7

I remember reading about the necessity of air gapping the CA computer (never connecting it to any network whatsoever, no USB dongles etc).

I am preparing for setting up a number of certificates (csr's for signing, client-sides certificates for client verification in Apache, WPA2 etc) and I wonder how do I actually air gap the computer. The main questions are:

  1. How do I keep the OS updated?
  2. How do I do the actual signing (i.e. transferring the csr's to the CA computer for signing and transferring the signed certificates back)?

I understand that using intermediate certificates can make my life somewhat easier, but I do not understand how - I still need to keep the intermediate certificates as safe as possible, don't I?

Pavel
  • 213
  • 1
  • 6
  • I've never actually done anything like this, but my _guesses_ are ​ ​ ​ 1. ​ You don't. ​ ​ ​ (... continued) ​ ​ ​ ​ ​ ​ ​ ​ –  Sep 24 '16 at 11:02
  • (continued ...) ​ ​ ​ ​ ​ ​ ​ 2. ​ ​ ​ In each case, you check the system time and update that if necessary. ​ For changes, you use an implementation that accepts [as input a pre-hashed value](http://security.stackexchange.com/a/68836/49075), and type in the has. ​ For normal operation (no changes), you simply have it sign the empty CRL. ​ In each case, you then photograph its display of the signature and use [OCR](https://en.wikipedia.org/wiki/Optical_character_recognition) or a [QR decoder](https://en.wikipedia.org/wiki/QR_code) or something similar. ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ ​ –  Sep 24 '16 at 11:02
  • For my previous comment, ​ ​ ​ "the has." ​ -> ​ "the hash." ​ . ​ ​ ​ ​ ​ ​ ​ ​ –  Sep 24 '16 at 20:33

3 Answers3

5
  1. All Windows updates are available as downloads that you can apply locally, similarly for Linux. Enterprise management tools can also be used to provide networked updates without needing to connect the CA machine to the Internet. You could temporarily connect to the local network with a Windows firewall rule that only allows a connection to the address of the management server.

  2. Intermediate Certificates act like the root cert but have a more limited scope. So you can create a set of intermediate certs for specific signing purposes and with short expiry dates to limit the impact of them being compromised. Yes, you still need to keep the intermediate certs secure but the impact of compromise is a lot less if done correctly.

    If you need to create a new Intermediate certificate, you do so on the CA machine with clean USB stick or similar.

    Clearly, you will understand that you must keep the CA machine physically secured. It should be in a secured cabinet in a secured room. Access to the machine must be tightly controlled and all access carefully recorded.


UPDATE: Someone else mentioned using a hardware encryption module (HSM). Certainly this would also improve security on the CA machine making it much harder to compromise the keys and is highly recommended. I should have included that before.

Julian Knight
  • 7,102
  • 18
  • 23
  • Who said anything about Windows? – Alexander O'Mara Sep 24 '16 at 16:32
  • I've updated the answer. – Julian Knight Sep 24 '16 at 17:17
  • If you just say "harder to compromise the keys" you have not understand what a HSM can do security-wise. A good HSM (which is basically any professionally made smartcard/PKI/module that have zeroization cababilities) makes it impossible to compromise the keys. Yes, a HSM still allows a unauthorized process or individual to send something to the HSM for signing, but that can be prevented by requiring a physical button press. But that doesn't mean the CA certificate is compromised, it just means that a fraudulent certificate was issued, which can easily be revoked again. – sebastian nielsen Sep 25 '16 at 12:24
  • Not misunderstood, just a rushed update with some loose wording. "Harder" in that if you don't correctly secure the machine physically, it is still possible to do things you don't want people to do such as issue intermediate CA's. While such actions should be logged, it is all too common for logs to not be reviewed very often. The best and most secure hardware & software is most commonly compromised by people & process. – Julian Knight Sep 25 '16 at 16:45
  • The 'offline' updates qualify for me well, since for me a burned CD, although it may be infected with a virus etc, is not that much of a threat as, say, a usb stick (mainly in not being reusable and a read-only medium on the air gapped machine). – Pavel Sep 26 '16 at 09:55
  • A Fair comment. – Julian Knight Sep 26 '16 at 14:15
5

If you are really, really, really serious about this, then:

  1. You don't. In the very unlikely event that you feel the need for an update, you do a fresh re-install from a burned CD/DVD.
  2. Any data must be transferred manually. You can read from one screen and type on another computer, you might consider QR-Codes that you can print and scan. As there's not that much data that needs to be moved around, this can be done.
Thomas
  • 498
  • 2
  • 6
  • "unlikely event"? Have you seen the number of security updates for all OS's and software? – Julian Knight Sep 25 '16 at 16:47
  • 3
    I seriously doubt that a significant number of those updates is relevant for an air-gapped system that is only used for handling certificates. – Thomas Sep 25 '16 at 16:59
  • Well there have been a number related to code issues in certificate/key generation code over the last few years and you are also making assumptions about the physical security of the CA machine. I've seen CA machines that haven't been updated for years and it can be a real mess when something goes wrong. – Julian Knight Sep 25 '16 at 17:32
  • 1
    I like the idea about QR codes, that way the system can be actually air gapped and still used for its purpose. – Pavel Sep 26 '16 at 09:50
0

There is a solution so you can avoid this airgapping and the risks/difficulties with it, but still achieve the same security.

What you want to protect against, is compromise of the CA private key. If the CA private key gets compromised, you are screwed and need to replace the CA. But for a client-auth CA, it doesn't really matter if a malware manages to achieve a signature, since you can easily revoke that cert later on.

This security can be obtained by storing the private key on a secure device, called "HSM". Theres many devices that have the security features of a HSM, but one I would recommend is the Yubikey 4.

The good thing with Yubikey 4 is that it can be set to require a physical button press prior to signing something, which would also prevent malware from ever misusing the signatures.

What you want to have, is a security-approved device such as the private key never touches the insecure device (the computer).

You can also use Smart Cards, USB PKI sticks and similiar devices as a HSM.

The good thing with having a small device that acts as the signer and stores the private key, is that the device can easily be physically secured by simply locking it into a safe or bank depoist box.

sebastian nielsen
  • 8,799
  • 1
  • 19
  • 33
  • 2
    While hardware devices such as the Yubikey may be useful, it is definitely a stretch to say that they "prevent malware from ever misusing the signatures". Even assuming that the hardware key is 100% secure, it won't be too difficult for malware to get the key out of the linked software when it is being used for signing. – March Ho Sep 25 '16 at 11:08
  • @MarchHo - thats impossible. The software sends the certificate to be signed to the yubikey, and then gets the signature back. You can never extract the private key, not even with physical access to the Yubikey. This providing the Yk4 key is used that has signing capabilities. What I meant with "malware misuing the signature" is that a malware sends a fraudulent certificate to the YK to sign. But as a physical button press is required, the virus can't reach outside the computer and press the button. – sebastian nielsen Sep 25 '16 at 12:15
  • I think you completely misunderstand what I am saying. The software that you are using to issue the signature to the key can be compromised and used to obtain arbitrary signatures at the same time you are using it. Once your computer is compromised, **you should abandon any hopes of security**. And this is assuming that the Yubikey is 100% secure, which we all know is a nontrivial assumption. – March Ho Sep 25 '16 at 12:28
  • @MarchHo - Thats why you set it (at the time of key generation - this step is critical and should be performed on a guranteed clean computer) to require a physical button press for each signature. The malware can send data to be signed to the yubikey until the cows come home, it won't emit a single signature unless someone is physically present and push the button. – sebastian nielsen Sep 25 '16 at 12:31