Building a threshold cryptographic distributed HSM with docker containers

Abstract

The Domain Name System (DNS) has evolved to support the exponential growth of the Internet, by relying heavily on a highly distributed infrastructure. Nevertheless, trust between server must exist in order to guarantee correct functioning of the system, which is prone to attacks and errors. The Domain Name System Security Extensions (DNSSEC) is the current extension of the DNS system to provide security constrains to the query process. DNSSEC key management main impact on DNS operation has been the use of a monolithic equipment: Hardware Security Modules. A Hardware Security Module (HSM) is a specialized hardware designed to protect keys against logical and physical tampering or extraction, while providing secure mechanisms to employ those keys in cryptographic operations without ever exposing sensitive material. Unfortunately, the high costs of most HSMs make them a reasonable solution only for large corporations. Even then, there is the risk of failures; provisions must then be taken to replace or recover failed HSMs, further increasing the overall cost of this technology. We have presented a distributed signer system based on threshold cryptography, called Poor Man’s Hardware Security Module (pmHSM), which provides the signature components of an HSM over inexpensive commodity hardware to support the operational signing workflow of DNSSEC. We did test our virtual pmHSM by using it to support the operational signing workflow of DNSSEC. Nevertheless, our solution did not used all the capabilities of the PKCS11 API and it had a single point of failure. Thus, we changed pmHSM’s architecture moving part of it services to the client side and isolating the signer, replacing the previous compile-creation version of the distributed signers for self-contained and easy to configure containers. With this change, we aim to build a system more extensible, usable, and more configurable to the users needs.