can be obtained from a variable length input and that can be used to identify the input without revealing any other information about it. The nShield module uses the Secure Hash Algorithm (SHA-1) for its internal security.
  • Page 86 Logical token: K A logical token is a key used to protect key blobs. A logical token is generated on the nShield module and never revealed, except as shares. MAC: MAC This notation indicates a MAC (Message Authentication Code) created using key KC.
  • Page 87 Smart cards that are capable of negotiating cryptographically secure connections with an HSM, using warrants as the root of trust. nShield Remote Administration Cards can also be used in the local slot of an HSM if required. You must use nShield Remote Administration Cards with Remote Administration.
  • Page 88 The remote access solution, such as SSH or a remote desktop application, which is used as standard by your organization. Enables you to carry out Security World administrative tasks from a different location to that of an nShield Connect or nShield Solo.
  • Page 89 Enables secure communications between an nShield Remote Administration Card and the hardserver that is connected to the appropriate HSM. Listens for incoming connection requests from nShield Remote Administration Clients. Supplies a list of available HSMs to the nShield Remote Administration Client and maintains an association between the relevant card reader and the HSM.
  • Page 90 Standard nShield Cards Smart cards used in the local slot of an HSM. Standard nShield cards are not supported for use with Remote Administration. Tamper Resistance Hardening a device so that tamper attempts are more difficult (require specialized tools and take more time, e.g. potting and using hardened containers).

Table of Contents